lockergoga | 1da6dea81ae8eae277897e88400a8985e400972784a1106134766750b96ec161

Analysis

max time kernel
60s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
03/05/2022, 09:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LockerGoga.exe
Size

1.2MB
MD5

e11502659f6b5c5bd9f78f534bc38fea
SHA1

b5fd5c913de8cbb8565d3c7c67c0fbaa4090122b
SHA256

c97d9bbc80b573bdeeda3812f4d00e5183493dd0d5805e2508728f65977dda15
SHA512

86c8d4556c9e0b7d60ccbfee430eb322388449506ab515549cb8d2785582671f2dc2d2a3bd9daded9853caa8bf94d9f92603a3bc527172a85dc7a83d701f7fd0

Score

10^/10

lockergoga banker ransomware trojan

Malware Config

Extracted

Path

C:\Users\Public\Desktop\README_LOCKED.txt

Ransom Note

Greetings! There was a significant flaw in the security system of your company. You should be thankful that the flaw was exploited by serious people and not some rookies. They would have damaged all of your data by mistake or for fun. Your files are encrypted with the strongest military algorithms RSA4096 and AES-256. Without our special decoder it is impossible to restore the data. Attempts to restore your data with third party software as Photorec, RannohDecryptor etc. will lead to irreversible destruction of your data. To confirm our honest intentions. Send us 2-3 different random files and you will get them decrypted. It can be from different computers on your network to be sure that our decoder decrypts everything. Sample files we unlock for free (files should not be related to any kind of backups). We exclusively have decryption software for your situation DO NOT RESET OR SHUTDOWN - files may be damaged. DO NOT RENAME the encrypted files. DO NOT MOVE the encrypted files. This may lead to the impossibility of recovery of the certain files. The payment has to be made in Bitcoins. The final price depends on how fast you contact us. As soon as we receive the payment you will get the decryption tool and instructions on how to improve your systems security To get information on the price of the decoder contact us at: [email protected] [email protected]

Emails

[email protected]

Extracted

Path

C:\Users\Public\Desktop\README_LOCKED.txt

Ransom Note

Signatures

LockerGoga
LockerGoga is a ransomware that is primarily used in targeted, disruptive attacks.
trojan banker lockergoga

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_x64__8wekyb3d8bbwe\SpeechToTextOverlay.winmd	tgytutrc1143.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\zh-cn\ui-strings.js	tgytutrc1143.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ar-ae\ui-strings.js	tgytutrc1143.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\fr-fr\ui-strings.js	tgytutrc1143.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\fy\LC_MESSAGES\vlc.mo	tgytutrc1143.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\dt.jar	tgytutrc1143.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_newfolder-default.svg	tgytutrc1143.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\root\ui-strings.js	tgytutrc1143.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\nl-nl\ui-strings.js	tgytutrc1143.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png	tgytutrc1143.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_checkbox_partialselected-default_18.svg	tgytutrc1143.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\fr-ma\ui-strings.js	tgytutrc1143.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\sv-se\ui-strings.js	tgytutrc1143.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\eu-es\ui-strings.js	tgytutrc1143.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_backarrow_default.svg	tgytutrc1143.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\images\themes\dark\rhp_world_icon_2x.png	tgytutrc1143.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\sk-sk\ui-strings.js	tgytutrc1143.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_sortedby_18.svg	tgytutrc1143.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_link_18.svg	tgytutrc1143.exe
File opened for modification	C:\Program Files\Windows Defender\it-IT\MpEvMsg.dll.mui	tgytutrc1143.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\excelcnv.exe.manifest	tgytutrc1143.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_sortedby_selected_18.svg	tgytutrc1143.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\gl\LC_MESSAGES\vlc.mo	tgytutrc1143.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\da-dk\ui-strings.js	tgytutrc1143.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_download_pdf_18.svg	WerFault.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Lighting\Light\Silhouette.png	tgytutrc1143.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\StoreLogo.scale-125_contrast-white.png	tgytutrc1143.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_move_18.svg	tgytutrc1143.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\hr-hr\ui-strings.js	tgytutrc1143.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\ru-ru\ui-strings.js	tgytutrc1143.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\AppIcon.scale-125.png	tgytutrc1143.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\themes\dark\arrow-up-pressed.gif	tgytutrc1143.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\sv-se\ui-strings.js	tgytutrc1143.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_x64__8wekyb3d8bbwe\index.html	tgytutrc1143.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\pl-pl\ui-strings.js	tgytutrc1143.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_reminders_18.svg	tgytutrc1143.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\nb-no\PlayStore_icon.svg	tgytutrc1143.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\hi\LC_MESSAGES\vlc.mo	tgytutrc1143.exe
File opened for modification	C:\Program Files\Windows Mail\wabimp.dll	tgytutrc1143.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-40_altform-unplated_contrast-black.png	tgytutrc1143.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\japanese_over.png	tgytutrc1143.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\zh-cn\ui-strings.js	tgytutrc1143.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\StoreLogo.scale-200_contrast-black.png	tgytutrc1143.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\zh-cn\ui-strings.js	tgytutrc1143.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ko-kr\ui-strings.js	tgytutrc1143.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\require\2.1.15\require.min.js	tgytutrc1143.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\hr-hr\ui-strings.js	WerFault.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\dd_arrow_small.png	tgytutrc1143.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\de-de\ui-strings.js	tgytutrc1143.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\illustrations.png	tgytutrc1143.exe
File opened for modification	C:\Program Files\Windows Defender\fr-FR\ProtectionManagement.dll.mui	tgytutrc1143.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Microsoft.Graphics.Canvas.dll	tgytutrc1143.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-string-l1-1-0.dll	tgytutrc1143.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\vi_get.svg	tgytutrc1143.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\en\Microsoft.PowerShell.PackageManagement.resources.dll	tgytutrc1143.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\plugins\rhp\editpdf-selector.js	tgytutrc1143.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\remove.svg	tgytutrc1143.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\themes\dark\rhp_world_icon_hover.png	tgytutrc1143.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Xml.Linq.Resources.dll	tgytutrc1143.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\vlc.mo	tgytutrc1143.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-modules-appui.xml	tgytutrc1143.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\share_icons.png	tgytutrc1143.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Images\no_camera_dialog_image01.jpg	tgytutrc1143.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNotebookLargeTile.scale-150.png	tgytutrc1143.exe

Program crash 5 IoCs

pid	pid_target	Process	procid_target
3900	2832	WerFault.exe	24
4328	2092	WerFault.exe	80
3388	3492	WerFault.exe	488
4648	3212	WerFault.exe	490
760	3212	WerFault.exe	490

Runs net.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1316	tgytutrc1143.exe
1316	tgytutrc1143.exe
2528	tgytutrc1143.exe
2528	tgytutrc1143.exe
1316	tgytutrc1143.exe
1316	tgytutrc1143.exe
3156	tgytutrc1143.exe
3156	tgytutrc1143.exe
2528	tgytutrc1143.exe
2528	tgytutrc1143.exe
2528	tgytutrc1143.exe
2528	tgytutrc1143.exe
2528	tgytutrc1143.exe
2528	tgytutrc1143.exe
1316	tgytutrc1143.exe
1316	tgytutrc1143.exe
2528	tgytutrc1143.exe
2528	tgytutrc1143.exe
1316	tgytutrc1143.exe
1316	tgytutrc1143.exe
2528	tgytutrc1143.exe
2528	tgytutrc1143.exe
2528	tgytutrc1143.exe
2528	tgytutrc1143.exe
1316	tgytutrc1143.exe
1316	tgytutrc1143.exe
2528	tgytutrc1143.exe
2528	tgytutrc1143.exe
3156	tgytutrc1143.exe
3156	tgytutrc1143.exe
2528	tgytutrc1143.exe
2528	tgytutrc1143.exe
3156	tgytutrc1143.exe
3156	tgytutrc1143.exe
3156	tgytutrc1143.exe
3156	tgytutrc1143.exe
3156	tgytutrc1143.exe
3156	tgytutrc1143.exe
2528	tgytutrc1143.exe
2528	tgytutrc1143.exe
3156	tgytutrc1143.exe
3156	tgytutrc1143.exe
2528	tgytutrc1143.exe
2528	tgytutrc1143.exe
1316	tgytutrc1143.exe
1316	tgytutrc1143.exe
3156	tgytutrc1143.exe
3156	tgytutrc1143.exe
1316	tgytutrc1143.exe
1316	tgytutrc1143.exe
2700	tgytutrc1143.exe
2700	tgytutrc1143.exe
3156	tgytutrc1143.exe
3156	tgytutrc1143.exe
1316	tgytutrc1143.exe
1316	tgytutrc1143.exe
3156	tgytutrc1143.exe
3156	tgytutrc1143.exe
2700	tgytutrc1143.exe
2700	tgytutrc1143.exe
1316	tgytutrc1143.exe
1316	tgytutrc1143.exe
3156	tgytutrc1143.exe
3156	tgytutrc1143.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4744	cmd.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3184	LockerGoga.exe
Token: SeBackupPrivilege	3184	LockerGoga.exe
Token: SeRestorePrivilege	3184	LockerGoga.exe
Token: SeLockMemoryPrivilege	3184	LockerGoga.exe
Token: SeCreateGlobalPrivilege	3184	LockerGoga.exe
Token: SeDebugPrivilege	3588	tgytutrc1143.exe
Token: SeBackupPrivilege	3588	tgytutrc1143.exe
Token: SeRestorePrivilege	3588	tgytutrc1143.exe
Token: SeLockMemoryPrivilege	3588	tgytutrc1143.exe
Token: SeCreateGlobalPrivilege	3588	tgytutrc1143.exe
Token: SeDebugPrivilege	1316	tgytutrc1143.exe
Token: SeBackupPrivilege	1316	tgytutrc1143.exe
Token: SeRestorePrivilege	1316	tgytutrc1143.exe
Token: SeLockMemoryPrivilege	1316	tgytutrc1143.exe
Token: SeCreateGlobalPrivilege	1316	tgytutrc1143.exe
Token: SeDebugPrivilege	3156	tgytutrc1143.exe
Token: SeBackupPrivilege	3156	tgytutrc1143.exe
Token: SeRestorePrivilege	3156	tgytutrc1143.exe
Token: SeLockMemoryPrivilege	3156	tgytutrc1143.exe
Token: SeCreateGlobalPrivilege	3156	tgytutrc1143.exe
Token: SeDebugPrivilege	2528	tgytutrc1143.exe
Token: SeBackupPrivilege	2528	tgytutrc1143.exe
Token: SeRestorePrivilege	2528	tgytutrc1143.exe
Token: SeLockMemoryPrivilege	2528	tgytutrc1143.exe
Token: SeCreateGlobalPrivilege	2528	tgytutrc1143.exe
Token: SeDebugPrivilege	2700	tgytutrc1143.exe
Token: SeBackupPrivilege	2700	tgytutrc1143.exe
Token: SeRestorePrivilege	2700	tgytutrc1143.exe
Token: SeLockMemoryPrivilege	2700	tgytutrc1143.exe
Token: SeCreateGlobalPrivilege	2700	tgytutrc1143.exe
Token: SeDebugPrivilege	3808	tgytutrc1143.exe
Token: SeBackupPrivilege	3808	tgytutrc1143.exe
Token: SeRestorePrivilege	3808	tgytutrc1143.exe
Token: SeLockMemoryPrivilege	3808	tgytutrc1143.exe
Token: SeCreateGlobalPrivilege	3808	tgytutrc1143.exe
Token: SeDebugPrivilege	2160	tgytutrc1143.exe
Token: SeBackupPrivilege	2160	tgytutrc1143.exe
Token: SeRestorePrivilege	2160	tgytutrc1143.exe
Token: SeLockMemoryPrivilege	2160	tgytutrc1143.exe
Token: SeCreateGlobalPrivilege	2160	tgytutrc1143.exe
Token: SeDebugPrivilege	1088	tgytutrc1143.exe
Token: SeBackupPrivilege	1088	tgytutrc1143.exe
Token: SeRestorePrivilege	1088	tgytutrc1143.exe
Token: SeLockMemoryPrivilege	1088	tgytutrc1143.exe
Token: SeCreateGlobalPrivilege	1088	tgytutrc1143.exe
Token: SeDebugPrivilege	2500	tgytutrc1143.exe
Token: SeBackupPrivilege	2500	tgytutrc1143.exe
Token: SeRestorePrivilege	2500	tgytutrc1143.exe
Token: SeLockMemoryPrivilege	2500	tgytutrc1143.exe
Token: SeCreateGlobalPrivilege	2500	tgytutrc1143.exe
Token: SeDebugPrivilege	1468	tgytutrc1143.exe
Token: SeBackupPrivilege	1468	tgytutrc1143.exe
Token: SeRestorePrivilege	1468	tgytutrc1143.exe
Token: SeLockMemoryPrivilege	1468	tgytutrc1143.exe
Token: SeCreateGlobalPrivilege	1468	tgytutrc1143.exe
Token: SeDebugPrivilege	4944	tgytutrc1143.exe
Token: SeBackupPrivilege	4944	tgytutrc1143.exe
Token: SeRestorePrivilege	4944	tgytutrc1143.exe
Token: SeLockMemoryPrivilege	4944	tgytutrc1143.exe
Token: SeCreateGlobalPrivilege	4944	tgytutrc1143.exe
Token: SeDebugPrivilege	2404	tgytutrc1143.exe
Token: SeBackupPrivilege	2404	tgytutrc1143.exe
Token: SeRestorePrivilege	2404	tgytutrc1143.exe
Token: SeLockMemoryPrivilege	2404	tgytutrc1143.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3184 wrote to memory of 4744	3184	LockerGoga.exe	83
PID 3184 wrote to memory of 4744	3184	LockerGoga.exe	83
PID 3184 wrote to memory of 3588	3184	LockerGoga.exe	85
PID 3184 wrote to memory of 3588	3184	LockerGoga.exe	85
PID 3184 wrote to memory of 3588	3184	LockerGoga.exe	85
PID 3588 wrote to memory of 5112	3588	tgytutrc1143.exe	86
PID 3588 wrote to memory of 5112	3588	tgytutrc1143.exe	86
PID 3588 wrote to memory of 1100	3588	tgytutrc1143.exe	87
PID 3588 wrote to memory of 1100	3588	tgytutrc1143.exe	87
PID 3588 wrote to memory of 3212	3588	tgytutrc1143.exe	90
PID 3588 wrote to memory of 3212	3588	tgytutrc1143.exe	90
PID 3588 wrote to memory of 1432	3588	tgytutrc1143.exe	91
PID 3588 wrote to memory of 1432	3588	tgytutrc1143.exe	91
PID 3588 wrote to memory of 3884	3588	tgytutrc1143.exe	93
PID 3588 wrote to memory of 3884	3588	tgytutrc1143.exe	93
PID 3588 wrote to memory of 4748	3588	tgytutrc1143.exe	95
PID 3588 wrote to memory of 4748	3588	tgytutrc1143.exe	95
PID 4748 wrote to memory of 3168	4748	net.exe	98
PID 4748 wrote to memory of 3168	4748	net.exe	98
PID 3588 wrote to memory of 1600	3588	tgytutrc1143.exe	99
PID 3588 wrote to memory of 1600	3588	tgytutrc1143.exe	99
PID 1600 wrote to memory of 4328	1600	net.exe	101
PID 1600 wrote to memory of 4328	1600	net.exe	101
PID 3588 wrote to memory of 1316	3588	tgytutrc1143.exe	103
PID 3588 wrote to memory of 1316	3588	tgytutrc1143.exe	103
PID 3588 wrote to memory of 1316	3588	tgytutrc1143.exe	103
PID 3588 wrote to memory of 3156	3588	tgytutrc1143.exe	104
PID 3588 wrote to memory of 3156	3588	tgytutrc1143.exe	104
PID 3588 wrote to memory of 3156	3588	tgytutrc1143.exe	104
PID 3588 wrote to memory of 2528	3588	tgytutrc1143.exe	105
PID 3588 wrote to memory of 2528	3588	tgytutrc1143.exe	105
PID 3588 wrote to memory of 2528	3588	tgytutrc1143.exe	105
PID 3588 wrote to memory of 2700	3588	tgytutrc1143.exe	108
PID 3588 wrote to memory of 2700	3588	tgytutrc1143.exe	108
PID 3588 wrote to memory of 2700	3588	tgytutrc1143.exe	108
PID 3588 wrote to memory of 3808	3588	tgytutrc1143.exe	109
PID 3588 wrote to memory of 3808	3588	tgytutrc1143.exe	109
PID 3588 wrote to memory of 3808	3588	tgytutrc1143.exe	109
PID 3588 wrote to memory of 2160	3588	tgytutrc1143.exe	110
PID 3588 wrote to memory of 2160	3588	tgytutrc1143.exe	110
PID 3588 wrote to memory of 2160	3588	tgytutrc1143.exe	110
PID 3588 wrote to memory of 1088	3588	tgytutrc1143.exe	112
PID 3588 wrote to memory of 1088	3588	tgytutrc1143.exe	112
PID 3588 wrote to memory of 1088	3588	tgytutrc1143.exe	112
PID 3588 wrote to memory of 2500	3588	tgytutrc1143.exe	113
PID 3588 wrote to memory of 2500	3588	tgytutrc1143.exe	113
PID 3588 wrote to memory of 2500	3588	tgytutrc1143.exe	113
PID 3588 wrote to memory of 1468	3588	tgytutrc1143.exe	114
PID 3588 wrote to memory of 1468	3588	tgytutrc1143.exe	114
PID 3588 wrote to memory of 1468	3588	tgytutrc1143.exe	114
PID 3588 wrote to memory of 4944	3588	tgytutrc1143.exe	115
PID 3588 wrote to memory of 4944	3588	tgytutrc1143.exe	115
PID 3588 wrote to memory of 4944	3588	tgytutrc1143.exe	115
PID 3588 wrote to memory of 2404	3588	tgytutrc1143.exe	116
PID 3588 wrote to memory of 2404	3588	tgytutrc1143.exe	116
PID 3588 wrote to memory of 2404	3588	tgytutrc1143.exe	116
PID 3588 wrote to memory of 1856	3588	tgytutrc1143.exe	117
PID 3588 wrote to memory of 1856	3588	tgytutrc1143.exe	117
PID 3588 wrote to memory of 1856	3588	tgytutrc1143.exe	117
PID 3588 wrote to memory of 3904	3588	tgytutrc1143.exe	118
PID 3588 wrote to memory of 3904	3588	tgytutrc1143.exe	118
PID 3588 wrote to memory of 3904	3588	tgytutrc1143.exe	118
PID 3588 wrote to memory of 3092	3588	tgytutrc1143.exe	119
PID 3588 wrote to memory of 3092	3588	tgytutrc1143.exe	119

C:\Users\Admin\AppData\Local\Temp\LockerGoga.exe
"C:\Users\Admin\AppData\Local\Temp\LockerGoga.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3184
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c move /y C:\Users\Admin\AppData\Local\Temp\LockerGoga.exe C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
  2⤵
  - Suspicious behavior: RenamesItself
  PID:4744
- C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
  C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -m
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3588
- - C:\Windows\system32\logoff.exe
    C:\Windows\system32\logoff.exe 0
    3⤵
    PID:5112
- - C:\Windows\system32\logoff.exe
    C:\Windows\system32\logoff.exe 0
    3⤵
    PID:1100
- - C:\Windows\system32\logoff.exe
    C:\Windows\system32\logoff.exe 0
    3⤵
    PID:3212
- - C:\Windows\system32\logoff.exe
    C:\Windows\system32\logoff.exe 0
    3⤵
    PID:1432
- - C:\Windows\system32\logoff.exe
    C:\Windows\system32\logoff.exe 0
    3⤵
    PID:3884
- - C:\Windows\system32\net.exe
    C:\Windows\system32\net.exe user Admin HuHuHUHoHo283283@dJD
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4748
  - - C:\Windows\system32\net1.exe
      C:\Windows\system32\net1 user Admin HuHuHUHoHo283283@dJD
      4⤵
      PID:3168
- - C:\Windows\system32\net.exe
    C:\Windows\system32\net.exe user Administrator HuHuHUHoHo283283@dJD
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1600
  - - C:\Windows\system32\net1.exe
      C:\Windows\system32\net1 user Administrator HuHuHUHoHo283283@dJD
      4⤵
      PID:4328
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1316
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3156
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2528
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2700
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3808
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2160
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    - Suspicious use of AdjustPrivilegeToken
    PID:1088
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    - Suspicious use of AdjustPrivilegeToken
    PID:2500
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    - Suspicious use of AdjustPrivilegeToken
    PID:1468
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4944
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2404
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1856
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3904
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3092
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4424
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4252
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4208
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1336
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1356
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3336
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3196
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:1844
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:2964
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4772
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4368
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4952
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4760
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4844
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1756
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3088
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2796
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4032
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:204
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2208
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:1108
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2280
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1432
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3324
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1628
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4556
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4576
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2820
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1996
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:684
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:2960
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4972
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:4324
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2216
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4880
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3520
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1776
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4628
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4040
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2320
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:4804
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4376
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4792
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4472
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2528
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1064
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4884
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1528
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2448
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:1692
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1384
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4584
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4500
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1560
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:3896
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4896
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4724
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4136
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3904
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:1780
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2032
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1180
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4876
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3488
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4252
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1976
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3408
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1336
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1792
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2312
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:3188
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4740
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4536
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1844
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3420
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4368
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3436
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4092
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3200
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:256
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3732
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2624
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4936
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2796
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3372
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:2280
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4580
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2088
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:204
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:2208
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4572
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2472
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3620
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2620
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4156
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2824
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:116
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3052
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:1996
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:684
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2344
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3080
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:2216
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4880
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4636
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2320
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4132
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4588
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:408
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:2656
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2728
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4908
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3360
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1544
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2160
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4956
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1860
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1468
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2952
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4896
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3904
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:4236
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3288
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4248
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3488
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4252
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1616
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1476
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:760
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4416
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1188
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1768
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2252
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4676
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4640
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:3420
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4996
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2660
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4092
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:1228
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4032
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3136
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3088
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:4524
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:5092
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3624
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1496
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:204
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2296
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:2336
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:5004
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3376
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:1276
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:4748
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:4576
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3168
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4820
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3736
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:4560
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4492
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4944
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4308
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4432
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:312
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2124
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2320
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4588
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4472
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:2020
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2700
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:4884
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1384
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3808
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1348
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4500
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4336
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3004
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4420
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1656
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4648
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2288
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3656
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2452
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:3092
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4900
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4424
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3464
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4248
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4252
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3488
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1140
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1472
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1976
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:1796
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3916
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:1792
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3336
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4716
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:2252
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:4968
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1072
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1844
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2660
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4368
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2588
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:4092
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3880
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1732
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3136
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1432
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4580
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2280
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1496
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1900
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3184
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1888
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3492
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3884
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3376
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2620
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2284
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:520
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:428
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4972
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3736
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4404
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4820
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:5080
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4504
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4948
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1876
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4344
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:4432
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:312
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2124
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2320
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:4588
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1528
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4320
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1148
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2844
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4908
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4584
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3244
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1488
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4724
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:972
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2952
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:1468
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3384
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2120
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:1180
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3504
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1608
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3048
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1576
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4240
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1472
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3488
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1976
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4012
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4416
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:5048
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1956
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2312
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4980
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2884
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4740
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4848
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1072
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:2660
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1844
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:4368
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:4676
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:968
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4824
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3564
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4744
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4384
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2724
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2796
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3372
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:3136
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:5092
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:216
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:4580
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3116
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1900
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2296
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1888
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:3620
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3884
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3376
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2620
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3640
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2096
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3872
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3412
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4988
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1600
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4328
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4396
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:684
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4960
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:2344
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4492
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4344
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4220
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2124
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:780
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:4472
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1148
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4908
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3244
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4644
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1488
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4420
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4648
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2288
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4896
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2452
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2032
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3288
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3504
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3464
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:4248
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1164
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1060
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1476
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:60
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1616
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3916
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3196
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3408
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:1768
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:5088
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4464
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4976
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:3436
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4760
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1652
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4844
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4084
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3636
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1988
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4384
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1292
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1732
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4388
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4556
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:1496
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3648
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3116
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2296
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1900
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2824
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3492
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 892
      4⤵
      Program crash
      PID:3388
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2820
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4156
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:884
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1536
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4780
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3244
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4068
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4216
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1656
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4056
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3372
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:216
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4524
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4580
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4488
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:876
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:640
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:632
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:552
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:5104
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3648
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4312
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2292
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2740
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2280
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1888
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1420
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4092
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:828
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3248
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:5008
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4340
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3252
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3264
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3672
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1992
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3680
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3792
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4108
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3412
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2144
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3620
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3404
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3568
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:428
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3168
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4328
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4304
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3948
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3452
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2092
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1316
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1384
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:2184
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3476
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4588
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3972
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3004
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1092
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3364
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3008
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3896
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:4412
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:3504
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc1143.exe -i SM-tgytutrc -s
    3⤵
    PID:1468

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1
1⤵
PID:3080

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 436 -p 2832 -ip 2832
1⤵
PID:2172

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2832 -s 7476
1⤵
- Program crash
PID:3900

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:3212
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3212 -s 2364
  2⤵
  - Drops file in Program Files directory
  - Program crash
  PID:4648
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3212 -s 2364
  2⤵
  - Drops file in Program Files directory
  - Program crash
  PID:760

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 460 -p 2092 -ip 2092
1⤵
PID:2144

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2092 -s 1904
1⤵
- Program crash
PID:4328

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository
1⤵
PID:4168

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV
1⤵
PID:2700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 3492 -ip 3492
1⤵
PID:3360

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 496 -p 3212 -ip 3212
1⤵
PID:972

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1
1⤵
PID:3904

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 496 -p 3212 -ip 3212
1⤵
PID:1576

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository
1⤵
PID:4248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
ec68d77dd0928b563c9639fdea93745b

SHA1
38757b22dc83d35ea8b4b69858e52cbbeffee22e

SHA256
01e4313d430f166abfd2f367c28ea21c993d9c3e6ac23026049f15c62590d6e6

SHA512
d1ee81cf0b7f7affa377ad60c533780d07c5c69fc53e2f802bd118feab76daaed5b8f9b068edcaf013f4897430587710eb52fe45a2cef440ec5084ce01824a8c

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit