lockergoga | c97d9bbc80b573bdeeda3812f4d00e5183493dd0d5805e2508728f65977dda15

Resubmissions

17/10/2022, 10:08

221017-l6fbysbeb8 10

25/08/2022, 14:13

220825-rjthysebcr 10

Analysis

max time kernel
44s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
17/10/2022, 10:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c97d9bbc80b573bdeeda3812f4d00e5183493dd0d5805e2508728f65977dda15.exe
Size

1.2MB
MD5

e11502659f6b5c5bd9f78f534bc38fea
SHA1

b5fd5c913de8cbb8565d3c7c67c0fbaa4090122b
SHA256

c97d9bbc80b573bdeeda3812f4d00e5183493dd0d5805e2508728f65977dda15
SHA512

86c8d4556c9e0b7d60ccbfee430eb322388449506ab515549cb8d2785582671f2dc2d2a3bd9daded9853caa8bf94d9f92603a3bc527172a85dc7a83d701f7fd0
SSDEEP

24576:645Rt4El7fc/TFJzjJUgrrCq5sNIwQsUGy1q7a9DlIACTp+kqGslRG:Rjt4El7fc/TFJWstwQsPdSDuACTpqhG

Score

10^/10

lockergoga banker ransomware trojan

Malware Config

Extracted

Path

C:\Users\Public\Desktop\README_LOCKED.txt

Ransom Note

Emails

[email protected]

Extracted

Path

C:\Users\Public\Desktop\README_LOCKED.txt

Ransom Note

Greetings! There was a significant flaw in the security system of your company. You should be thankful that the flaw was exploited by serious people and not some rookies. They would have damaged all of your data by mistake or for fun. Your files are encrypted with the strongest military algorithms RSA4096 and AES-256. Without our special decoder it is impossible to restore the data. Attempts to restore your data with third party software as Photorec, RannohDecryptor etc. will lead to irreversible destruction of your data. To confirm our honest intentions. Send us 2-3 different random files and you will get them decrypted. It can be from different computers on your network to be sure that our decoder decrypts everything. Sample files we unlock for free (files should not be related to any kind of backups). We exclusively have decryption software for your situation DO NOT RESET OR SHUTDOWN - files may be damaged. DO NOT RENAME the encrypted files. DO NOT MOVE the encrypted files. This may lead to the impossibility of recovery of the certain files. The payment has to be made in Bitcoins. The final price depends on how fast you contact us. As soon as we receive the payment you will get the decryption tool and instructions on how to improve your systems security To get information on the price of the decoder contact us at: Greetings! There was a significant flaw in the security system of your company. You should be thankful that the flaw was exploited by serious people and not some rookies. They would have damaged all of your data by mistake or for fun. Your files are encrypted with the strongest military algorithms RSA4096 and AES-256. Without our special decoder it is impossible to restore the data. Attempts to restore your data with third party software as Photorec, RannohDecryptor etc. will lead to irreversible destruction of your data. To confirm our honest intentions. Send us 2-3 different random files and you will get them decrypted. It can be from different computers on your network to be sure that our decoder decrypts everything. Sample files we unlock for free (files should not be related to any kind of backups). We exclusively have decryption software for your situation DO NOT RESET OR SHUTDOWN - files may be damaged. DO NOT RENAME the encrypted files. DO NOT MOVE the encrypted files. This may lead to the impossibility of recovery of the certain files. The payment has to be made in Bitcoins. The final price depends on how fast you contact us. As soon as we receive the payment you will get the decryption tool and instructions on how to improve your systems security To get information on the price of the decoder contact us at: [email protected] [email protected]

Emails

[email protected]

Signatures

LockerGoga
LockerGoga is a ransomware that is primarily used in targeted, disruptive attacks.
trojan banker lockergoga

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\desktop.ini	tgytutrc6653.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\pl-pl\ui-strings.js	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Acrobat_visual.svg	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\it-IT\ieinstal.exe.mui	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\da-dk\ui-strings.js	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\images\themes\dark\rhp_world_icon_2x.png	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\themes\dark\adobe_sign_tag.png	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeXMP.dll	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\bun.png	tgytutrc6653.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\FPA_f4\FA000000005	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\S_IlluEmptyStateDCFiles_280x192.svg	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\editpdf.svg	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\caution.svg	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\it-it\ui-strings.js	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ca-es\ui-strings.js	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\sk-sk\ui-strings.js	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\images\themes\dark\example_icons2x.png	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\nl-nl\ui-strings.js	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\tr-tr\ui-strings.js	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\zh-cn\PlayStore_icon.svg	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_gridview-hover.svg	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\themes\dark\example_icons2x.png	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\sl-si\ui-strings.js	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\plugin.js	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\cstm_brand_preview2x.png	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\standards_poster.png	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\fr-fr\ui-strings.js	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\s_radio_unselected_18.svg	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\SendMail.api	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\StandardBusiness.pdf	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\sl-si\ui-strings.js	tgytutrc6653.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\PSReadline.psd1	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\css\main-selector.css	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_uinline_warning.svg	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\themes\dark\rhp_world_icon_hover.png	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\bg_pattern_RHP.png	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\dark\share_icons.png	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ko-kr\ui-strings.js	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_reportabuse-default_18.svg	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\selector.js	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\illustrations_retina.png	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\ui-strings.js	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\AcroForm\PMP\DataMatrix.pmp	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ru-ru\ui-strings.js	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\selector.js	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\es-es\PlayStore_icon.svg	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\fr-fr\ui-strings.js	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\dark\SearchEmail2x.png	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sl-si\ui-strings.js	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\zh-cn\ui-strings.js	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\main-cef.css	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\themes\dark\rhp_world_icon_hover_2x.png	svchost.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_gridview_selected.svg	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\en-il\ui-strings.js	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFSigQFormalRep.pdf	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\hi_contrast\core_icons_hiContrast_bow.png	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\server_lg.gif	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_nb_135x40.svg	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\sv-se\ui-strings.js	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\edit-pdf.png	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\eu-es\ui-strings.js	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\da-dk\ui-strings.js	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_download_audit_report_18.svg	tgytutrc6653.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\cs-cz\ui-strings.js	tgytutrc6653.exe

Program crash 4 IoCs

pid	pid_target	Process	procid_target
3016	4124	WerFault.exe	386
856	2180	WerFault.exe	45
4084	4760	WerFault.exe	399
4488	4760	WerFault.exe	399

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
4124	Notepad.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4592	tgytutrc6653.exe
616	tgytutrc6653.exe
4592	tgytutrc6653.exe
616	tgytutrc6653.exe
4532	tgytutrc6653.exe
4532	tgytutrc6653.exe
4592	tgytutrc6653.exe
4592	tgytutrc6653.exe
4532	tgytutrc6653.exe
4532	tgytutrc6653.exe
4532	tgytutrc6653.exe
4532	tgytutrc6653.exe
4532	tgytutrc6653.exe
4532	tgytutrc6653.exe
4532	tgytutrc6653.exe
4532	tgytutrc6653.exe
4532	tgytutrc6653.exe
4532	tgytutrc6653.exe
4592	tgytutrc6653.exe
4592	tgytutrc6653.exe
4532	tgytutrc6653.exe
4532	tgytutrc6653.exe
4532	tgytutrc6653.exe
4532	tgytutrc6653.exe
4592	tgytutrc6653.exe
4592	tgytutrc6653.exe
616	tgytutrc6653.exe
616	tgytutrc6653.exe
4592	tgytutrc6653.exe
4592	tgytutrc6653.exe
4592	tgytutrc6653.exe
4592	tgytutrc6653.exe
4592	tgytutrc6653.exe
4592	tgytutrc6653.exe
4532	tgytutrc6653.exe
4532	tgytutrc6653.exe
616	tgytutrc6653.exe
616	tgytutrc6653.exe
616	tgytutrc6653.exe
616	tgytutrc6653.exe
4532	tgytutrc6653.exe
4532	tgytutrc6653.exe
4592	tgytutrc6653.exe
4592	tgytutrc6653.exe
4592	tgytutrc6653.exe
4592	tgytutrc6653.exe
4592	tgytutrc6653.exe
4592	tgytutrc6653.exe
4592	tgytutrc6653.exe
4592	tgytutrc6653.exe
616	tgytutrc6653.exe
616	tgytutrc6653.exe
4592	tgytutrc6653.exe
4592	tgytutrc6653.exe
616	tgytutrc6653.exe
616	tgytutrc6653.exe
4532	tgytutrc6653.exe
4532	tgytutrc6653.exe
616	tgytutrc6653.exe
616	tgytutrc6653.exe
4592	tgytutrc6653.exe
4592	tgytutrc6653.exe
616	tgytutrc6653.exe
616	tgytutrc6653.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
860	cmd.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4940	c97d9bbc80b573bdeeda3812f4d00e5183493dd0d5805e2508728f65977dda15.exe
Token: SeBackupPrivilege	4940	c97d9bbc80b573bdeeda3812f4d00e5183493dd0d5805e2508728f65977dda15.exe
Token: SeRestorePrivilege	4940	c97d9bbc80b573bdeeda3812f4d00e5183493dd0d5805e2508728f65977dda15.exe
Token: SeLockMemoryPrivilege	4940	c97d9bbc80b573bdeeda3812f4d00e5183493dd0d5805e2508728f65977dda15.exe
Token: SeCreateGlobalPrivilege	4940	c97d9bbc80b573bdeeda3812f4d00e5183493dd0d5805e2508728f65977dda15.exe
Token: SeDebugPrivilege	3128	tgytutrc6653.exe
Token: SeBackupPrivilege	3128	tgytutrc6653.exe
Token: SeRestorePrivilege	3128	tgytutrc6653.exe
Token: SeLockMemoryPrivilege	3128	tgytutrc6653.exe
Token: SeCreateGlobalPrivilege	3128	tgytutrc6653.exe
Token: SeDebugPrivilege	4532	tgytutrc6653.exe
Token: SeBackupPrivilege	4532	tgytutrc6653.exe
Token: SeRestorePrivilege	4532	tgytutrc6653.exe
Token: SeLockMemoryPrivilege	4532	tgytutrc6653.exe
Token: SeCreateGlobalPrivilege	4532	tgytutrc6653.exe
Token: SeDebugPrivilege	616	tgytutrc6653.exe
Token: SeBackupPrivilege	616	tgytutrc6653.exe
Token: SeRestorePrivilege	616	tgytutrc6653.exe
Token: SeLockMemoryPrivilege	616	tgytutrc6653.exe
Token: SeCreateGlobalPrivilege	616	tgytutrc6653.exe
Token: SeDebugPrivilege	4592	tgytutrc6653.exe
Token: SeBackupPrivilege	4592	tgytutrc6653.exe
Token: SeRestorePrivilege	4592	tgytutrc6653.exe
Token: SeLockMemoryPrivilege	4592	tgytutrc6653.exe
Token: SeCreateGlobalPrivilege	4592	tgytutrc6653.exe
Token: SeDebugPrivilege	444	tgytutrc6653.exe
Token: SeBackupPrivilege	444	tgytutrc6653.exe
Token: SeRestorePrivilege	444	tgytutrc6653.exe
Token: SeLockMemoryPrivilege	444	tgytutrc6653.exe
Token: SeCreateGlobalPrivilege	444	tgytutrc6653.exe
Token: SeDebugPrivilege	3336	tgytutrc6653.exe
Token: SeBackupPrivilege	3336	tgytutrc6653.exe
Token: SeRestorePrivilege	3336	tgytutrc6653.exe
Token: SeLockMemoryPrivilege	3336	tgytutrc6653.exe
Token: SeCreateGlobalPrivilege	3336	tgytutrc6653.exe
Token: SeDebugPrivilege	2516	tgytutrc6653.exe
Token: SeBackupPrivilege	2516	tgytutrc6653.exe
Token: SeRestorePrivilege	2516	tgytutrc6653.exe
Token: SeLockMemoryPrivilege	2516	tgytutrc6653.exe
Token: SeCreateGlobalPrivilege	2516	tgytutrc6653.exe
Token: SeDebugPrivilege	3528	tgytutrc6653.exe
Token: SeBackupPrivilege	3528	tgytutrc6653.exe
Token: SeRestorePrivilege	3528	tgytutrc6653.exe
Token: SeLockMemoryPrivilege	3528	tgytutrc6653.exe
Token: SeCreateGlobalPrivilege	3528	tgytutrc6653.exe
Token: SeDebugPrivilege	1148	tgytutrc6653.exe
Token: SeBackupPrivilege	1148	tgytutrc6653.exe
Token: SeRestorePrivilege	1148	tgytutrc6653.exe
Token: SeLockMemoryPrivilege	1148	tgytutrc6653.exe
Token: SeCreateGlobalPrivilege	1148	tgytutrc6653.exe
Token: SeDebugPrivilege	2140	tgytutrc6653.exe
Token: SeBackupPrivilege	2140	tgytutrc6653.exe
Token: SeRestorePrivilege	2140	tgytutrc6653.exe
Token: SeLockMemoryPrivilege	2140	tgytutrc6653.exe
Token: SeCreateGlobalPrivilege	2140	tgytutrc6653.exe
Token: SeDebugPrivilege	8	tgytutrc6653.exe
Token: SeBackupPrivilege	8	tgytutrc6653.exe
Token: SeRestorePrivilege	8	tgytutrc6653.exe
Token: SeLockMemoryPrivilege	8	tgytutrc6653.exe
Token: SeCreateGlobalPrivilege	8	tgytutrc6653.exe
Token: SeDebugPrivilege	4276	tgytutrc6653.exe
Token: SeBackupPrivilege	4276	tgytutrc6653.exe
Token: SeRestorePrivilege	4276	tgytutrc6653.exe
Token: SeLockMemoryPrivilege	4276	tgytutrc6653.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4940 wrote to memory of 860	4940	c97d9bbc80b573bdeeda3812f4d00e5183493dd0d5805e2508728f65977dda15.exe	83
PID 4940 wrote to memory of 860	4940	c97d9bbc80b573bdeeda3812f4d00e5183493dd0d5805e2508728f65977dda15.exe	83
PID 4940 wrote to memory of 3128	4940	c97d9bbc80b573bdeeda3812f4d00e5183493dd0d5805e2508728f65977dda15.exe	85
PID 4940 wrote to memory of 3128	4940	c97d9bbc80b573bdeeda3812f4d00e5183493dd0d5805e2508728f65977dda15.exe	85
PID 4940 wrote to memory of 3128	4940	c97d9bbc80b573bdeeda3812f4d00e5183493dd0d5805e2508728f65977dda15.exe	85
PID 3128 wrote to memory of 3096	3128	tgytutrc6653.exe	86
PID 3128 wrote to memory of 3096	3128	tgytutrc6653.exe	86
PID 3128 wrote to memory of 1568	3128	tgytutrc6653.exe	87
PID 3128 wrote to memory of 1568	3128	tgytutrc6653.exe	87
PID 3128 wrote to memory of 2020	3128	tgytutrc6653.exe	89
PID 3128 wrote to memory of 2020	3128	tgytutrc6653.exe	89
PID 3128 wrote to memory of 4264	3128	tgytutrc6653.exe	90
PID 3128 wrote to memory of 4264	3128	tgytutrc6653.exe	90
PID 3128 wrote to memory of 1416	3128	tgytutrc6653.exe	93
PID 3128 wrote to memory of 1416	3128	tgytutrc6653.exe	93
PID 3128 wrote to memory of 4972	3128	tgytutrc6653.exe	95
PID 3128 wrote to memory of 4972	3128	tgytutrc6653.exe	95
PID 4972 wrote to memory of 2188	4972	net.exe	99
PID 4972 wrote to memory of 2188	4972	net.exe	99
PID 3128 wrote to memory of 3352	3128	tgytutrc6653.exe	100
PID 3128 wrote to memory of 3352	3128	tgytutrc6653.exe	100
PID 3352 wrote to memory of 3864	3352	net.exe	102
PID 3352 wrote to memory of 3864	3352	net.exe	102
PID 3128 wrote to memory of 616	3128	tgytutrc6653.exe	103
PID 3128 wrote to memory of 616	3128	tgytutrc6653.exe	103
PID 3128 wrote to memory of 616	3128	tgytutrc6653.exe	103
PID 3128 wrote to memory of 4532	3128	tgytutrc6653.exe	104
PID 3128 wrote to memory of 4532	3128	tgytutrc6653.exe	104
PID 3128 wrote to memory of 4532	3128	tgytutrc6653.exe	104
PID 3128 wrote to memory of 4592	3128	tgytutrc6653.exe	105
PID 3128 wrote to memory of 4592	3128	tgytutrc6653.exe	105
PID 3128 wrote to memory of 4592	3128	tgytutrc6653.exe	105
PID 3128 wrote to memory of 444	3128	tgytutrc6653.exe	109
PID 3128 wrote to memory of 444	3128	tgytutrc6653.exe	109
PID 3128 wrote to memory of 444	3128	tgytutrc6653.exe	109
PID 3128 wrote to memory of 3336	3128	tgytutrc6653.exe	110
PID 3128 wrote to memory of 3336	3128	tgytutrc6653.exe	110
PID 3128 wrote to memory of 3336	3128	tgytutrc6653.exe	110
PID 3128 wrote to memory of 2516	3128	tgytutrc6653.exe	111
PID 3128 wrote to memory of 2516	3128	tgytutrc6653.exe	111
PID 3128 wrote to memory of 2516	3128	tgytutrc6653.exe	111
PID 3128 wrote to memory of 3528	3128	tgytutrc6653.exe	112
PID 3128 wrote to memory of 3528	3128	tgytutrc6653.exe	112
PID 3128 wrote to memory of 3528	3128	tgytutrc6653.exe	112
PID 3128 wrote to memory of 1148	3128	tgytutrc6653.exe	113
PID 3128 wrote to memory of 1148	3128	tgytutrc6653.exe	113
PID 3128 wrote to memory of 1148	3128	tgytutrc6653.exe	113
PID 3128 wrote to memory of 2140	3128	tgytutrc6653.exe	114
PID 3128 wrote to memory of 2140	3128	tgytutrc6653.exe	114
PID 3128 wrote to memory of 2140	3128	tgytutrc6653.exe	114
PID 3128 wrote to memory of 8	3128	tgytutrc6653.exe	115
PID 3128 wrote to memory of 8	3128	tgytutrc6653.exe	115
PID 3128 wrote to memory of 8	3128	tgytutrc6653.exe	115
PID 3128 wrote to memory of 4276	3128	tgytutrc6653.exe	116
PID 3128 wrote to memory of 4276	3128	tgytutrc6653.exe	116
PID 3128 wrote to memory of 4276	3128	tgytutrc6653.exe	116
PID 3128 wrote to memory of 4348	3128	tgytutrc6653.exe	117
PID 3128 wrote to memory of 4348	3128	tgytutrc6653.exe	117
PID 3128 wrote to memory of 4348	3128	tgytutrc6653.exe	117
PID 3128 wrote to memory of 3416	3128	tgytutrc6653.exe	118
PID 3128 wrote to memory of 3416	3128	tgytutrc6653.exe	118
PID 3128 wrote to memory of 3416	3128	tgytutrc6653.exe	118
PID 3128 wrote to memory of 1016	3128	tgytutrc6653.exe	119
PID 3128 wrote to memory of 1016	3128	tgytutrc6653.exe	119

C:\Users\Admin\AppData\Local\Temp\c97d9bbc80b573bdeeda3812f4d00e5183493dd0d5805e2508728f65977dda15.exe
"C:\Users\Admin\AppData\Local\Temp\c97d9bbc80b573bdeeda3812f4d00e5183493dd0d5805e2508728f65977dda15.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4940
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c move /y C:\Users\Admin\AppData\Local\Temp\c97d9bbc80b573bdeeda3812f4d00e5183493dd0d5805e2508728f65977dda15.exe C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
  2⤵
  - Suspicious behavior: RenamesItself
  PID:860
- C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
  C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -m
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3128
- - C:\Windows\system32\logoff.exe
    C:\Windows\system32\logoff.exe 0
    3⤵
    PID:3096
- - C:\Windows\system32\logoff.exe
    C:\Windows\system32\logoff.exe 0
    3⤵
    PID:1568
- - C:\Windows\system32\logoff.exe
    C:\Windows\system32\logoff.exe 0
    3⤵
    PID:2020
- - C:\Windows\system32\logoff.exe
    C:\Windows\system32\logoff.exe 0
    3⤵
    PID:4264
- - C:\Windows\system32\logoff.exe
    C:\Windows\system32\logoff.exe 0
    3⤵
    PID:1416
- - C:\Windows\system32\net.exe
    C:\Windows\system32\net.exe user Admin HuHuHUHoHo283283@dJD
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4972
  - - C:\Windows\system32\net1.exe
      C:\Windows\system32\net1 user Admin HuHuHUHoHo283283@dJD
      4⤵
      PID:2188
- - C:\Windows\system32\net.exe
    C:\Windows\system32\net.exe user Administrator HuHuHUHoHo283283@dJD
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3352
  - - C:\Windows\system32\net1.exe
      C:\Windows\system32\net1 user Administrator HuHuHUHoHo283283@dJD
      4⤵
      PID:3864
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:616
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4532
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4592
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:444
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    - Suspicious use of AdjustPrivilegeToken
    PID:3336
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2516
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3528
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1148
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2140
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    - Suspicious use of AdjustPrivilegeToken
    PID:8
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4276
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4348
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:3416
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1016
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1556
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4444
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1100
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2008
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:744
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3788
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1256
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2256
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1984
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:4864
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4832
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:2056
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4856
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2012
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4104
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4752
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:2376
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:668
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4504
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3948
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3372
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3124
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2064
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:4940
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:5060
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4228
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3228
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1612
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4112
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:208
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4616
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:216
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4360
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1828
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2588
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1108
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3864
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3176
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3636
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2136
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1924
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4916
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:540
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2480
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:4584
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:536
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:4548
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3188
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2880
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3336
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2508
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:616
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3592
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3528
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:4676
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:4652
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2140
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4820
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:5116
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2316
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3436
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4248
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2868
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1580
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:448
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3584
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1824
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4188
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1868
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:2920
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:4444
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:744
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2712
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:3392
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4388
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1716
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3712
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:5056
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4624
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:4928
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4048
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1844
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1368
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:2472
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:5028
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1036
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4856
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4212
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:708
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1028
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:632
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3940
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:432
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4544
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4884
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3936
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3372
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3136
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2064
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4800
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3576
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:5060
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2640
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2296
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2760
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3724
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4240
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2624
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4116
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4288
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4120
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:4616
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:2424
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:3028
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4728
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2456
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:1264
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2588
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4608
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:3176
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3160
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:872
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4968
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4124
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:992
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4064
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2304
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2288
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3188
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3336
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:4696
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2740
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4792
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:8
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:2032
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2140
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:968
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:5116
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2316
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2684
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4248
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2868
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:1580
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:748
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:3584
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3384
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3968
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:5040
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3780
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3788
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2972
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1380
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1332
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:1984
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2336
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4048
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1844
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1728
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3396
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4856
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1036
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:1092
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4212
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:632
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:1028
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:3940
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4684
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:432
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:3948
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4544
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3932
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:3136
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3372
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1656
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3124
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4128
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:5060
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:2640
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4112
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3856
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2296
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2624
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:4116
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:2188
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4972
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1444
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4956
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4836
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4860
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1924
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3764
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:540
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:2948
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:760
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:928
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2880
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3612
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:444
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1668
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2332
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4368
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4256
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:8
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4828
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4820
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3524
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:5116
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1624
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1016
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2784
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:396
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1168
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3976
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4356
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3156
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1560
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:1392
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1944
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2712
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:4388
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1256
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1552
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:672
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4624
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3232
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4048
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2056
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4104
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1280
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2044
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:5012
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:4752
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:456
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops desktop.ini file(s)
    PID:4804
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4852
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3284
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4488
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2460
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3684
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4844
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4100
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2064
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4800
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3044
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3576
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:3228
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1940
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2760
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4112
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:208
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3860
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:4972
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1444
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2224
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:1924
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:4860
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:760
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:4916
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2880
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4792
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3216
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4820
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:540
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3524
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:5116
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3436
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4704
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1944
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:5112
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4244
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2248
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1448
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4080
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2376
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4824
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1368
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4844
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:64
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3476
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4544
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:5060
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2280
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1876
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3512
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:860
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4360
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:216
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4776
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:5008
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3864
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4808
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4900
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4464
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3336
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3896
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4536
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2332
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4348
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2284
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4916
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3052
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3016
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2880
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4792
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1640
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3596
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4304
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:4256
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1624
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2444
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3088
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1192
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3172
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3196
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3256
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3492
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3736
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3648
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3744
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:100
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4552
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4292
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3428
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:2288
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2716
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3380
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1228
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3344
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1224
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:1016
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2684
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3968
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3944
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:5112
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1984
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2420
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3708
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4212
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1904
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:5012
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:828
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1780
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:456
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2376
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2020
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1196
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1032
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:5040
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1552
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3236
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:3384
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3640
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3156
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4372
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:5068
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3440
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3556
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4404
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1716
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:5072
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:864
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1956
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4904
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1460
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2404
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4100
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1844
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2384
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3124
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4624
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2252
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3476
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4544
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:5060
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2280
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1876
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3512
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:3932
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3036
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3400
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4576
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4360
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:208
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4596
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2348
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4604
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1840
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1792
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2120
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4460
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3424
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3032
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:380
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1372
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3140
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3764
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:60
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4896
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2304
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:444
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3528
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3080
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2032
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4696
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:968
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4572
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4828
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4712
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2512
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4364
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4636
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3592
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1204
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1964
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4064
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1816
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:5032
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3752
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2124
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:5044
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3168
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3204
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3276
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4908
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3112
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3656
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1020
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:644
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4272
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3456
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4780
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4452
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4308
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1612
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:112
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3368
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3532
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3732
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3524
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3608
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1148
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3436
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3740
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1984
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:5112
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3944
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3708
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4212
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1904
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:5012
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:828
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4876
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2320
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2256
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3936
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4824
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:744
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4868
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4028
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3928
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3772
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2372
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2092
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3384
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3640
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3156
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4372
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3440
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:5068
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4404
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4424
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1716
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4756
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2712
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3920
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3892
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4904
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    - Drops file in Program Files directory
    PID:4852
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3728
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1376
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3988
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2064
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3396
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3044
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:64
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3576
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3720
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3856
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2760
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1536
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:860
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3136
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4588
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:5100
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4980
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4976
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4776
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:116
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4984
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3132
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1772
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3180
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4608
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2152
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4864
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4728
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4528
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4460
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4968
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:708
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2692
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4856
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:5008
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3756
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3160
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:3636
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4896
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:992
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1284
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4072
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:760
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2740
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:1668
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2076
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2148
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2208
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:2284
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4784
- - C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe
    C:\Users\Admin\AppData\Local\Temp\tgytutrc6653.exe -i SM-tgytutrc -s
    3⤵
    PID:4316

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4756

C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\servicing\TrustedInstaller.exe
1⤵
PID:4188

C:\Windows\System32\sihclient.exe
C:\Windows\System32\sihclient.exe /cv TQvoIET4nEmQRTVj9GNBVg.0.2
1⤵
PID:744

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc
1⤵
PID:4288

C:\Windows\System32\Notepad.exe
"C:\Windows\System32\Notepad.exe" C:\Users\Admin\Desktop\PopCopy.vbe
1⤵
- Opens file in notepad (likely ransom note)
PID:4124
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4124 -s 1164
  2⤵
  - Program crash
  PID:3016

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 452 -p 4124 -ip 4124
1⤵
PID:824

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 536 -p 2180 -ip 2180
1⤵
PID:2740

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2180 -s 10656
1⤵
- Program crash
PID:856

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4760
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4760 -s 2360
  2⤵
  - Program crash
  PID:4084
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4760 -s 2360
  2⤵
  - Program crash
  PID:4488

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 544 -p 4760 -ip 4760
1⤵
PID:1332

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
1⤵
- Drops file in Program Files directory
PID:4624

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 548 -p 4760 -ip 4760
1⤵
PID:3924

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository
1⤵
PID:1400

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
b0c3680511bb097c2b306a275ed5740e

SHA1
af8d16caf2bc6ec3b79d2ee5b8032d61f6b07d2d

SHA256
7fa663bf6aa840278f94e46ae7572bb41474adf1d80e8ab4ec5e4550fcf30314

SHA512
bbe0eec4863d226eca393380ae6fa662c24563bf4fffd1b96b11b45d7cce23c0fea0fae5f66cc743f6acfe3cea89c4218e463dc29cda4f2bbc0ff352bd9d3270

Download Submit