lockergoga | eda26a1cd80aac1c42cdbba9af813d9c4bc81f6052080bc33435d1e076e75aa0

Analysis

max time kernel
40s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
08/01/2023, 10:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eda26a1cd80aac1c42cdbba9af813d9c4bc81f6052080bc33435d1e076e75aa0.exe
Size

1.2MB
MD5

16bcc3b7f32c41e7c7222bf37fe39fe6
SHA1

a25bc5442c86bdeb0dec6583f0e80e241745fb73
SHA256

eda26a1cd80aac1c42cdbba9af813d9c4bc81f6052080bc33435d1e076e75aa0
SHA512

f3e7087f569b3bcc201c006c5dfcea6cf560cad480bc03e6f17790190bc35bf6659e91a9f91219952bd139a3c9afde961032ee1d0861158409206feaa6540f9e
SSDEEP

24576:uj/6CtkHRos9l+zan4Q6eQqF5ZgQibE2zkMiJHic9OuTw258tox6T9G0SKoRl:A/NtkHRos9l+zan4QTB/2zkPtBq2itoP

Score

10^/10

lockergoga banker persistence ransomware spyware stealer trojan

Malware Config

Extracted

Path

C:\Users\Public\Desktop\README_LOCKED.txt

Ransom Note

Greetings! There was a significant flaw in the security system of your company. You should be thankful that the flaw was exploited by serious people and not some rookies. They would have damaged all of your data by mistake or for fun. Your files are encrypted with the strongest military algorithms RSA4096 and AES-256. Without our special decoder it is impossible to restore the data. Attempts to restore your data with third party software as Photorec, RannohDecryptor etc. will lead to irreversible destruction of your data. To confirm our honest intentions. Send us 2-3 different random files and you will get them decrypted. It can be from different computers on your network to be sure that our decoder decrypts everything. Sample files we unlock for free (files should not be related to any kind of backups). We exclusively have decryption software for your situation DO NOT RESET OR SHUTDOWN - files may be damaged. DO NOT RENAME the encrypted files. DO NOT MOVE the encrypted files. This may lead to the impossibility of recovery of the certain files. The payment has to be made in Bitcoins. The final price depends on how fast you contact us. As soon as we receive the payment you will get the decryption tool and instructions on how to improve your systems security To get information on the price of the decoder contact us at: [email protected] [email protected]

Emails

[email protected]

Signatures

LockerGoga
LockerGoga is a ransomware that is primarily used in targeted, disruptive attacks.
trojan banker lockergoga

Modifies Installed Components in the registry 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Software\Microsoft\Active Setup\Installed Components	explorer.exe

Modifies extensions of user files 1 IoCs

Ransomware generally changes the extension on encrypted files.

ransomware

description	ioc	Process
File renamed	C:\Users\Admin\Pictures\ReadSwitch.png => C:\Users\Admin\Pictures\ReadSwitch.png.locked	yxugwjud7779.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Drops file in Windows directory 8 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\92721896\3688670220.pri	svchost.exe
File created	C:\Windows\rescache\_merged\1712550052\3985323565.pri	svchost.exe
File created	C:\Windows\rescache\_merged\2928961003\698613897.pri	svchost.exe
File created	C:\Windows\rescache\_merged\2137598169\4039241008.pri	svchost.exe
File created	C:\Windows\rescache\_merged\3479232320\4282216472.pri	svchost.exe
File created	C:\Windows\rescache\_merged\4278325366\3937198455.pri	svchost.exe
File created	C:\Windows\rescache\_merged\431186354\2202752840.pri	svchost.exe
File created	C:\Windows\rescache\_merged\2562634990\3696326541.pri	svchost.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
1548	700	WerFault.exe	54
1596	4784	WerFault.exe	91
3304	4460	WerFault.exe	302

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.protocol\ms-aad-brokerplugin\AppXnn90p29wc108haje7ahczjhc00h3p5sf	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\ProgIDs\AppXhhkhyqrpsdn2kgtvr6qf6att22kmtadz	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.fileTypeAssociation\.thumb\AppX43hnxtbyyps62jhe9sqpdzxn1790zetc	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp\windows.protocol\xbox-profi	svchost.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.fileTypeAssociation\.adts\AppXqj98qxeaynz6dv4459ayz6bnqxbyaqcs	svchost.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.fileTypeAssociation\.appx\AppXa4x21t18evxksm0kbe6znaz8jjrjvs9e	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Microsoft.WindowsMaps_8wekyb3d8bbwe!App\windows.protocol\ms-drive-to\Disp = "ms-resource:AppDisplayName"	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.protocol\zune\AppX7nv11hc795928dfdxbjgrnt50tez0eh7	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo\windows.protocol\m = "Microsoft.ZuneVideo.AppXa4rwgzqhgbbpvc7jhxgmrp8t1cmsbc6c.mca"	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.fileTypeAssociation\.divx\AppX6eg8h5sxqq90pv53845wmnbewywdqq5h	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.protocol\ms-people	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Microsoft.ScreenSketch_8wekyb3d8bbwe!App\windows.fileTypeAssociation\.e	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.protocol\microsoft.windows.camera.picker	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Microsoft.WindowsMaps_8wekyb3d8bbwe!App\windows.protocol\ms-drive-to\ACID = "App.AppX673hgh00p0wx452gvym01jgfh6df95t9.mca"	svchost.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.fileTypeAssociation\.dng\AppXvvwq6wxamf7qhxd0vn6wm1wwehyxrdd6	svchost.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.protocol\ms-walk-to\AppXtsmg3v4j4x76mctp0h8w9ykwqt07rr43	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.Windows.ParentalControls_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy\Microsoft.Windows.ParentalControls_cw5n1h2txy = "@{Microsoft.Windows.ParentalControls_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ParentalControls/resources/DisplayName}"	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.fileTypeAssociation\.3MF\AppXmgw6pxxs62rbgfp9petmdyb4fx7rnd4k	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\microsoft.windowscommunicationsapps_8wekyb3d8bbwe!mic = "microsoft.windowslive.mail.AppXg2p5z7txjp6y39148m6jdzh9nmnk7d9p.mca"	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.protocol\xbox-settings	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.fileTypeAssociation\.3gp2\AppX6eg8h5sxqq90pv53845wmnbewywdqq5h	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.protocol\ms-eyecontrolspeech	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.Windows.ParentalControls_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy\Microsoft.Windows.ParentalControls_cw5n1h2txy = "ms-resource:DisplayName"	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.Windows.XGpuEjectDialog_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy! = "Safely Eject External GPU"	svchost.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\ProgIDs\AppXdyw2j75xqd0y008p4bvtxhnxp3py2t2g	svchost.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.fileTypeAssociation\.appx	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Microsoft.ScreenSketch_8wekyb3d8bbwe!App\windows.fileTypeAssociation\.e = "Assets\\FileAssociation\\FileAssociation.png"	svchost.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.fileTypeAssociation\.m2t\AppXk0g4vb8gvt7b93tg50ybcy892pge6jmt	svchost.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.fileTypeAssociation\.arw	svchost.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.fileTypeAssociation\.iiq\AppX9rkaq77s0jzh1tyccadx9ghba15r6t3h	svchost.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.fileTypeAssociation\.PLY	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe!Microsoft.MicrosoftOff = "Microsoft.MicrosoftOfficeHub.AppX01evhh702ahjbgp7vx8fevtaefychrt9.wwa"	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.fileTypeAssociation\.m2ts	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.protocol\ms-drive-to	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp\windows.protocol\xbox-netwo = "Microsoft.XboxApp.AppXt97tzpskpyhkwsv5d8wtjsqpxqybzq4r.mca"	svchost.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.protocol\ms-contact-support\AppXws790r9w5rbb9w3p8p4qb2n97s5h6pc3	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Microsoft.SkypeApp_kzf8qxf38zg5c!App\windows.protocol\ms-ipmessaging	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.fileTypeAssociation\.R3D\AppX9rkaq77s0jzh1tyccadx9ghba15r6t3h	svchost.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.fileTypeAssociation\.m2v	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.protocol\xbox-profile	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.Windows.SecureAssessmentBrowser_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\Microsoft.Windows.SecureAssessmentBrowse = "Microsoft Secure Assessment Browser"	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Microsoft.GetHelp_8wekyb3d8bbwe!App\windows.protocol\ms-contact-support\ACI = "App.AppX3hjqc4795d28y2wxy0nedshx6m9smz8f.mca"	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.fileTypeAssociation\.ics\AppX77ghgzrbzwe6djbdyty6hp5e3z1qryqx	svchost.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.fileTypeAssociation\.m1v	svchost.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\ProgIDs\AppX9kvz3rdv8t7twanaezbwfcdgrbg3bck0	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.protocol\microsoft-edge\AppX7rm9drdg8sk7vqndwj3sdjw11x96jc0y	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.Windows.XGpuEjectDialog_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy! = "Microsoft.Windows.XGpuEjectDialog.AppX6pz4hq5zee2a68aq40bdj13c4fhgt9q0.mca"	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.fileTypeAssociation\.srw	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Microsoft.People_8wekyb3d8bbwe!x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x\windows. = "x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x.AppX33jqth5sw94rh6c3v2nv30vgzhc0c21z.mca"	svchost.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.fileTypeAssociation\.mp4v\AppX6eg8h5sxqq90pv53845wmnbewywdqq5h	svchost.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.fileTypeAssociation\.srf\AppX9rkaq77s0jzh1tyccadx9ghba15r6t3h	svchost.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\ProgIDs\AppXqg3xs3h3sbq285086k5jcab5aawtt9zw	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\ProgIDs\AppXzg6fdzp57dpmt1dqardd3y48kkx0qb78	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.protocol\windows-feedback	svchost.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\ProgIDs\AppXmy2y2pf8vtfbdrapfcqn5ckmv6hm63c5	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.fileTypeAssociation\.tiff	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Microsoft.ScreenSketch_8wekyb3d8bbwe!App\windows.fileTypeAssociation\.c	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Microsoft.WindowsAlarms_8wekyb3d8bbwe!App\windows.protocol\ms-clock\Lo = "Assets\\AlarmsAppList.png"	svchost.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.fileTypeAssociation\.mpv2\AppX6eg8h5sxqq90pv53845wmnbewywdqq5h	svchost.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.protocol\xbox-network\AppXs09qw4992zq0ct2hf7dn3csbff3cfws7	svchost.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.fileTypeAssociation\.onetoc2	svchost.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.fileTypeAssociation\.wdp\AppX43hnxtbyyps62jhe9sqpdzxn1790zetc	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Microsoft.ScreenSketch_8wekyb3d8bbwe!App\windows.fileTypeAssociation\.w = "App.AppX99naa8pv4a8nkjghzyt7drksgwxwbtsg.mca"	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Extensions\windows.protocol\ms-wpdrmv\AppXsf0d8xs4xz53mhyq7wyajbmrskt080m7	svchost.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
628	yxugwjud7779.exe
628	yxugwjud7779.exe
900	yxugwjud7779.exe
900	yxugwjud7779.exe
1660	yxugwjud7779.exe
1660	yxugwjud7779.exe
1508	yxugwjud7779.exe
1508	yxugwjud7779.exe
1508	yxugwjud7779.exe
1508	yxugwjud7779.exe
900	yxugwjud7779.exe
900	yxugwjud7779.exe
1508	yxugwjud7779.exe
1508	yxugwjud7779.exe
1508	yxugwjud7779.exe
1508	yxugwjud7779.exe
1508	yxugwjud7779.exe
1508	yxugwjud7779.exe
1508	yxugwjud7779.exe
1508	yxugwjud7779.exe
1660	yxugwjud7779.exe
1660	yxugwjud7779.exe
900	yxugwjud7779.exe
900	yxugwjud7779.exe
628	yxugwjud7779.exe
628	yxugwjud7779.exe
1508	yxugwjud7779.exe
628	yxugwjud7779.exe
1508	yxugwjud7779.exe
628	yxugwjud7779.exe
628	yxugwjud7779.exe
628	yxugwjud7779.exe
1508	yxugwjud7779.exe
1508	yxugwjud7779.exe
1508	yxugwjud7779.exe
1508	yxugwjud7779.exe
1508	yxugwjud7779.exe
1508	yxugwjud7779.exe
1660	yxugwjud7779.exe
1660	yxugwjud7779.exe
900	yxugwjud7779.exe
900	yxugwjud7779.exe
1508	yxugwjud7779.exe
1508	yxugwjud7779.exe
1660	yxugwjud7779.exe
1660	yxugwjud7779.exe
628	yxugwjud7779.exe
628	yxugwjud7779.exe
1660	yxugwjud7779.exe
1660	yxugwjud7779.exe
900	yxugwjud7779.exe
900	yxugwjud7779.exe
628	yxugwjud7779.exe
628	yxugwjud7779.exe
628	yxugwjud7779.exe
628	yxugwjud7779.exe
5004	yxugwjud7779.exe
5004	yxugwjud7779.exe
1660	yxugwjud7779.exe
1660	yxugwjud7779.exe
1660	yxugwjud7779.exe
1660	yxugwjud7779.exe
1660	yxugwjud7779.exe
1660	yxugwjud7779.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1200	cmd.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4368	eda26a1cd80aac1c42cdbba9af813d9c4bc81f6052080bc33435d1e076e75aa0.exe
Token: SeBackupPrivilege	4368	eda26a1cd80aac1c42cdbba9af813d9c4bc81f6052080bc33435d1e076e75aa0.exe
Token: SeRestorePrivilege	4368	eda26a1cd80aac1c42cdbba9af813d9c4bc81f6052080bc33435d1e076e75aa0.exe
Token: SeLockMemoryPrivilege	4368	eda26a1cd80aac1c42cdbba9af813d9c4bc81f6052080bc33435d1e076e75aa0.exe
Token: SeCreateGlobalPrivilege	4368	eda26a1cd80aac1c42cdbba9af813d9c4bc81f6052080bc33435d1e076e75aa0.exe
Token: SeDebugPrivilege	3412	yxugwjud7779.exe
Token: SeBackupPrivilege	3412	yxugwjud7779.exe
Token: SeRestorePrivilege	3412	yxugwjud7779.exe
Token: SeLockMemoryPrivilege	3412	yxugwjud7779.exe
Token: SeCreateGlobalPrivilege	3412	yxugwjud7779.exe
Token: SeDebugPrivilege	628	yxugwjud7779.exe
Token: SeBackupPrivilege	628	yxugwjud7779.exe
Token: SeRestorePrivilege	628	yxugwjud7779.exe
Token: SeLockMemoryPrivilege	628	yxugwjud7779.exe
Token: SeCreateGlobalPrivilege	628	yxugwjud7779.exe
Token: SeDebugPrivilege	1508	yxugwjud7779.exe
Token: SeBackupPrivilege	1508	yxugwjud7779.exe
Token: SeRestorePrivilege	1508	yxugwjud7779.exe
Token: SeLockMemoryPrivilege	1508	yxugwjud7779.exe
Token: SeCreateGlobalPrivilege	1508	yxugwjud7779.exe
Token: SeDebugPrivilege	1660	yxugwjud7779.exe
Token: SeBackupPrivilege	1660	yxugwjud7779.exe
Token: SeRestorePrivilege	1660	yxugwjud7779.exe
Token: SeLockMemoryPrivilege	1660	yxugwjud7779.exe
Token: SeCreateGlobalPrivilege	1660	yxugwjud7779.exe
Token: SeDebugPrivilege	900	yxugwjud7779.exe
Token: SeBackupPrivilege	900	yxugwjud7779.exe
Token: SeRestorePrivilege	900	yxugwjud7779.exe
Token: SeLockMemoryPrivilege	900	yxugwjud7779.exe
Token: SeCreateGlobalPrivilege	900	yxugwjud7779.exe
Token: SeDebugPrivilege	5004	yxugwjud7779.exe
Token: SeBackupPrivilege	5004	yxugwjud7779.exe
Token: SeRestorePrivilege	5004	yxugwjud7779.exe
Token: SeLockMemoryPrivilege	5004	yxugwjud7779.exe
Token: SeCreateGlobalPrivilege	5004	yxugwjud7779.exe
Token: SeDebugPrivilege	5064	yxugwjud7779.exe
Token: SeBackupPrivilege	5064	yxugwjud7779.exe
Token: SeRestorePrivilege	5064	yxugwjud7779.exe
Token: SeLockMemoryPrivilege	5064	yxugwjud7779.exe
Token: SeCreateGlobalPrivilege	5064	yxugwjud7779.exe
Token: SeShutdownPrivilege	4784	explorer.exe
Token: SeCreatePagefilePrivilege	4784	explorer.exe
Token: SeShutdownPrivilege	4784	explorer.exe
Token: SeCreatePagefilePrivilege	4784	explorer.exe
Token: SeShutdownPrivilege	4784	explorer.exe
Token: SeCreatePagefilePrivilege	4784	explorer.exe
Token: SeShutdownPrivilege	4784	explorer.exe
Token: SeCreatePagefilePrivilege	4784	explorer.exe
Token: SeShutdownPrivilege	4784	explorer.exe
Token: SeCreatePagefilePrivilege	4784	explorer.exe
Token: SeDebugPrivilege	4012	yxugwjud7779.exe
Token: SeBackupPrivilege	4012	yxugwjud7779.exe
Token: SeRestorePrivilege	4012	yxugwjud7779.exe
Token: SeLockMemoryPrivilege	4012	yxugwjud7779.exe
Token: SeCreateGlobalPrivilege	4012	yxugwjud7779.exe
Token: SeShutdownPrivilege	4784	explorer.exe
Token: SeCreatePagefilePrivilege	4784	explorer.exe
Token: SeDebugPrivilege	3240	yxugwjud7779.exe
Token: SeBackupPrivilege	3240	yxugwjud7779.exe
Token: SeRestorePrivilege	3240	yxugwjud7779.exe
Token: SeLockMemoryPrivilege	3240	yxugwjud7779.exe
Token: SeCreateGlobalPrivilege	3240	yxugwjud7779.exe
Token: SeDebugPrivilege	3568	yxugwjud7779.exe
Token: SeBackupPrivilege	3568	yxugwjud7779.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
4784	explorer.exe
4784	explorer.exe
4784	explorer.exe
4784	explorer.exe
4784	explorer.exe
4784	explorer.exe

Suspicious use of SendNotifyMessage 8 IoCs

pid	Process
4784	explorer.exe
4784	explorer.exe
4784	explorer.exe
4784	explorer.exe
4784	explorer.exe
4784	explorer.exe
4784	explorer.exe
4784	explorer.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4368 wrote to memory of 1200	4368	eda26a1cd80aac1c42cdbba9af813d9c4bc81f6052080bc33435d1e076e75aa0.exe	79
PID 4368 wrote to memory of 1200	4368	eda26a1cd80aac1c42cdbba9af813d9c4bc81f6052080bc33435d1e076e75aa0.exe	79
PID 4368 wrote to memory of 3412	4368	eda26a1cd80aac1c42cdbba9af813d9c4bc81f6052080bc33435d1e076e75aa0.exe	81
PID 4368 wrote to memory of 3412	4368	eda26a1cd80aac1c42cdbba9af813d9c4bc81f6052080bc33435d1e076e75aa0.exe	81
PID 4368 wrote to memory of 3412	4368	eda26a1cd80aac1c42cdbba9af813d9c4bc81f6052080bc33435d1e076e75aa0.exe	81
PID 3412 wrote to memory of 628	3412	yxugwjud7779.exe	82
PID 3412 wrote to memory of 628	3412	yxugwjud7779.exe	82
PID 3412 wrote to memory of 628	3412	yxugwjud7779.exe	82
PID 3412 wrote to memory of 1508	3412	yxugwjud7779.exe	83
PID 3412 wrote to memory of 1508	3412	yxugwjud7779.exe	83
PID 3412 wrote to memory of 1508	3412	yxugwjud7779.exe	83
PID 3412 wrote to memory of 900	3412	yxugwjud7779.exe	84
PID 3412 wrote to memory of 900	3412	yxugwjud7779.exe	84
PID 3412 wrote to memory of 900	3412	yxugwjud7779.exe	84
PID 3412 wrote to memory of 1660	3412	yxugwjud7779.exe	85
PID 3412 wrote to memory of 1660	3412	yxugwjud7779.exe	85
PID 3412 wrote to memory of 1660	3412	yxugwjud7779.exe	85
PID 3412 wrote to memory of 5004	3412	yxugwjud7779.exe	87
PID 3412 wrote to memory of 5004	3412	yxugwjud7779.exe	87
PID 3412 wrote to memory of 5004	3412	yxugwjud7779.exe	87
PID 3412 wrote to memory of 5064	3412	yxugwjud7779.exe	88
PID 3412 wrote to memory of 5064	3412	yxugwjud7779.exe	88
PID 3412 wrote to memory of 5064	3412	yxugwjud7779.exe	88
PID 3412 wrote to memory of 4012	3412	yxugwjud7779.exe	95
PID 3412 wrote to memory of 4012	3412	yxugwjud7779.exe	95
PID 3412 wrote to memory of 4012	3412	yxugwjud7779.exe	95
PID 3412 wrote to memory of 3240	3412	yxugwjud7779.exe	97
PID 3412 wrote to memory of 3240	3412	yxugwjud7779.exe	97
PID 3412 wrote to memory of 3240	3412	yxugwjud7779.exe	97
PID 3412 wrote to memory of 3568	3412	yxugwjud7779.exe	98
PID 3412 wrote to memory of 3568	3412	yxugwjud7779.exe	98
PID 3412 wrote to memory of 3568	3412	yxugwjud7779.exe	98
PID 3412 wrote to memory of 4504	3412	yxugwjud7779.exe	99
PID 3412 wrote to memory of 4504	3412	yxugwjud7779.exe	99
PID 3412 wrote to memory of 4504	3412	yxugwjud7779.exe	99
PID 3412 wrote to memory of 3140	3412	yxugwjud7779.exe	100
PID 3412 wrote to memory of 3140	3412	yxugwjud7779.exe	100
PID 3412 wrote to memory of 3140	3412	yxugwjud7779.exe	100
PID 3412 wrote to memory of 1876	3412	yxugwjud7779.exe	101
PID 3412 wrote to memory of 1876	3412	yxugwjud7779.exe	101
PID 3412 wrote to memory of 1876	3412	yxugwjud7779.exe	101
PID 3412 wrote to memory of 2696	3412	yxugwjud7779.exe	103
PID 3412 wrote to memory of 2696	3412	yxugwjud7779.exe	103
PID 3412 wrote to memory of 2696	3412	yxugwjud7779.exe	103
PID 3412 wrote to memory of 3708	3412	yxugwjud7779.exe	104
PID 3412 wrote to memory of 3708	3412	yxugwjud7779.exe	104
PID 3412 wrote to memory of 3708	3412	yxugwjud7779.exe	104
PID 3412 wrote to memory of 384	3412	yxugwjud7779.exe	105
PID 3412 wrote to memory of 384	3412	yxugwjud7779.exe	105
PID 3412 wrote to memory of 384	3412	yxugwjud7779.exe	105
PID 3412 wrote to memory of 948	3412	yxugwjud7779.exe	106
PID 3412 wrote to memory of 948	3412	yxugwjud7779.exe	106
PID 3412 wrote to memory of 948	3412	yxugwjud7779.exe	106
PID 3412 wrote to memory of 792	3412	yxugwjud7779.exe	107
PID 3412 wrote to memory of 792	3412	yxugwjud7779.exe	107
PID 3412 wrote to memory of 792	3412	yxugwjud7779.exe	107
PID 3412 wrote to memory of 3012	3412	yxugwjud7779.exe	109
PID 3412 wrote to memory of 3012	3412	yxugwjud7779.exe	109
PID 3412 wrote to memory of 3012	3412	yxugwjud7779.exe	109
PID 3412 wrote to memory of 4264	3412	yxugwjud7779.exe	110
PID 3412 wrote to memory of 4264	3412	yxugwjud7779.exe	110
PID 3412 wrote to memory of 4264	3412	yxugwjud7779.exe	110
PID 3412 wrote to memory of 2608	3412	yxugwjud7779.exe	111
PID 3412 wrote to memory of 2608	3412	yxugwjud7779.exe	111

C:\Users\Admin\AppData\Local\Temp\eda26a1cd80aac1c42cdbba9af813d9c4bc81f6052080bc33435d1e076e75aa0.exe
"C:\Users\Admin\AppData\Local\Temp\eda26a1cd80aac1c42cdbba9af813d9c4bc81f6052080bc33435d1e076e75aa0.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4368
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c move /y C:\Users\Admin\AppData\Local\Temp\eda26a1cd80aac1c42cdbba9af813d9c4bc81f6052080bc33435d1e076e75aa0.exe C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
  2⤵
  - Suspicious behavior: RenamesItself
  PID:1200
- C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
  C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -m
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3412
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:628
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1508
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:900
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1660
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:5004
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:5064
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4012
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3240
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3568
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4504
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3140
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1876
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2696
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3708
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    - Modifies extensions of user files
    PID:384
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:948
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:792
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3012
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4264
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2608
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4180
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3668
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4752
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3640
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3744
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:388
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3884
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3992
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4184
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:5056
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4988
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3924
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4996
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:5008
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:60
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1056
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2188
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1544
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3908
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1380
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4520
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4144
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1796
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1964
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3836
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1472
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:5000
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3844
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3776
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3092
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3172
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3656
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3228
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1372
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4680
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3432
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:784
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3608
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:100
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4784
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3276
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1412
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4508
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4912
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4976
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2836
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4648
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2796
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1244
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3344
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3568
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2872
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3076
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1496
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4832
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3500
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1428
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3376
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1952
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3208
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3012
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:652
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4816
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2856
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2516
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4640
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2192
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3640
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2212
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4160
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4192
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2900
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2384
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4660
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4560
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4184
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3220
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4452
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3304
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4612
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4236
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1116
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3200
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4268
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:532
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2336
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1192
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3924
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1020
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1264
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1600
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1044
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2004
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4368
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1836
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2188
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1296
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2456
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4444
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2716
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3792
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4520
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2324
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1628
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3060
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1112
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1196
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3836
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3032
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1212
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4556
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4688
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4532
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4036
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3844
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3096
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3776
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2308
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3664
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3656
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3268
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3288
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3536
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2840
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1328
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4948
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4044
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:628
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3384
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1596
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:784
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4540
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:100
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4784
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2544
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2764
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4820
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4548
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4632
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2836
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:656
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4648
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:5004
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2160
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1944
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:744
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3356
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3808
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2464
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1496
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4028
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4832
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2748
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3864
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2136
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2936
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1428
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3376
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1976
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1432
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1616
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2660
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4516
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1776
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1764
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2776
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:5048
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3252
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3676
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4400
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1052
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4072
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3744
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3752
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4192
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2760
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2900
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:5040
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3460
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3416
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1916
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3884
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4668
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4460
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 708
      4⤵
      Program crash
      PID:3304
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1908
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4684
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4172
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1464
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2156
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4500
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3964
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:616
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1192
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4996
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:5008
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1492
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:60
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:624
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2444
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1532
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:992
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1624
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3612
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1308
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3908
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:976
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3792
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1864
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4812
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3060
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1112
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2232
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1048
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:5000
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3692
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3256
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4092
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:5060
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1236
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3488
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3540
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3280
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3348
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3764
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2648
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3160
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3092
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3468
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3272
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4032
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4892
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4212
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3428
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2176
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4020
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1656
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4076
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4332
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:100
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3276
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1000
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4100
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3620
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3820
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2764
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4632
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2836
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2796
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4724
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1244
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4916
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1416
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1292
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:940
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:684
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:520
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:536
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4128
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2748
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1508
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4028
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3864
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2136
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1344
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:4860
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3472
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1152
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud7779.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2516

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 464 -p 700 -ip 700
1⤵
PID:4532

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 700 -s 5208
1⤵
- Program crash
PID:1548

C:\Windows\explorer.exe
explorer.exe
1⤵
- Modifies Installed Components in the registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4784
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4784 -s 2252
  2⤵
  - Program crash
  PID:1596

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 480 -p 4784 -ip 4784
1⤵
PID:2540

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 396 -p 4460 -ip 4460
1⤵
PID:2756

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db.locked

Filesize
623KB

MD5
7eb73176a15b04fd1b7cb6b1e2bdbe34

SHA1
6a3224da0033c916896d397e2ab5e0e7c92f5521

SHA256
6ebdfacb543e920ce30dd877c0ec5d6d0e0d7aa7141141a80ccead14a1065887

SHA512
5cfdbbc9cabee378160de1710aea6f09ba3c2397e089b9c70cfdafc11f70f49a249b805db65e6626f7dc5f135e7f406382b32db3f96c32f1172caf2526bee8fe

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit
C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit