lockergoga | eda26a1cd80aac1c42cdbba9af813d9c4bc81f6052080bc33435d1e076e75aa0

Analysis

max time kernel
39s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
20/03/2024, 10:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

230108-mnsp1add24.exe
Size

1.2MB
MD5

16bcc3b7f32c41e7c7222bf37fe39fe6
SHA1

a25bc5442c86bdeb0dec6583f0e80e241745fb73
SHA256

eda26a1cd80aac1c42cdbba9af813d9c4bc81f6052080bc33435d1e076e75aa0
SHA512

f3e7087f569b3bcc201c006c5dfcea6cf560cad480bc03e6f17790190bc35bf6659e91a9f91219952bd139a3c9afde961032ee1d0861158409206feaa6540f9e
SSDEEP

24576:uj/6CtkHRos9l+zan4Q6eQqF5ZgQibE2zkMiJHic9OuTw258tox6T9G0SKoRl:A/NtkHRos9l+zan4QTB/2zkPtBq2itoP

Score

10^/10

lockergoga banker ransomware trojan

Malware Config

Extracted

Path

C:\Users\Public\Desktop\README_LOCKED.txt

Ransom Note

Greetings! There was a significant flaw in the security system of your company. You should be thankful that the flaw was exploited by serious people and not some rookies. They would have damaged all of your data by mistake or for fun. Your files are encrypted with the strongest military algorithms RSA4096 and AES-256. Without our special decoder it is impossible to restore the data. Attempts to restore your data with third party software as Photorec, RannohDecryptor etc. will lead to irreversible destruction of your data. To confirm our honest intentions. Send us 2-3 different random files and you will get them decrypted. It can be from different computers on your network to be sure that our decoder decrypts everything. Sample files we unlock for free (files should not be related to any kind of backups). We exclusively have decryption software for your situation DO NOT RESET OR SHUTDOWN - files may be damaged. DO NOT RENAME the encrypted files. DO NOT MOVE the encrypted files. This may lead to the impossibility of recovery of the certain files. The payment has to be made in Bitcoins. The final price depends on how fast you contact us. As soon as we receive the payment you will get the decryption tool and instructions on how to improve your systems security To get information on the price of the decoder contact us at: [email protected] [email protected]

Emails

[email protected]

Signatures

LockerGoga
LockerGoga is a ransomware that is primarily used in targeted, disruptive attacks.
trojan banker lockergoga
Renames multiple (498) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\ant-javafx.jar	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Nauru	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.ja_5.5.0.165303.jar	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7TSFrame.png	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cuiaba	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\eclipse.inf	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.properties	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator_3.3.300.v20140518-1928.jar	yxugwjud8224.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ru.pak	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util.jar	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\.lastModified	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_zh_CN.jar	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-dialogs.xml	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-progress.xml	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_zh_CN.jar	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_zh_CN.jar	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_ja.jar	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-execution.xml	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_ja.jar	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Caracas	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\eclipse.inf	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.util_1.0.500.v20130404-1337.jar	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mac.css	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\org-openide-filesystems.jar	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkHandle.png	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santo_Domingo	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.exe	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-spi-quicksearch.xml	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-execution.xml	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-windows.xml	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Juneau	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wake	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\epl-v10.html	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\README.TXT	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.xml	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_olv.css	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Metlakatla	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pitcairn	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-nodes.xml	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-actions.xml	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-api.xml	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core.xml	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_zh_4.4.0.v20140623020002.jar	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.properties	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\ct.sym	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\St_Johns	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.properties	yxugwjud8224.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\epl-v10.html	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\core.jar	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_ja.jar	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\ZoneInfoMappings	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\WET	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\eclipse.inf	yxugwjud8224.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-options-api.xml	yxugwjud8224.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg	yxugwjud8224.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2648	yxugwjud8224.exe
2648	yxugwjud8224.exe
2600	yxugwjud8224.exe
2600	yxugwjud8224.exe
2544	yxugwjud8224.exe
2544	yxugwjud8224.exe
2680	yxugwjud8224.exe
2680	yxugwjud8224.exe
2924	yxugwjud8224.exe
2924	yxugwjud8224.exe
2592	yxugwjud8224.exe
2592	yxugwjud8224.exe
2672	yxugwjud8224.exe
2672	yxugwjud8224.exe
2652	yxugwjud8224.exe
2652	yxugwjud8224.exe
2560	yxugwjud8224.exe
2560	yxugwjud8224.exe
2656	yxugwjud8224.exe
2656	yxugwjud8224.exe
2656	yxugwjud8224.exe
2656	yxugwjud8224.exe
2560	yxugwjud8224.exe
2560	yxugwjud8224.exe
2592	yxugwjud8224.exe
2592	yxugwjud8224.exe
2924	yxugwjud8224.exe
2924	yxugwjud8224.exe
2656	yxugwjud8224.exe
2656	yxugwjud8224.exe
2672	yxugwjud8224.exe
2672	yxugwjud8224.exe
2652	yxugwjud8224.exe
2652	yxugwjud8224.exe
2592	yxugwjud8224.exe
2592	yxugwjud8224.exe
2600	yxugwjud8224.exe
2600	yxugwjud8224.exe
2592	yxugwjud8224.exe
2592	yxugwjud8224.exe
2924	yxugwjud8224.exe
2924	yxugwjud8224.exe
2600	yxugwjud8224.exe
2600	yxugwjud8224.exe
2652	yxugwjud8224.exe
2652	yxugwjud8224.exe
2560	yxugwjud8224.exe
2560	yxugwjud8224.exe
2600	yxugwjud8224.exe
2600	yxugwjud8224.exe
2560	yxugwjud8224.exe
2560	yxugwjud8224.exe
2924	yxugwjud8224.exe
2924	yxugwjud8224.exe
2592	yxugwjud8224.exe
2592	yxugwjud8224.exe
2652	yxugwjud8224.exe
2652	yxugwjud8224.exe
2656	yxugwjud8224.exe
2656	yxugwjud8224.exe
2652	yxugwjud8224.exe
2652	yxugwjud8224.exe
2924	yxugwjud8224.exe
2924	yxugwjud8224.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2900	cmd.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1444	230108-mnsp1add24.exe
Token: SeBackupPrivilege	1444	230108-mnsp1add24.exe
Token: SeRestorePrivilege	1444	230108-mnsp1add24.exe
Token: SeLockMemoryPrivilege	1444	230108-mnsp1add24.exe
Token: SeCreateGlobalPrivilege	1444	230108-mnsp1add24.exe
Token: SeDebugPrivilege	1552	yxugwjud8224.exe
Token: SeBackupPrivilege	1552	yxugwjud8224.exe
Token: SeRestorePrivilege	1552	yxugwjud8224.exe
Token: SeLockMemoryPrivilege	1552	yxugwjud8224.exe
Token: SeCreateGlobalPrivilege	1552	yxugwjud8224.exe
Token: SeDebugPrivilege	2592	yxugwjud8224.exe
Token: SeDebugPrivilege	2652	yxugwjud8224.exe
Token: SeBackupPrivilege	2592	yxugwjud8224.exe
Token: SeBackupPrivilege	2652	yxugwjud8224.exe
Token: SeDebugPrivilege	2544	yxugwjud8224.exe
Token: SeDebugPrivilege	2600	yxugwjud8224.exe
Token: SeDebugPrivilege	2656	yxugwjud8224.exe
Token: SeDebugPrivilege	2680	yxugwjud8224.exe
Token: SeDebugPrivilege	2648	yxugwjud8224.exe
Token: SeRestorePrivilege	2592	yxugwjud8224.exe
Token: SeRestorePrivilege	2652	yxugwjud8224.exe
Token: SeBackupPrivilege	2544	yxugwjud8224.exe
Token: SeBackupPrivilege	2600	yxugwjud8224.exe
Token: SeDebugPrivilege	2672	yxugwjud8224.exe
Token: SeDebugPrivilege	2924	yxugwjud8224.exe
Token: SeBackupPrivilege	2656	yxugwjud8224.exe
Token: SeBackupPrivilege	2680	yxugwjud8224.exe
Token: SeBackupPrivilege	2648	yxugwjud8224.exe
Token: SeLockMemoryPrivilege	2592	yxugwjud8224.exe
Token: SeRestorePrivilege	2544	yxugwjud8224.exe
Token: SeLockMemoryPrivilege	2652	yxugwjud8224.exe
Token: SeRestorePrivilege	2600	yxugwjud8224.exe
Token: SeRestorePrivilege	2656	yxugwjud8224.exe
Token: SeRestorePrivilege	2680	yxugwjud8224.exe
Token: SeRestorePrivilege	2648	yxugwjud8224.exe
Token: SeBackupPrivilege	2672	yxugwjud8224.exe
Token: SeBackupPrivilege	2924	yxugwjud8224.exe
Token: SeCreateGlobalPrivilege	2592	yxugwjud8224.exe
Token: SeLockMemoryPrivilege	2544	yxugwjud8224.exe
Token: SeLockMemoryPrivilege	2600	yxugwjud8224.exe
Token: SeCreateGlobalPrivilege	2652	yxugwjud8224.exe
Token: SeLockMemoryPrivilege	2656	yxugwjud8224.exe
Token: SeLockMemoryPrivilege	2680	yxugwjud8224.exe
Token: SeRestorePrivilege	2672	yxugwjud8224.exe
Token: SeRestorePrivilege	2924	yxugwjud8224.exe
Token: SeLockMemoryPrivilege	2672	yxugwjud8224.exe
Token: SeLockMemoryPrivilege	2648	yxugwjud8224.exe
Token: SeCreateGlobalPrivilege	2672	yxugwjud8224.exe
Token: SeCreateGlobalPrivilege	2544	yxugwjud8224.exe
Token: SeLockMemoryPrivilege	2924	yxugwjud8224.exe
Token: SeCreateGlobalPrivilege	2600	yxugwjud8224.exe
Token: SeCreateGlobalPrivilege	2656	yxugwjud8224.exe
Token: SeCreateGlobalPrivilege	2680	yxugwjud8224.exe
Token: SeCreateGlobalPrivilege	2648	yxugwjud8224.exe
Token: SeCreateGlobalPrivilege	2924	yxugwjud8224.exe
Token: SeDebugPrivilege	2560	yxugwjud8224.exe
Token: SeBackupPrivilege	2560	yxugwjud8224.exe
Token: SeRestorePrivilege	2560	yxugwjud8224.exe
Token: SeLockMemoryPrivilege	2560	yxugwjud8224.exe
Token: SeCreateGlobalPrivilege	2560	yxugwjud8224.exe
Token: SeDebugPrivilege	528	yxugwjud8224.exe
Token: SeBackupPrivilege	528	yxugwjud8224.exe
Token: SeRestorePrivilege	528	yxugwjud8224.exe
Token: SeLockMemoryPrivilege	528	yxugwjud8224.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1444 wrote to memory of 2900	1444	230108-mnsp1add24.exe	28
PID 1444 wrote to memory of 2900	1444	230108-mnsp1add24.exe	28
PID 1444 wrote to memory of 2900	1444	230108-mnsp1add24.exe	28
PID 1444 wrote to memory of 2900	1444	230108-mnsp1add24.exe	28
PID 1444 wrote to memory of 1552	1444	230108-mnsp1add24.exe	30
PID 1444 wrote to memory of 1552	1444	230108-mnsp1add24.exe	30
PID 1444 wrote to memory of 1552	1444	230108-mnsp1add24.exe	30
PID 1444 wrote to memory of 1552	1444	230108-mnsp1add24.exe	30
PID 1552 wrote to memory of 2544	1552	yxugwjud8224.exe	31
PID 1552 wrote to memory of 2544	1552	yxugwjud8224.exe	31
PID 1552 wrote to memory of 2544	1552	yxugwjud8224.exe	31
PID 1552 wrote to memory of 2544	1552	yxugwjud8224.exe	31
PID 1552 wrote to memory of 2592	1552	yxugwjud8224.exe	32
PID 1552 wrote to memory of 2592	1552	yxugwjud8224.exe	32
PID 1552 wrote to memory of 2592	1552	yxugwjud8224.exe	32
PID 1552 wrote to memory of 2592	1552	yxugwjud8224.exe	32
PID 1552 wrote to memory of 2600	1552	yxugwjud8224.exe	33
PID 1552 wrote to memory of 2600	1552	yxugwjud8224.exe	33
PID 1552 wrote to memory of 2600	1552	yxugwjud8224.exe	33
PID 1552 wrote to memory of 2600	1552	yxugwjud8224.exe	33
PID 1552 wrote to memory of 2652	1552	yxugwjud8224.exe	34
PID 1552 wrote to memory of 2652	1552	yxugwjud8224.exe	34
PID 1552 wrote to memory of 2652	1552	yxugwjud8224.exe	34
PID 1552 wrote to memory of 2652	1552	yxugwjud8224.exe	34
PID 1552 wrote to memory of 2656	1552	yxugwjud8224.exe	35
PID 1552 wrote to memory of 2656	1552	yxugwjud8224.exe	35
PID 1552 wrote to memory of 2656	1552	yxugwjud8224.exe	35
PID 1552 wrote to memory of 2656	1552	yxugwjud8224.exe	35
PID 1552 wrote to memory of 2672	1552	yxugwjud8224.exe	36
PID 1552 wrote to memory of 2672	1552	yxugwjud8224.exe	36
PID 1552 wrote to memory of 2672	1552	yxugwjud8224.exe	36
PID 1552 wrote to memory of 2672	1552	yxugwjud8224.exe	36
PID 1552 wrote to memory of 2680	1552	yxugwjud8224.exe	37
PID 1552 wrote to memory of 2680	1552	yxugwjud8224.exe	37
PID 1552 wrote to memory of 2680	1552	yxugwjud8224.exe	37
PID 1552 wrote to memory of 2680	1552	yxugwjud8224.exe	37
PID 1552 wrote to memory of 2924	1552	yxugwjud8224.exe	38
PID 1552 wrote to memory of 2924	1552	yxugwjud8224.exe	38
PID 1552 wrote to memory of 2924	1552	yxugwjud8224.exe	38
PID 1552 wrote to memory of 2924	1552	yxugwjud8224.exe	38
PID 1552 wrote to memory of 2648	1552	yxugwjud8224.exe	39
PID 1552 wrote to memory of 2648	1552	yxugwjud8224.exe	39
PID 1552 wrote to memory of 2648	1552	yxugwjud8224.exe	39
PID 1552 wrote to memory of 2648	1552	yxugwjud8224.exe	39
PID 1552 wrote to memory of 2560	1552	yxugwjud8224.exe	40
PID 1552 wrote to memory of 2560	1552	yxugwjud8224.exe	40
PID 1552 wrote to memory of 2560	1552	yxugwjud8224.exe	40
PID 1552 wrote to memory of 2560	1552	yxugwjud8224.exe	40
PID 1552 wrote to memory of 528	1552	yxugwjud8224.exe	42
PID 1552 wrote to memory of 528	1552	yxugwjud8224.exe	42
PID 1552 wrote to memory of 528	1552	yxugwjud8224.exe	42
PID 1552 wrote to memory of 528	1552	yxugwjud8224.exe	42
PID 1552 wrote to memory of 2848	1552	yxugwjud8224.exe	43
PID 1552 wrote to memory of 2848	1552	yxugwjud8224.exe	43
PID 1552 wrote to memory of 2848	1552	yxugwjud8224.exe	43
PID 1552 wrote to memory of 2848	1552	yxugwjud8224.exe	43
PID 1552 wrote to memory of 760	1552	yxugwjud8224.exe	45
PID 1552 wrote to memory of 760	1552	yxugwjud8224.exe	45
PID 1552 wrote to memory of 760	1552	yxugwjud8224.exe	45
PID 1552 wrote to memory of 760	1552	yxugwjud8224.exe	45
PID 1552 wrote to memory of 952	1552	yxugwjud8224.exe	46
PID 1552 wrote to memory of 952	1552	yxugwjud8224.exe	46
PID 1552 wrote to memory of 952	1552	yxugwjud8224.exe	46
PID 1552 wrote to memory of 952	1552	yxugwjud8224.exe	46

C:\Users\Admin\AppData\Local\Temp\230108-mnsp1add24.exe
"C:\Users\Admin\AppData\Local\Temp\230108-mnsp1add24.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1444
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c move /y C:\Users\Admin\AppData\Local\Temp\230108-mnsp1add24.exe C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
  2⤵
  - Suspicious behavior: RenamesItself
  PID:2900
- C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
  C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -m
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1552
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2544
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    - Drops file in Program Files directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2592
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2600
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2652
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2656
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    - Drops file in Program Files directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2672
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    - Drops file in Program Files directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2680
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2924
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    - Drops file in Program Files directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2648
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2560
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    - Drops file in Program Files directory
    - Suspicious use of AdjustPrivilegeToken
    PID:528
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    - Drops file in Program Files directory
    PID:2848
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    - Drops file in Program Files directory
    PID:760
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    - Drops file in Program Files directory
    PID:952
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    - Drops file in Program Files directory
    PID:2704
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    - Drops file in Program Files directory
    PID:1188
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    - Drops file in Program Files directory
    PID:836
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    - Drops file in Program Files directory
    PID:2132
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    - Drops file in Program Files directory
    PID:1148
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    - Drops file in Program Files directory
    PID:1052
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1548
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    - Drops file in Program Files directory
    PID:1836
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    - Drops file in Program Files directory
    PID:1332
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    - Drops file in Program Files directory
    PID:1072
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    - Drops file in Program Files directory
    PID:2324
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    - Drops file in Program Files directory
    PID:700
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    - Drops file in Program Files directory
    PID:1704
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    - Drops file in Program Files directory
    PID:1648
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    - Drops file in Program Files directory
    PID:2864
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    - Drops file in Program Files directory
    PID:2448
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    - Drops file in Program Files directory
    PID:2624
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    - Drops file in Program Files directory
    PID:1908
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    - Drops file in Program Files directory
    PID:1904
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    - Drops file in Program Files directory
    PID:2804
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    - Drops file in Program Files directory
    PID:1912
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    - Drops file in Program Files directory
    PID:2696
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    - Drops file in Program Files directory
    PID:1684
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    - Drops file in Program Files directory
    PID:1640
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    - Drops file in Program Files directory
    PID:2340
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    - Drops file in Program Files directory
    PID:1316
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    - Drops file in Program Files directory
    PID:1712
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    - Drops file in Program Files directory
    PID:844
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    - Drops file in Program Files directory
    PID:1708
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1604
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    - Drops file in Program Files directory
    PID:372
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    - Drops file in Program Files directory
    PID:984
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    - Drops file in Program Files directory
    PID:1020
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2900
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    - Drops file in Program Files directory
    PID:1584
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2420
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:568
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2992
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1288
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:956
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2820
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2436
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1180
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2660
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1968
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1988
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1596
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:556
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1972
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2884
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:400
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1960
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1128
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1804
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2972
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2696
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2344
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3028
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2472
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2684
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1840
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2780
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:544
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3012
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2432
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3032
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1416
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2072
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1756
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2008
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2596
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2032
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2120
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2452
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1972
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2012
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2328
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2220
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2324
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1484
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:372
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1892
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2396
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1656
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1460
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:240
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2052
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2928
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1916
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1248
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1736
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2268
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:964
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:400
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2956
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1728
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2132
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2528
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1848
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2996
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3044
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1064
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1840
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2316
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2176
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1120
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2032
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2924
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3016
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2576
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2672
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2584
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2936
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2904
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2604
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1660
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2372
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2292
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2808
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2640
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2348
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2512
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2128
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2828
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2700
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:948
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1100
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:572
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1068
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2772
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1212
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2544
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1696
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2500
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3044
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3040
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1664
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2044
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1464
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2960
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2452
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2568
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1184
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2652
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1116
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2724
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:944
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2472
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:784
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1548
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1444
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1792
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1072
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2808
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2392
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2716
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1968
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1068
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3060
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2796
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2924
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2880
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1892
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2040
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2108
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2432
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2604
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1740
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1088
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1128
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2660
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3020
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1052
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:372
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2272
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2388
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2900
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1288
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1208
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1604
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1736
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1204
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2884
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2244
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2692
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2132
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2736
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1768
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1640
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:488
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2564
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2380
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1944
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1560
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2432
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1580
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2108
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2492
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1128
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2984
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1752
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2596
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2912
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1848
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2676
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1492
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1700
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2004
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1764
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1748
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2992
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2504
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1940
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1616
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2976
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1404
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1320
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2124
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3032
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2088
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:676
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1768
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2024
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1904
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:556
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:488
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2556
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:3060
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:2288
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:460
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:572
- - C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe
    C:\Users\Admin\AppData\Local\Temp\yxugwjud8224.exe -i Global\SM-yxugwjud -s
    3⤵
    PID:1180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Public\Desktop\README_LOCKED.txt

Filesize
1KB

MD5
bf41f65f8a5b7c27752368238ea18595

SHA1
4bbe26657dbfc8d5e57d2dbcf3d7f987094a8dbb

SHA256
544779e2ee93f79d33708e37f1b07817d5427f70895ce9c440125f2631acdf53

SHA512
3864ff7d0cd5e9f3c8425da83970d0e27b9e97c6d32b6159b6330367f1fa0daca2d1b2d169f417563827440020c99e983d6166b3aec845720140fc4ac3674335

Download Submit