ce0696e54c1b59a2ef8880591d19b25196830bb4e834a390d70dc8e409d7b859

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
01/10/2023, 11:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

15420815029c72b6298dec40fb126ab4_JC.exe
Size

341KB
MD5

15420815029c72b6298dec40fb126ab4
SHA1

1305fe6482cc1f1b644d1f76614a64cb3de474f3
SHA256

ce0696e54c1b59a2ef8880591d19b25196830bb4e834a390d70dc8e409d7b859
SHA512

8b338c4f520152010da4ce9947a3e9529cc66808113c188d0c7f84fe3f38f46cea187460166e63c9e3e3d6d53037526a7463fd3ffbe8bd18d8cd7b4b0b8ad3c1
SSDEEP

6144:tY7thKSZI4zLVSVp6q1RGHxM8ggq5h7J51OGTPc:OjKSZhnVepH18HxMeq5RJ51OGT0

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 64 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wpgtno.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wxeghcf.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wvvx.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wvvk.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wgvsjds.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wxhtyayum.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wrgjsl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wdnbhb.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wlflx.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wpidui.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wwswxm.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wipif.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wtqep.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wwim.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	woejvgg.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	waerttx.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wlqxxm.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wbrjlrpbu.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wytoh.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wsrkl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wasdpc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wlwnaq.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wjmh.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	whm.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wiakwcou.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	whcdevt.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wgfulo.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wlrbycq.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wkukfdf.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	winbcyg.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wrndm.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wucgvfv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wxoysg.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wodnfywh.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wsixjnkg.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wkstqb.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wksvk.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wypyuwj.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wpyhayo.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wgsjbty.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wuxtplxyf.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wqajyxl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	15420815029c72b6298dec40fb126ab4_JC.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	woqdu.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wrxgtyr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wxgstt.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wldeeu.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wdbgonec.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wohmkn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wruonenx.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wftex.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	whcrrc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wacbhyq.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wnmelqn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	whkxjref.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wism.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wdfdxau.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wuahvvwq.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wtkxmy.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wbwje.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	weuqhq.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wevdibxne.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	waiyqr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation	wewsok.exe

Executes dropped EXE 64 IoCs

pid	Process
2036	wqouj.exe
2724	wlwnaq.exe
1548	wpyhayo.exe
4372	wodnfywh.exe
3804	wldeeu.exe
2236	wtkxmy.exe
4416	wseh.exe
464	wbwje.exe
1384	wdbgonec.exe
4420	wjmh.exe
3508	wuuxu.exe
1864	wgfulo.exe
4460	waerttx.exe
2120	whm.exe
1852	wwswxm.exe
2200	wodenx.exe
3596	wnmelqn.exe
4716	wlqxxm.exe
4532	wuapfp.exe
4456	wxeghcf.exe
3784	wohmkn.exe
4144	wmuscls.exe
4736	wcxafx.exe
644	wbrjlrpbu.exe
4616	wruonenx.exe
2460	whrrdu.exe
4140	wajmxct.exe
1588	weuqhq.exe
1312	wftex.exe
3384	wevdibxne.exe
1592	wipif.exe
4480	wknwucewh.exe
2072	wdnrodh.exe
2904	wvvx.exe
4304	wvvk.exe
1056	woqdu.exe
3996	wwfyfsbw.exe
4556	wsixjnkg.exe
4984	wgvsjds.exe
3616	wcoghx.exe
2684	wiakwcou.exe
2200	wkyvylyp.exe
2928	wewsok.exe
1316	wytoh.exe
2512	wkstqb.exe
3716	wgsjbty.exe
1988	wrtlknt.exe
4072	wksvk.exe
3140	wigc.exe
3216	whkxjref.exe
3508	wypyuwj.exe
3580	wrxgtyr.exe
848	wtqep.exe
1104	wocraf.exe
432	wism.exe
3224	wbkeik.exe
488	wtox.exe
2712	wwim.exe
4924	wqbgucxrq.exe
3580	wnkuu.exe
1448	wlrbycq.exe
1444	wrgjsl.exe
1876	wwj.exe
2432	wdnbhb.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\weuqhq.exe	wajmxct.exe
File created	C:\Windows\SysWOW64\wevdibxne.exe	wftex.exe
File opened for modification	C:\Windows\SysWOW64\wevdibxne.exe	wftex.exe
File opened for modification	C:\Windows\SysWOW64\wcoghx.exe	wgvsjds.exe
File opened for modification	C:\Windows\SysWOW64\wiakwcou.exe	wcoghx.exe
File opened for modification	C:\Windows\SysWOW64\wqbgucxrq.exe	wwim.exe
File created	C:\Windows\SysWOW64\wbrjlrpbu.exe	wcxafx.exe
File created	C:\Windows\SysWOW64\wruonenx.exe	wbrjlrpbu.exe
File created	C:\Windows\SysWOW64\wqajyxl.exe	wgrtu.exe
File opened for modification	C:\Windows\SysWOW64\wlflx.exe	wucgvfv.exe
File created	C:\Windows\SysWOW64\wlrbycq.exe	wnkuu.exe
File created	C:\Windows\SysWOW64\waiyqr.exe	wkukfdf.exe
File opened for modification	C:\Windows\SysWOW64\wsrkl.exe	whcrrc.exe
File created	C:\Windows\SysWOW64\wucgvfv.exe	wasdpc.exe
File created	C:\Windows\SysWOW64\wodnfywh.exe	wpyhayo.exe
File opened for modification	C:\Windows\SysWOW64\wmuscls.exe	wohmkn.exe
File created	C:\Windows\SysWOW64\wewsok.exe	wkyvylyp.exe
File created	C:\Windows\SysWOW64\wrgjsl.exe	wlrbycq.exe
File created	C:\Windows\SysWOW64\wuxtplxyf.exe	wdnbhb.exe
File created	C:\Windows\SysWOW64\wtgnfige.exe	wltnf.exe
File opened for modification	C:\Windows\SysWOW64\wwswxm.exe	whm.exe
File opened for modification	C:\Windows\SysWOW64\wuapfp.exe	wlqxxm.exe
File opened for modification	C:\Windows\SysWOW64\wigc.exe	wksvk.exe
File created	C:\Windows\SysWOW64\wpgtno.exe	wxoysg.exe
File created	C:\Windows\SysWOW64\wwim.exe	wtox.exe
File created	C:\Windows\SysWOW64\wgrtu.exe	wxgstt.exe
File created	C:\Windows\SysWOW64\wmuscls.exe	wohmkn.exe
File created	C:\Windows\SysWOW64\whkxjref.exe	wigc.exe
File created	C:\Windows\SysWOW64\woqdu.exe	wvvk.exe
File opened for modification	C:\Windows\SysWOW64\wdfdxau.exe	whcdevt.exe
File opened for modification	C:\Windows\SysWOW64\wohmkn.exe	wxeghcf.exe
File opened for modification	C:\Windows\SysWOW64\wcxafx.exe	wmuscls.exe
File opened for modification	C:\Windows\SysWOW64\wxeghcf.exe	wuapfp.exe
File created	C:\Windows\SysWOW64\wcxafx.exe	wmuscls.exe
File created	C:\Windows\SysWOW64\wksvk.exe	wrtlknt.exe
File created	C:\Windows\SysWOW64\wrxgtyr.exe	wypyuwj.exe
File created	C:\Windows\SysWOW64\wnkuu.exe	wqbgucxrq.exe
File created	C:\Windows\SysWOW64\wxhtyayum.exe	wdfdxau.exe
File opened for modification	C:\Windows\SysWOW64\wuuxu.exe	wjmh.exe
File created	C:\Windows\SysWOW64\wxeghcf.exe	wuapfp.exe
File created	C:\Windows\SysWOW64\wipif.exe	wevdibxne.exe
File created	C:\Windows\SysWOW64\wtox.exe	wbkeik.exe
File opened for modification	C:\Windows\SysWOW64\wwim.exe	wtox.exe
File opened for modification	C:\Windows\SysWOW64\wnkuu.exe	wqbgucxrq.exe
File opened for modification	C:\Windows\SysWOW64\wrndm.exe	wxhtyayum.exe
File created	C:\Windows\SysWOW64\wltnf.exe	wsrkl.exe
File opened for modification	C:\Windows\SysWOW64\wseh.exe	wtkxmy.exe
File opened for modification	C:\Windows\SysWOW64\weuqhq.exe	wajmxct.exe
File created	C:\Windows\SysWOW64\wdnbhb.exe	wwj.exe
File opened for modification	C:\Windows\SysWOW64\wqajyxl.exe	wgrtu.exe
File created	C:\Windows\SysWOW64\whcdevt.exe	waiyqr.exe
File created	C:\Windows\SysWOW64\wsrkl.exe	whcrrc.exe
File opened for modification	C:\Windows\SysWOW64\wbwje.exe	wseh.exe
File opened for modification	C:\Windows\SysWOW64\wrxgtyr.exe	wypyuwj.exe
File opened for modification	C:\Windows\SysWOW64\wbrjlrpbu.exe	wcxafx.exe
File created	C:\Windows\SysWOW64\wqbgucxrq.exe	wwim.exe
File opened for modification	C:\Windows\SysWOW64\waiyqr.exe	wkukfdf.exe
File opened for modification	C:\Windows\SysWOW64\weoqrw.exe	wpidui.exe
File created	C:\Windows\SysWOW64\wfmitqqgd.exe	wwtghmkc.exe
File created	C:\Windows\SysWOW64\wtkxmy.exe	wldeeu.exe
File created	C:\Windows\SysWOW64\wgfulo.exe	wuuxu.exe
File created	C:\Windows\SysWOW64\wkukfdf.exe	wqajyxl.exe
File opened for modification	C:\Windows\SysWOW64\wtox.exe	wbkeik.exe
File created	C:\Windows\SysWOW64\woejvgg.exe	winbcyg.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 11 IoCs

pid	pid_target	Process	procid_target
680	2036	WerFault.exe	86
4228	644	WerFault.exe	169
4224	644	WerFault.exe	169
4060	4072	WerFault.exe	247
1108	1104	WerFault.exe	267
2264	1104	WerFault.exe	267
4460	2712	WerFault.exe	285
3324	2432	WerFault.exe	310
3288	3864	WerFault.exe	363
4496	3864	WerFault.exe	363
4916	1856	WerFault.exe	376

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1620 wrote to memory of 2036	1620	15420815029c72b6298dec40fb126ab4_JC.exe	86
PID 1620 wrote to memory of 2036	1620	15420815029c72b6298dec40fb126ab4_JC.exe	86
PID 1620 wrote to memory of 2036	1620	15420815029c72b6298dec40fb126ab4_JC.exe	86
PID 1620 wrote to memory of 4112	1620	15420815029c72b6298dec40fb126ab4_JC.exe	88
PID 1620 wrote to memory of 4112	1620	15420815029c72b6298dec40fb126ab4_JC.exe	88
PID 1620 wrote to memory of 4112	1620	15420815029c72b6298dec40fb126ab4_JC.exe	88
PID 2036 wrote to memory of 2724	2036	wqouj.exe	94
PID 2036 wrote to memory of 2724	2036	wqouj.exe	94
PID 2036 wrote to memory of 2724	2036	wqouj.exe	94
PID 2036 wrote to memory of 3324	2036	wqouj.exe	95
PID 2036 wrote to memory of 3324	2036	wqouj.exe	95
PID 2036 wrote to memory of 3324	2036	wqouj.exe	95
PID 2724 wrote to memory of 1548	2724	wlwnaq.exe	102
PID 2724 wrote to memory of 1548	2724	wlwnaq.exe	102
PID 2724 wrote to memory of 1548	2724	wlwnaq.exe	102
PID 2724 wrote to memory of 4032	2724	wlwnaq.exe	103
PID 2724 wrote to memory of 4032	2724	wlwnaq.exe	103
PID 2724 wrote to memory of 4032	2724	wlwnaq.exe	103
PID 1548 wrote to memory of 4372	1548	wpyhayo.exe	105
PID 1548 wrote to memory of 4372	1548	wpyhayo.exe	105
PID 1548 wrote to memory of 4372	1548	wpyhayo.exe	105
PID 1548 wrote to memory of 3812	1548	wpyhayo.exe	106
PID 1548 wrote to memory of 3812	1548	wpyhayo.exe	106
PID 1548 wrote to memory of 3812	1548	wpyhayo.exe	106
PID 4372 wrote to memory of 3804	4372	wodnfywh.exe	108
PID 4372 wrote to memory of 3804	4372	wodnfywh.exe	108
PID 4372 wrote to memory of 3804	4372	wodnfywh.exe	108
PID 4372 wrote to memory of 2804	4372	wodnfywh.exe	109
PID 4372 wrote to memory of 2804	4372	wodnfywh.exe	109
PID 4372 wrote to memory of 2804	4372	wodnfywh.exe	109
PID 3804 wrote to memory of 2236	3804	wldeeu.exe	112
PID 3804 wrote to memory of 2236	3804	wldeeu.exe	112
PID 3804 wrote to memory of 2236	3804	wldeeu.exe	112
PID 3804 wrote to memory of 4732	3804	wldeeu.exe	113
PID 3804 wrote to memory of 4732	3804	wldeeu.exe	113
PID 3804 wrote to memory of 4732	3804	wldeeu.exe	113
PID 2236 wrote to memory of 4416	2236	wtkxmy.exe	115
PID 2236 wrote to memory of 4416	2236	wtkxmy.exe	115
PID 2236 wrote to memory of 4416	2236	wtkxmy.exe	115
PID 2236 wrote to memory of 3892	2236	wtkxmy.exe	117
PID 2236 wrote to memory of 3892	2236	wtkxmy.exe	117
PID 2236 wrote to memory of 3892	2236	wtkxmy.exe	117
PID 4416 wrote to memory of 464	4416	wseh.exe	120
PID 4416 wrote to memory of 464	4416	wseh.exe	120
PID 4416 wrote to memory of 464	4416	wseh.exe	120
PID 4416 wrote to memory of 5060	4416	wseh.exe	122
PID 4416 wrote to memory of 5060	4416	wseh.exe	122
PID 4416 wrote to memory of 5060	4416	wseh.exe	122
PID 464 wrote to memory of 1384	464	wbwje.exe	123
PID 464 wrote to memory of 1384	464	wbwje.exe	123
PID 464 wrote to memory of 1384	464	wbwje.exe	123
PID 464 wrote to memory of 680	464	wbwje.exe	124
PID 464 wrote to memory of 680	464	wbwje.exe	124
PID 464 wrote to memory of 680	464	wbwje.exe	124
PID 1384 wrote to memory of 4420	1384	wdbgonec.exe	126
PID 1384 wrote to memory of 4420	1384	wdbgonec.exe	126
PID 1384 wrote to memory of 4420	1384	wdbgonec.exe	126
PID 1384 wrote to memory of 1492	1384	wdbgonec.exe	127
PID 1384 wrote to memory of 1492	1384	wdbgonec.exe	127
PID 1384 wrote to memory of 1492	1384	wdbgonec.exe	127
PID 4420 wrote to memory of 3508	4420	wjmh.exe	129
PID 4420 wrote to memory of 3508	4420	wjmh.exe	129
PID 4420 wrote to memory of 3508	4420	wjmh.exe	129
PID 4420 wrote to memory of 3612	4420	wjmh.exe	130

C:\Users\Admin\AppData\Local\Temp\15420815029c72b6298dec40fb126ab4_JC.exe
"C:\Users\Admin\AppData\Local\Temp\15420815029c72b6298dec40fb126ab4_JC.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:1620
- C:\Windows\SysWOW64\wqouj.exe
  "C:\Windows\system32\wqouj.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:2036
- - C:\Windows\SysWOW64\wlwnaq.exe
    "C:\Windows\system32\wlwnaq.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2724
  - - C:\Windows\SysWOW64\wpyhayo.exe
      "C:\Windows\system32\wpyhayo.exe"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:1548
    - - C:\Windows\SysWOW64\wodnfywh.exe
        
        "C:\Windows\system32\wodnfywh.exe"
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4372
      - C:\Windows\SysWOW64\wldeeu.exe
        
        "C:\Windows\system32\wldeeu.exe"
        6⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:3804
        
        C:\Windows\SysWOW64\wtkxmy.exe
        
        "C:\Windows\system32\wtkxmy.exe"
        7⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2236
        
        C:\Windows\SysWOW64\wseh.exe
        
        "C:\Windows\system32\wseh.exe"
        8⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:4416
        
        C:\Windows\SysWOW64\wbwje.exe
        
        "C:\Windows\system32\wbwje.exe"
        9⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:464
        
        C:\Windows\SysWOW64\wdbgonec.exe
        
        "C:\Windows\system32\wdbgonec.exe"
        10⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1384
        
        C:\Windows\SysWOW64\wjmh.exe
        
        "C:\Windows\system32\wjmh.exe"
        11⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:4420
        
        C:\Windows\SysWOW64\wuuxu.exe
        
        "C:\Windows\system32\wuuxu.exe"
        12⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3508
        
        C:\Windows\SysWOW64\wgfulo.exe
        
        "C:\Windows\system32\wgfulo.exe"
        13⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:1864
        
        C:\Windows\SysWOW64\waerttx.exe
        
        "C:\Windows\system32\waerttx.exe"
        14⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:4460
        
        C:\Windows\SysWOW64\whm.exe
        
        "C:\Windows\system32\whm.exe"
        15⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2120
        
        C:\Windows\SysWOW64\wwswxm.exe
        
        "C:\Windows\system32\wwswxm.exe"
        16⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:1852
        
        C:\Windows\SysWOW64\wodenx.exe
        
        "C:\Windows\system32\wodenx.exe"
        17⤵
        Executes dropped EXE
        
        PID:2200
        
        C:\Windows\SysWOW64\wnmelqn.exe
        
        "C:\Windows\system32\wnmelqn.exe"
        18⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:3596
        
        C:\Windows\SysWOW64\wlqxxm.exe
        
        "C:\Windows\system32\wlqxxm.exe"
        19⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4716
        
        C:\Windows\SysWOW64\wuapfp.exe
        
        "C:\Windows\system32\wuapfp.exe"
        20⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4532
        
        C:\Windows\SysWOW64\wxeghcf.exe
        
        "C:\Windows\system32\wxeghcf.exe"
        21⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4456
        
        C:\Windows\SysWOW64\wohmkn.exe
        
        "C:\Windows\system32\wohmkn.exe"
        22⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3784
        
        C:\Windows\SysWOW64\wmuscls.exe
        
        "C:\Windows\system32\wmuscls.exe"
        23⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4144
        
        C:\Windows\SysWOW64\wcxafx.exe
        
        "C:\Windows\system32\wcxafx.exe"
        24⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4736
        
        C:\Windows\SysWOW64\wbrjlrpbu.exe
        
        "C:\Windows\system32\wbrjlrpbu.exe"
        25⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:644
        
        C:\Windows\SysWOW64\wruonenx.exe
        
        "C:\Windows\system32\wruonenx.exe"
        26⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:4616
        
        C:\Windows\SysWOW64\whrrdu.exe
        
        "C:\Windows\system32\whrrdu.exe"
        27⤵
        Executes dropped EXE
        
        PID:2460
        
        C:\Windows\SysWOW64\wajmxct.exe
        
        "C:\Windows\system32\wajmxct.exe"
        28⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4140
        
        C:\Windows\SysWOW64\weuqhq.exe
        
        "C:\Windows\system32\weuqhq.exe"
        29⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:1588
        
        C:\Windows\SysWOW64\wftex.exe
        
        "C:\Windows\system32\wftex.exe"
        30⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1312
        
        C:\Windows\SysWOW64\wevdibxne.exe
        
        "C:\Windows\system32\wevdibxne.exe"
        31⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3384
        
        C:\Windows\SysWOW64\wipif.exe
        
        "C:\Windows\system32\wipif.exe"
        32⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:1592
        
        C:\Windows\SysWOW64\wknwucewh.exe
        
        "C:\Windows\system32\wknwucewh.exe"
        33⤵
        Executes dropped EXE
        
        PID:4480
        
        C:\Windows\SysWOW64\wdnrodh.exe
        
        "C:\Windows\system32\wdnrodh.exe"
        34⤵
        Executes dropped EXE
        
        PID:2072
        
        C:\Windows\SysWOW64\wvvx.exe
        
        "C:\Windows\system32\wvvx.exe"
        35⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:2904
        
        C:\Windows\SysWOW64\wvvk.exe
        
        "C:\Windows\system32\wvvk.exe"
        36⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4304
        
        C:\Windows\SysWOW64\woqdu.exe
        
        "C:\Windows\system32\woqdu.exe"
        37⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:1056
        
        C:\Windows\SysWOW64\wwfyfsbw.exe
        
        "C:\Windows\system32\wwfyfsbw.exe"
        38⤵
        Executes dropped EXE
        
        PID:3996
        
        C:\Windows\SysWOW64\wsixjnkg.exe
        
        "C:\Windows\system32\wsixjnkg.exe"
        39⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:4556
        
        C:\Windows\SysWOW64\wgvsjds.exe
        
        "C:\Windows\system32\wgvsjds.exe"
        40⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4984
        
        C:\Windows\SysWOW64\wcoghx.exe
        
        "C:\Windows\system32\wcoghx.exe"
        41⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3616
        
        C:\Windows\SysWOW64\wiakwcou.exe
        
        "C:\Windows\system32\wiakwcou.exe"
        42⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:2684
        
        C:\Windows\SysWOW64\wkyvylyp.exe
        
        "C:\Windows\system32\wkyvylyp.exe"
        43⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2200
        
        C:\Windows\SysWOW64\wewsok.exe
        
        "C:\Windows\system32\wewsok.exe"
        44⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:2928
        
        C:\Windows\SysWOW64\wytoh.exe
        
        "C:\Windows\system32\wytoh.exe"
        45⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:1316
        
        C:\Windows\SysWOW64\wkstqb.exe
        
        "C:\Windows\system32\wkstqb.exe"
        46⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:2512
        
        C:\Windows\SysWOW64\wgsjbty.exe
        
        "C:\Windows\system32\wgsjbty.exe"
        47⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:3716
        
        C:\Windows\SysWOW64\wrtlknt.exe
        
        "C:\Windows\system32\wrtlknt.exe"
        48⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1988
        
        C:\Windows\SysWOW64\wksvk.exe
        
        "C:\Windows\system32\wksvk.exe"
        49⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4072
        
        C:\Windows\SysWOW64\wigc.exe
        
        "C:\Windows\system32\wigc.exe"
        50⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3140
        
        C:\Windows\SysWOW64\whkxjref.exe
        
        "C:\Windows\system32\whkxjref.exe"
        51⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:3216
        
        C:\Windows\SysWOW64\wypyuwj.exe
        
        "C:\Windows\system32\wypyuwj.exe"
        52⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3508
        
        C:\Windows\SysWOW64\wrxgtyr.exe
        
        "C:\Windows\system32\wrxgtyr.exe"
        53⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:3580
        
        C:\Windows\SysWOW64\wtqep.exe
        
        "C:\Windows\system32\wtqep.exe"
        54⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:848
        
        C:\Windows\SysWOW64\wocraf.exe
        
        "C:\Windows\system32\wocraf.exe"
        55⤵
        Executes dropped EXE
        
        PID:1104
        
        C:\Windows\SysWOW64\wism.exe
        
        "C:\Windows\system32\wism.exe"
        56⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:432
        
        C:\Windows\SysWOW64\wbkeik.exe
        
        "C:\Windows\system32\wbkeik.exe"
        57⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3224
        
        C:\Windows\SysWOW64\wtox.exe
        
        "C:\Windows\system32\wtox.exe"
        58⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:488
        
        C:\Windows\SysWOW64\wwim.exe
        
        "C:\Windows\system32\wwim.exe"
        59⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2712
        
        C:\Windows\SysWOW64\wqbgucxrq.exe
        
        "C:\Windows\system32\wqbgucxrq.exe"
        60⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4924
        
        C:\Windows\SysWOW64\wnkuu.exe
        
        "C:\Windows\system32\wnkuu.exe"
        61⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3580
        
        C:\Windows\SysWOW64\wlrbycq.exe
        
        "C:\Windows\system32\wlrbycq.exe"
        62⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1448
        
        C:\Windows\SysWOW64\wrgjsl.exe
        
        "C:\Windows\system32\wrgjsl.exe"
        63⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:1444
        
        C:\Windows\SysWOW64\wwj.exe
        
        "C:\Windows\system32\wwj.exe"
        64⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1876
        
        C:\Windows\SysWOW64\wdnbhb.exe
        
        "C:\Windows\system32\wdnbhb.exe"
        65⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2432
        
        C:\Windows\SysWOW64\wuxtplxyf.exe
        
        "C:\Windows\system32\wuxtplxyf.exe"
        66⤵
        Checks computer location settings
        
        PID:4852
        
        C:\Windows\SysWOW64\wlfglbxb.exe
        
        "C:\Windows\system32\wlfglbxb.exe"
        67⤵
        
        PID:3236
        
        C:\Windows\SysWOW64\wxgstt.exe
        
        "C:\Windows\system32\wxgstt.exe"
        68⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:2456
        
        C:\Windows\SysWOW64\wgrtu.exe
        
        "C:\Windows\system32\wgrtu.exe"
        69⤵
        Drops file in System32 directory
        
        PID:4716
        
        C:\Windows\SysWOW64\wqajyxl.exe
        
        "C:\Windows\system32\wqajyxl.exe"
        70⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:1656
        
        C:\Windows\SysWOW64\wkukfdf.exe
        
        "C:\Windows\system32\wkukfdf.exe"
        71⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:4808
        
        C:\Windows\SysWOW64\waiyqr.exe
        
        "C:\Windows\system32\waiyqr.exe"
        72⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:3472
        
        C:\Windows\SysWOW64\whcdevt.exe
        
        "C:\Windows\system32\whcdevt.exe"
        73⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:1196
        
        C:\Windows\SysWOW64\wdfdxau.exe
        
        "C:\Windows\system32\wdfdxau.exe"
        74⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:5068
        
        C:\Windows\SysWOW64\wxhtyayum.exe
        
        "C:\Windows\system32\wxhtyayum.exe"
        75⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:1412
        
        C:\Windows\SysWOW64\wrndm.exe
        
        "C:\Windows\system32\wrndm.exe"
        76⤵
        Checks computer location settings
        
        PID:5024
        
        C:\Windows\SysWOW64\wuahvvwq.exe
        
        "C:\Windows\system32\wuahvvwq.exe"
        77⤵
        Checks computer location settings
        
        PID:3900
        
        C:\Windows\SysWOW64\wcetqyoim.exe
        
        "C:\Windows\system32\wcetqyoim.exe"
        78⤵
        
        PID:4872
        
        C:\Windows\SysWOW64\wwowyb.exe
        
        "C:\Windows\system32\wwowyb.exe"
        79⤵
        
        PID:1740
        
        C:\Windows\SysWOW64\whcrrc.exe
        
        "C:\Windows\system32\whcrrc.exe"
        80⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:4488
        
        C:\Windows\SysWOW64\wsrkl.exe
        
        "C:\Windows\system32\wsrkl.exe"
        81⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:5048
        
        C:\Windows\SysWOW64\wltnf.exe
        
        "C:\Windows\system32\wltnf.exe"
        82⤵
        Drops file in System32 directory
        
        PID:3864
        
        C:\Windows\SysWOW64\wtgnfige.exe
        
        "C:\Windows\system32\wtgnfige.exe"
        83⤵
        
        PID:4980
        
        C:\Windows\SysWOW64\winbcyg.exe
        
        "C:\Windows\system32\winbcyg.exe"
        84⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:3252
        
        C:\Windows\SysWOW64\woejvgg.exe
        
        "C:\Windows\system32\woejvgg.exe"
        85⤵
        Checks computer location settings
        
        PID:1856
        
        C:\Windows\SysWOW64\wasdpc.exe
        
        "C:\Windows\system32\wasdpc.exe"
        86⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:1192
        
        C:\Windows\SysWOW64\wucgvfv.exe
        
        "C:\Windows\system32\wucgvfv.exe"
        87⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:684
        
        C:\Windows\SysWOW64\wlflx.exe
        
        "C:\Windows\system32\wlflx.exe"
        88⤵
        Checks computer location settings
        
        PID:4948
        
        C:\Windows\SysWOW64\wciqc.exe
        
        "C:\Windows\system32\wciqc.exe"
        89⤵
        
        PID:3820
        
        C:\Windows\SysWOW64\wacbhyq.exe
        
        "C:\Windows\system32\wacbhyq.exe"
        90⤵
        Checks computer location settings
        
        PID:2140
        
        C:\Windows\SysWOW64\wvb.exe
        
        "C:\Windows\system32\wvb.exe"
        91⤵
        
        PID:1844
        
        C:\Windows\SysWOW64\wpidui.exe
        
        "C:\Windows\system32\wpidui.exe"
        92⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:4360
        
        C:\Windows\SysWOW64\weoqrw.exe
        
        "C:\Windows\system32\weoqrw.exe"
        93⤵
        
        PID:3112
        
        C:\Windows\SysWOW64\wxoysg.exe
        
        "C:\Windows\system32\wxoysg.exe"
        94⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:2540
        
        C:\Windows\SysWOW64\wpgtno.exe
        
        "C:\Windows\system32\wpgtno.exe"
        95⤵
        Checks computer location settings
        
        PID:5024
        
        C:\Windows\SysWOW64\wcxsrjq.exe
        
        "C:\Windows\system32\wcxsrjq.exe"
        96⤵
        
        PID:1856
        
        C:\Windows\SysWOW64\wwtghmkc.exe
        
        "C:\Windows\system32\wwtghmkc.exe"
        97⤵
        Drops file in System32 directory
        
        PID:2164
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wcxsrjq.exe"
        97⤵
        
        PID:4272
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpgtno.exe"
        96⤵
        
        PID:4112
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxoysg.exe"
        95⤵
        
        PID:4828
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\weoqrw.exe"
        94⤵
        
        PID:2240
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpidui.exe"
        93⤵
        
        PID:220
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvb.exe"
        92⤵
        
        PID:3204
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wacbhyq.exe"
        91⤵
        
        PID:2512
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wciqc.exe"
        90⤵
        
        PID:4584
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlflx.exe"
        89⤵
        
        PID:4388
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wucgvfv.exe"
        88⤵
        
        PID:324
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wasdpc.exe"
        87⤵
        
        PID:4476
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\woejvgg.exe"
        86⤵
        
        PID:3848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 1076
        86⤵
        Program crash
        
        PID:4916
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\winbcyg.exe"
        85⤵
        
        PID:3792
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtgnfige.exe"
        84⤵
        
        PID:2820
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wltnf.exe"
        83⤵
        
        PID:2072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 1256
        83⤵
        Program crash
        
        PID:3288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 1656
        83⤵
        Program crash
        
        PID:4496
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wsrkl.exe"
        82⤵
        
        PID:3784
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whcrrc.exe"
        81⤵
        
        PID:1448
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwowyb.exe"
        80⤵
        
        PID:848
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wcetqyoim.exe"
        79⤵
        
        PID:4372
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wuahvvwq.exe"
        78⤵
        
        PID:1364
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrndm.exe"
        77⤵
        
        PID:3188
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxhtyayum.exe"
        76⤵
        
        PID:2200
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdfdxau.exe"
        75⤵
        
        PID:4912
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whcdevt.exe"
        74⤵
        
        PID:4532
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\waiyqr.exe"
        73⤵
        
        PID:4832
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkukfdf.exe"
        72⤵
        
        PID:5072
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqajyxl.exe"
        71⤵
        
        PID:4056
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgrtu.exe"
        70⤵
        
        PID:924
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxgstt.exe"
        69⤵
        
        PID:3484
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlfglbxb.exe"
        68⤵
        
        PID:856
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wuxtplxyf.exe"
        67⤵
        
        PID:3776
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdnbhb.exe"
        66⤵
        
        PID:1848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 1672
        66⤵
        Program crash
        
        PID:3324
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwj.exe"
        65⤵
        
        PID:1156
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrgjsl.exe"
        64⤵
        
        PID:3552
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlrbycq.exe"
        63⤵
        
        PID:3516
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnkuu.exe"
        62⤵
        
        PID:4356
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqbgucxrq.exe"
        61⤵
        
        PID:856
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwim.exe"
        60⤵
        
        PID:2828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 1424
        60⤵
        Program crash
        
        PID:4460
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtox.exe"
        59⤵
        
        PID:3140
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbkeik.exe"
        58⤵
        
        PID:4148
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wism.exe"
        57⤵
        
        PID:4560
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wocraf.exe"
        56⤵
        
        PID:3576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 116
        56⤵
        Program crash
        
        PID:1108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 1544
        56⤵
        Program crash
        
        PID:2264
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtqep.exe"
        55⤵
        
        PID:1056
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrxgtyr.exe"
        54⤵
        
        PID:2500
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wypyuwj.exe"
        53⤵
        
        PID:1152
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whkxjref.exe"
        52⤵
        
        PID:644
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wigc.exe"
        51⤵
        
        PID:368
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wksvk.exe"
        50⤵
        
        PID:1468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 1368
        50⤵
        Program crash
        
        PID:4060
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrtlknt.exe"
        49⤵
        
        PID:3552
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgsjbty.exe"
        48⤵
        
        PID:1404
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkstqb.exe"
        47⤵
        
        PID:4576
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wytoh.exe"
        46⤵
        
        PID:928
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wewsok.exe"
        45⤵
        
        PID:5100
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkyvylyp.exe"
        44⤵
        
        PID:4232
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wiakwcou.exe"
        43⤵
        
        PID:1644
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wcoghx.exe"
        42⤵
        
        PID:4832
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgvsjds.exe"
        41⤵
        
        PID:5088
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wsixjnkg.exe"
        40⤵
        
        PID:392
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwfyfsbw.exe"
        39⤵
        
        PID:3764
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\woqdu.exe"
        38⤵
        
        PID:1444
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvvk.exe"
        37⤵
        
        PID:4880
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvvx.exe"
        36⤵
        
        PID:1488
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdnrodh.exe"
        35⤵
        
        PID:4616
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wknwucewh.exe"
        34⤵
        
        PID:4372
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wipif.exe"
        33⤵
        
        PID:1924
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wevdibxne.exe"
        32⤵
        
        PID:3164
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wftex.exe"
        31⤵
        
        PID:2180
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\weuqhq.exe"
        30⤵
        
        PID:4472
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wajmxct.exe"
        29⤵
        
        PID:3676
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whrrdu.exe"
        28⤵
        
        PID:1152
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wruonenx.exe"
        27⤵
        
        PID:924
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbrjlrpbu.exe"
        26⤵
        
        PID:4420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 644 -s 116
        26⤵
        Program crash
        
        PID:4228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 644 -s 1536
        26⤵
        Program crash
        
        PID:4224
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wcxafx.exe"
        25⤵
        
        PID:2724
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmuscls.exe"
        24⤵
        
        PID:3928
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wohmkn.exe"
        23⤵
        
        PID:2556
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxeghcf.exe"
        22⤵
        
        PID:5048
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wuapfp.exe"
        21⤵
        
        PID:2864
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlqxxm.exe"
        20⤵
        
        PID:5024
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnmelqn.exe"
        19⤵
        
        PID:3604
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wodenx.exe"
        18⤵
        
        PID:2420
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwswxm.exe"
        17⤵
        
        PID:4476
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whm.exe"
        16⤵
        
        PID:3856
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\waerttx.exe"
        15⤵
        
        PID:1820
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgfulo.exe"
        14⤵
        
        PID:1220
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wuuxu.exe"
        13⤵
        
        PID:3672
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjmh.exe"
        12⤵
        
        PID:3612
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdbgonec.exe"
        11⤵
        
        PID:1492
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbwje.exe"
        10⤵
        
        PID:680
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wseh.exe"
        9⤵
        
        PID:5060
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtkxmy.exe"
        8⤵
        
        PID:3892
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wldeeu.exe"
        7⤵
        
        PID:4732
      - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wodnfywh.exe"
        6⤵
        
        PID:2804
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpyhayo.exe"
        5⤵
        
        PID:3812
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlwnaq.exe"
      4⤵
      PID:4032
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqouj.exe"
    3⤵
    PID:3324
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 1280
    3⤵
    - Program crash
    PID:680
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c del "C:\Users\Admin\AppData\Local\Temp\15420815029c72b6298dec40fb126ab4_JC.exe"
  2⤵
  PID:4112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2036 -ip 2036
1⤵
PID:1540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 644 -ip 644
1⤵
PID:3616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 644 -ip 644
1⤵
PID:4408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 4072 -ip 4072
1⤵
PID:4856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 1104 -ip 1104
1⤵
PID:4448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 1104 -ip 1104
1⤵
PID:4240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 2712 -ip 2712
1⤵
PID:1028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 2432 -ip 2432
1⤵
PID:4616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 3864 -ip 3864
1⤵
PID:488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 3864 -ip 3864
1⤵
PID:1692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 1856 -ip 1856
1⤵
PID:3188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\waerttx.exe

Filesize
341KB

MD5
38db02868e28555443d560eb13f88e6c

SHA1
293d44d23f591287b3dec6de0cd274db8de89bb2

SHA256
480ad25ea4304aee4b13faf16cc11140c36217c5752347034ce06bb1cc2b3212

SHA512
2696ce3ef871cf95b2f91e1afb3a29a4f6042c2f921918b07d40904de72e9a373733fb757d4f187aeca92890e598bf3a89518bae12832a96a88b1ed393dafd5a

Download Submit
C:\Windows\SysWOW64\waerttx.exe

Filesize
341KB

MD5
38db02868e28555443d560eb13f88e6c

SHA1
293d44d23f591287b3dec6de0cd274db8de89bb2

SHA256
480ad25ea4304aee4b13faf16cc11140c36217c5752347034ce06bb1cc2b3212

SHA512
2696ce3ef871cf95b2f91e1afb3a29a4f6042c2f921918b07d40904de72e9a373733fb757d4f187aeca92890e598bf3a89518bae12832a96a88b1ed393dafd5a

Download Submit
C:\Windows\SysWOW64\wajmxct.exe

Filesize
341KB

MD5
e71ecb8db664c409b93d9b7ea075fdee

SHA1
9057b690e6653c8032af2481011a8c9d0bd0ce5e

SHA256
e34d2ac52f5be856dc6f2c36b49ced528d2bca259ac64c6d51b2d8a2fd16d7ee

SHA512
7e93aaa29485f3df6141c7f4e8acbc7002f08cbaa3558898e82527015bb65e58089915bf1be1d8fccc71df4a77a6a0a50bd7d01d5def204f558a523c8caa2fd8

Download Submit
C:\Windows\SysWOW64\wajmxct.exe

Filesize
341KB

MD5
e71ecb8db664c409b93d9b7ea075fdee

SHA1
9057b690e6653c8032af2481011a8c9d0bd0ce5e

SHA256
e34d2ac52f5be856dc6f2c36b49ced528d2bca259ac64c6d51b2d8a2fd16d7ee

SHA512
7e93aaa29485f3df6141c7f4e8acbc7002f08cbaa3558898e82527015bb65e58089915bf1be1d8fccc71df4a77a6a0a50bd7d01d5def204f558a523c8caa2fd8

Download Submit
C:\Windows\SysWOW64\wbrjlrpbu.exe

Filesize
341KB

MD5
bc1828abd2508901018439b0d1534fc2

SHA1
0f0fb47d7b6a44c1211b11db8ff754b8183ea071

SHA256
0c696f5de70acfcbc280c2bf0e75ae0cc7989937148c9020223a91c6cea41af4

SHA512
0ed9ebcd31ad28b90c207e51814cf9e88c3b180ca185a6450b15543ee57fb1f51eece8e5cebc85b99a127d4307897dd23f920dfd1b488a08c161c38b51e52ad7

Download Submit
C:\Windows\SysWOW64\wbrjlrpbu.exe

Filesize
341KB

MD5
bc1828abd2508901018439b0d1534fc2

SHA1
0f0fb47d7b6a44c1211b11db8ff754b8183ea071

SHA256
0c696f5de70acfcbc280c2bf0e75ae0cc7989937148c9020223a91c6cea41af4

SHA512
0ed9ebcd31ad28b90c207e51814cf9e88c3b180ca185a6450b15543ee57fb1f51eece8e5cebc85b99a127d4307897dd23f920dfd1b488a08c161c38b51e52ad7

Download Submit
C:\Windows\SysWOW64\wbwje.exe

Filesize
341KB

MD5
7d1d24586db6127eab189df5923f5d88

SHA1
21cb32744f89cc4b2e46340d12ec24dda8b15bec

SHA256
2ba7543cda71cad82c74b08c12b22fda56877abee4c5a41d3f90fa5d18034870

SHA512
a2e91ca15486f1b8eb3bdafc3ec23b4f8a8f923a1292a5e96303c155ebc4ee0325d28366f1a7dcdaba0fd8b2bf0977647babc3b7d7a3ff30be9a3de0c9699e5c

Download Submit
C:\Windows\SysWOW64\wbwje.exe

Filesize
341KB

MD5
7d1d24586db6127eab189df5923f5d88

SHA1
21cb32744f89cc4b2e46340d12ec24dda8b15bec

SHA256
2ba7543cda71cad82c74b08c12b22fda56877abee4c5a41d3f90fa5d18034870

SHA512
a2e91ca15486f1b8eb3bdafc3ec23b4f8a8f923a1292a5e96303c155ebc4ee0325d28366f1a7dcdaba0fd8b2bf0977647babc3b7d7a3ff30be9a3de0c9699e5c

Download Submit
C:\Windows\SysWOW64\wcxafx.exe

Filesize
341KB

MD5
168fb0316ba2a79481786e5ed05f51f7

SHA1
9f2df7a40bf06026f8ff746a300a464c0be23145

SHA256
e7b4cecba5f99158737f4ff3f9867353b8fb2fbbeb040ee172d5d16cec93f5e4

SHA512
f1fb38c36de4b21c519834eeccb561e487f4499ced1b5f837dd101394987680336ef5ced1e3722d0004d43167d2bf234a07aee901441e994d4667037645dd490

Download Submit
C:\Windows\SysWOW64\wcxafx.exe

Filesize
341KB

MD5
168fb0316ba2a79481786e5ed05f51f7

SHA1
9f2df7a40bf06026f8ff746a300a464c0be23145

SHA256
e7b4cecba5f99158737f4ff3f9867353b8fb2fbbeb040ee172d5d16cec93f5e4

SHA512
f1fb38c36de4b21c519834eeccb561e487f4499ced1b5f837dd101394987680336ef5ced1e3722d0004d43167d2bf234a07aee901441e994d4667037645dd490

Download Submit
C:\Windows\SysWOW64\wdbgonec.exe

Filesize
341KB

MD5
fecda3fa4e0298fad9d413aa50ec99f4

SHA1
e801f01cf1516f709e9d4f4b01b5cfbd18d37847

SHA256
683dee8b99fce7b289cd19ab00f370e23bec0442cc8f6843753aaf32dc4823a9

SHA512
401595a91f37e209f3f19cd0c5adeace646f4680cd0f57ee2fcf8e0966e9e002f84062ee273c196d18f492844a1d64f05b7a3b18b97037389292e51c5424e581

Download Submit
C:\Windows\SysWOW64\wdbgonec.exe

Filesize
341KB

MD5
fecda3fa4e0298fad9d413aa50ec99f4

SHA1
e801f01cf1516f709e9d4f4b01b5cfbd18d37847

SHA256
683dee8b99fce7b289cd19ab00f370e23bec0442cc8f6843753aaf32dc4823a9

SHA512
401595a91f37e209f3f19cd0c5adeace646f4680cd0f57ee2fcf8e0966e9e002f84062ee273c196d18f492844a1d64f05b7a3b18b97037389292e51c5424e581

Download Submit
C:\Windows\SysWOW64\weuqhq.exe

Filesize
341KB

MD5
96e236c88a30ddd6a9272014f6d7c393

SHA1
6bef1ac8eb6a78bb650b785162614cf02d174c2b

SHA256
7a1dfb9ce9bbef17f2ecb7d8fe2c095ff5832f082cd21e8cd2e603131658cb3b

SHA512
648cc2ec196e8e1a4cdeacccc4929fa48f0959aa3b04a823e735aeff74f58ff135626c8e6751e8e56d00d84ecc862703245cd9499cbfbbf748197f5a1317fb75

Download Submit
C:\Windows\SysWOW64\weuqhq.exe

Filesize
341KB

MD5
96e236c88a30ddd6a9272014f6d7c393

SHA1
6bef1ac8eb6a78bb650b785162614cf02d174c2b

SHA256
7a1dfb9ce9bbef17f2ecb7d8fe2c095ff5832f082cd21e8cd2e603131658cb3b

SHA512
648cc2ec196e8e1a4cdeacccc4929fa48f0959aa3b04a823e735aeff74f58ff135626c8e6751e8e56d00d84ecc862703245cd9499cbfbbf748197f5a1317fb75

Download Submit
C:\Windows\SysWOW64\wevdibxne.exe

Filesize
342KB

MD5
cdade48cb1ec2a4dd23130bba69f1d3e

SHA1
99a6952018a4690eb9400be948c801dfd4920767

SHA256
9565b6ed5912cf1fec775eb1d45ce8c9e5e8ff6fac121353857df2358cb1b4e7

SHA512
f75e883cb2cafdd6148f2337359e3fdba69664d8e678109ffbdb8ad44df53d82acbe9f0bb4cb20b665f066ae466c5b818473c5625cc3cd775a3d9eb0e3d0d847

Download Submit
C:\Windows\SysWOW64\wevdibxne.exe

Filesize
342KB

MD5
cdade48cb1ec2a4dd23130bba69f1d3e

SHA1
99a6952018a4690eb9400be948c801dfd4920767

SHA256
9565b6ed5912cf1fec775eb1d45ce8c9e5e8ff6fac121353857df2358cb1b4e7

SHA512
f75e883cb2cafdd6148f2337359e3fdba69664d8e678109ffbdb8ad44df53d82acbe9f0bb4cb20b665f066ae466c5b818473c5625cc3cd775a3d9eb0e3d0d847

Download Submit
C:\Windows\SysWOW64\wftex.exe

Filesize
342KB

MD5
a48a140476a83f85d347c7fd6e80e1ce

SHA1
005aca18df7507e67fe41b5abaf23dc5d545859c

SHA256
6fc0f5395d7c77e1b367ccaa8245ba4b8757609bc3c25504a7837a326bbdb70f

SHA512
c9457fe8936444837d514ea6453a93bf0c140ca2aecdeabf8c14ab9c144842e34a6ffe8fabb98119e80ff873e69f9de17eafe73a3aa60d768bd35f1be16e8b31

Download Submit
C:\Windows\SysWOW64\wftex.exe

Filesize
342KB

MD5
a48a140476a83f85d347c7fd6e80e1ce

SHA1
005aca18df7507e67fe41b5abaf23dc5d545859c

SHA256
6fc0f5395d7c77e1b367ccaa8245ba4b8757609bc3c25504a7837a326bbdb70f

SHA512
c9457fe8936444837d514ea6453a93bf0c140ca2aecdeabf8c14ab9c144842e34a6ffe8fabb98119e80ff873e69f9de17eafe73a3aa60d768bd35f1be16e8b31

Download Submit
C:\Windows\SysWOW64\wgfulo.exe

Filesize
341KB

MD5
aecb08cc810d9f22706b7132c66d9d5f

SHA1
b39431b799ed321deae7508b5f61fb8565bcb4bb

SHA256
79ac133a17a277ef807b3bb8b304a1b302f0624ee3d9278039f15f63a5fa1c12

SHA512
114e611ab91fdc4474402074f43e11d767ed7086cdc097aee24226b81bc94714b0083f6b46df613c5d9c51b4267f7f475424e7ff9fe0e35c6f6ee28b0a9869e3

Download Submit
C:\Windows\SysWOW64\wgfulo.exe

Filesize
341KB

MD5
aecb08cc810d9f22706b7132c66d9d5f

SHA1
b39431b799ed321deae7508b5f61fb8565bcb4bb

SHA256
79ac133a17a277ef807b3bb8b304a1b302f0624ee3d9278039f15f63a5fa1c12

SHA512
114e611ab91fdc4474402074f43e11d767ed7086cdc097aee24226b81bc94714b0083f6b46df613c5d9c51b4267f7f475424e7ff9fe0e35c6f6ee28b0a9869e3

Download Submit
C:\Windows\SysWOW64\whm.exe

Filesize
341KB

MD5
ec6ea04e63aae12ee6cba48d1c5479df

SHA1
486b473e06bc90c2859091d9b3425e74fd0529e4

SHA256
57968059a4e7bf61f083c79eca7ca1601747508b89de2f624e559659a848b9ed

SHA512
1573f123c58112e7ff1ce2038b32d8ee60e763d432aac256abb0df3fadebcbe49a56a50e8307d39144a04224f88cc55ae9fa305d41329f5a9393b1abc5a86d74

Download Submit
C:\Windows\SysWOW64\whm.exe

Filesize
341KB

MD5
ec6ea04e63aae12ee6cba48d1c5479df

SHA1
486b473e06bc90c2859091d9b3425e74fd0529e4

SHA256
57968059a4e7bf61f083c79eca7ca1601747508b89de2f624e559659a848b9ed

SHA512
1573f123c58112e7ff1ce2038b32d8ee60e763d432aac256abb0df3fadebcbe49a56a50e8307d39144a04224f88cc55ae9fa305d41329f5a9393b1abc5a86d74

Download Submit
C:\Windows\SysWOW64\whrrdu.exe

Filesize
341KB

MD5
5feebb2e6b2d7bbb43879336a9d50de3

SHA1
1fd9373687d0ebf7a06d167ba92c6f8088158151

SHA256
d76f25c4783ab7d85f520032a93bff894a6e1252c1e62e243db380e790b7dce9

SHA512
a71544fb25c756919733bdc83d8db70817a465a82dd8b08a93e234bf2078939f0cb77e709913087f529a01d1a9846e1d4a6d1bd78d77f136ba42e5b31cb62756

Download Submit
C:\Windows\SysWOW64\whrrdu.exe

Filesize
341KB

MD5
5feebb2e6b2d7bbb43879336a9d50de3

SHA1
1fd9373687d0ebf7a06d167ba92c6f8088158151

SHA256
d76f25c4783ab7d85f520032a93bff894a6e1252c1e62e243db380e790b7dce9

SHA512
a71544fb25c756919733bdc83d8db70817a465a82dd8b08a93e234bf2078939f0cb77e709913087f529a01d1a9846e1d4a6d1bd78d77f136ba42e5b31cb62756

Download Submit
C:\Windows\SysWOW64\wipif.exe

Filesize
342KB

MD5
979a191bdc6b05826ae452a5f014be24

SHA1
19664381fe41f64081eb2f366674db4a3404e610

SHA256
69ba19b82ef2e9fe3425910199a1875d81949c82643f76ade3dc1bc1098f93ff

SHA512
4a27c44ebc98b0e1d4e37b0c67cdb68289c111d0c4b55609f7565b9fddd2c7d1e7b2a86d4b7e3127b26a485ad53f94ab8c72faac57083ed02639aab04b2d7436

Download Submit
C:\Windows\SysWOW64\wipif.exe

Filesize
342KB

MD5
979a191bdc6b05826ae452a5f014be24

SHA1
19664381fe41f64081eb2f366674db4a3404e610

SHA256
69ba19b82ef2e9fe3425910199a1875d81949c82643f76ade3dc1bc1098f93ff

SHA512
4a27c44ebc98b0e1d4e37b0c67cdb68289c111d0c4b55609f7565b9fddd2c7d1e7b2a86d4b7e3127b26a485ad53f94ab8c72faac57083ed02639aab04b2d7436

Download Submit
C:\Windows\SysWOW64\wjmh.exe

Filesize
341KB

MD5
e436ec805286c4d3617c94c99693c979

SHA1
24b02dbf1f9eb72928acd3f8ae2b8f63a905c71e

SHA256
82d9a55e830b13f415d9493846a9c43831c3d48f4b544f969af20cc8406e3804

SHA512
4b376805304a08013b25dd8b25a488c1c25bcfaf13d5136ead5c01ae52cad5c50ae5fba63c74414f718e9eb8fbede5a9b574384aa51fae814b5126e193eb2af1

Download Submit
C:\Windows\SysWOW64\wjmh.exe

Filesize
341KB

MD5
e436ec805286c4d3617c94c99693c979

SHA1
24b02dbf1f9eb72928acd3f8ae2b8f63a905c71e

SHA256
82d9a55e830b13f415d9493846a9c43831c3d48f4b544f969af20cc8406e3804

SHA512
4b376805304a08013b25dd8b25a488c1c25bcfaf13d5136ead5c01ae52cad5c50ae5fba63c74414f718e9eb8fbede5a9b574384aa51fae814b5126e193eb2af1

Download Submit
C:\Windows\SysWOW64\wknwucewh.exe

Filesize
342KB

MD5
b76deb6b7b0325e60f2b1aa8b10b7ec2

SHA1
8b6ad9f6cca30f02ab395a6c0c552e04675ea90d

SHA256
63be643744661d799b2cf7e8e4b4e148e3bb6ec0e34ad3bce132360e2a487cb1

SHA512
0ee25f61d2019b62609dbf2605a7cc0ff32fc8dca66632c8cbbc082086a06f5d7152db0706ddbaeb107ec65f276f616a12283a16d2f200a5008abe1a36761036

Download Submit
C:\Windows\SysWOW64\wknwucewh.exe

Filesize
342KB

MD5
b76deb6b7b0325e60f2b1aa8b10b7ec2

SHA1
8b6ad9f6cca30f02ab395a6c0c552e04675ea90d

SHA256
63be643744661d799b2cf7e8e4b4e148e3bb6ec0e34ad3bce132360e2a487cb1

SHA512
0ee25f61d2019b62609dbf2605a7cc0ff32fc8dca66632c8cbbc082086a06f5d7152db0706ddbaeb107ec65f276f616a12283a16d2f200a5008abe1a36761036

Download Submit
C:\Windows\SysWOW64\wldeeu.exe

Filesize
341KB

MD5
a395b1bae0bc6251da45c0494d98ce73

SHA1
716d8279fae7c5334eeb4ed21f988295e299b4de

SHA256
002d48779ab5d2764cb60a70d0ecc23345425bdb2dfdf58e12e3989204fc9091

SHA512
ac2e339cbb4180d6f8697d283ac9a2af272e6c66f505b9500bef15cc7feb5ebf17070c63fd57ff23e4ee287a963c55fc800cc28b6764784769a186371ff51c11

Download Submit
C:\Windows\SysWOW64\wldeeu.exe

Filesize
341KB

MD5
a395b1bae0bc6251da45c0494d98ce73

SHA1
716d8279fae7c5334eeb4ed21f988295e299b4de

SHA256
002d48779ab5d2764cb60a70d0ecc23345425bdb2dfdf58e12e3989204fc9091

SHA512
ac2e339cbb4180d6f8697d283ac9a2af272e6c66f505b9500bef15cc7feb5ebf17070c63fd57ff23e4ee287a963c55fc800cc28b6764784769a186371ff51c11

Download Submit
C:\Windows\SysWOW64\wlqxxm.exe

Filesize
341KB

MD5
918c81b984cdef9cef121dc2d0af85f8

SHA1
080e7b930e122d8e0847bdc80a71f6e632c37f02

SHA256
35ca83fe050b80613243d3a18793bbe6a94f0bd08dff334fa457abc148607d11

SHA512
ce32e083191047db16bde9bf616740162b85c55ed0a68803e49161f40ba7b8f4ba8676825fd6ca319553811412cd68fa5b39c13bed14a05bf8af3cd906b0e962

Download Submit
C:\Windows\SysWOW64\wlqxxm.exe

Filesize
341KB

MD5
918c81b984cdef9cef121dc2d0af85f8

SHA1
080e7b930e122d8e0847bdc80a71f6e632c37f02

SHA256
35ca83fe050b80613243d3a18793bbe6a94f0bd08dff334fa457abc148607d11

SHA512
ce32e083191047db16bde9bf616740162b85c55ed0a68803e49161f40ba7b8f4ba8676825fd6ca319553811412cd68fa5b39c13bed14a05bf8af3cd906b0e962

Download Submit
C:\Windows\SysWOW64\wlwnaq.exe

Filesize
341KB

MD5
5246052ce6da0a384698d075b1e52d3b

SHA1
5309185108a559f47b549438d42fb25998aecf3b

SHA256
ba9c9b7444fc8efbbe6eff6502a432da88160c21339a2548c9a2986ff298515b

SHA512
383a351b0213ae4a287083439a7da0d40cb0e09d293eb5710da1f81b71da0a62a52c294e256789750d1a2041eee41b650688cdd6bc8923ff2257b20799b0732d

Download Submit
C:\Windows\SysWOW64\wlwnaq.exe

Filesize
341KB

MD5
5246052ce6da0a384698d075b1e52d3b

SHA1
5309185108a559f47b549438d42fb25998aecf3b

SHA256
ba9c9b7444fc8efbbe6eff6502a432da88160c21339a2548c9a2986ff298515b

SHA512
383a351b0213ae4a287083439a7da0d40cb0e09d293eb5710da1f81b71da0a62a52c294e256789750d1a2041eee41b650688cdd6bc8923ff2257b20799b0732d

Download Submit
C:\Windows\SysWOW64\wmuscls.exe

Filesize
341KB

MD5
44d4d9226d3733a6fa41b77b0b9dc62a

SHA1
74a48ec53202598059b3cfe49a708e659951329a

SHA256
3dbb60b5a0897713a5380edd8744e5d65f3033d90dff5b2bdfb380d3ec2a8355

SHA512
6b9cd2e261e80b2a610661454cace63d59c2898c246965733560cafe34c5bb423794c0c754afd0b923fd7b7f2bc9cb19f99d3275d39f15dd92129ec47a59d705

Download Submit
C:\Windows\SysWOW64\wmuscls.exe

Filesize
341KB

MD5
44d4d9226d3733a6fa41b77b0b9dc62a

SHA1
74a48ec53202598059b3cfe49a708e659951329a

SHA256
3dbb60b5a0897713a5380edd8744e5d65f3033d90dff5b2bdfb380d3ec2a8355

SHA512
6b9cd2e261e80b2a610661454cace63d59c2898c246965733560cafe34c5bb423794c0c754afd0b923fd7b7f2bc9cb19f99d3275d39f15dd92129ec47a59d705

Download Submit
C:\Windows\SysWOW64\wnmelqn.exe

Filesize
341KB

MD5
dc5d9c758959731b124f33e91aec9053

SHA1
1e4a111c2e770e6f16ef0f342f2c1ba9e3aa621e

SHA256
67e0c97c0a57a124fc060b538984a2c386130545b9265354d34cf3b500462e53

SHA512
70d0f97d01f377cce4942b4eb3425d35c995c7fd66620eb48e1da91f887ba5ab4ea3980bb18435fde51b1bf90914feada3e2f583ee770a3718371951713a27de

Download Submit
C:\Windows\SysWOW64\wnmelqn.exe

Filesize
341KB

MD5
dc5d9c758959731b124f33e91aec9053

SHA1
1e4a111c2e770e6f16ef0f342f2c1ba9e3aa621e

SHA256
67e0c97c0a57a124fc060b538984a2c386130545b9265354d34cf3b500462e53

SHA512
70d0f97d01f377cce4942b4eb3425d35c995c7fd66620eb48e1da91f887ba5ab4ea3980bb18435fde51b1bf90914feada3e2f583ee770a3718371951713a27de

Download Submit
C:\Windows\SysWOW64\wodenx.exe

Filesize
341KB

MD5
cdfd0c9270b2ff25dbbef8a6dc0c3309

SHA1
d34eb8e89e63b554c51252c40c5ac82b9299251c

SHA256
e42f228396d6911ac8da48137bfeb16dbbfcb4f98bdaa272c3ea0ee471b7eef1

SHA512
89b8dd1d617d1b5e3027952f6d707b68c654c6624174c1c35100ac061c57aeb3522736c8f5efb667ab302556c38aba90dcbf8207b3f5e7aabffa147fb9672f13

Download Submit
C:\Windows\SysWOW64\wodenx.exe

Filesize
341KB

MD5
cdfd0c9270b2ff25dbbef8a6dc0c3309

SHA1
d34eb8e89e63b554c51252c40c5ac82b9299251c

SHA256
e42f228396d6911ac8da48137bfeb16dbbfcb4f98bdaa272c3ea0ee471b7eef1

SHA512
89b8dd1d617d1b5e3027952f6d707b68c654c6624174c1c35100ac061c57aeb3522736c8f5efb667ab302556c38aba90dcbf8207b3f5e7aabffa147fb9672f13

Download Submit
C:\Windows\SysWOW64\wodnfywh.exe

Filesize
341KB

MD5
2c29dc93f3f33f1de1640e5acfd09dc2

SHA1
d3efbc199c9ee372b98757906d38becbcf839749

SHA256
d4894b5a65156c1e9c9c44fb5df4297bbbf26c059731065ac832500001fe9f29

SHA512
56851cf6e27b472bf1397c4d77090d53b5f79a39a730050cae7b253f115fcf39348aaeea3cc80c51c02e4e6c40ce42dfc83294d970243d2c8795aee9f4c30246

Download Submit
C:\Windows\SysWOW64\wodnfywh.exe

Filesize
341KB

MD5
2c29dc93f3f33f1de1640e5acfd09dc2

SHA1
d3efbc199c9ee372b98757906d38becbcf839749

SHA256
d4894b5a65156c1e9c9c44fb5df4297bbbf26c059731065ac832500001fe9f29

SHA512
56851cf6e27b472bf1397c4d77090d53b5f79a39a730050cae7b253f115fcf39348aaeea3cc80c51c02e4e6c40ce42dfc83294d970243d2c8795aee9f4c30246

Download Submit
C:\Windows\SysWOW64\wohmkn.exe

Filesize
341KB

MD5
dc4b47c3b8fd5550cd2ea95561a60a04

SHA1
1af82603b1bd5e1cd80218394a6cb6bfc5960e57

SHA256
9e267edb1c6869fc254e61853bc82b044c33354acaab9590d1cdade3370b9b5c

SHA512
b2d295961b838649bb05139ad8aaa98051fe93aacaa39befeff3589f1c3cd8e96202f02548ab89734631cfde2cc5c851571d5f0c1b0498f5bb7c8703d22796d8

Download Submit
C:\Windows\SysWOW64\wohmkn.exe

Filesize
341KB

MD5
dc4b47c3b8fd5550cd2ea95561a60a04

SHA1
1af82603b1bd5e1cd80218394a6cb6bfc5960e57

SHA256
9e267edb1c6869fc254e61853bc82b044c33354acaab9590d1cdade3370b9b5c

SHA512
b2d295961b838649bb05139ad8aaa98051fe93aacaa39befeff3589f1c3cd8e96202f02548ab89734631cfde2cc5c851571d5f0c1b0498f5bb7c8703d22796d8

Download Submit
C:\Windows\SysWOW64\wpyhayo.exe

Filesize
341KB

MD5
8d164da6beb3564b43f91f6254f84774

SHA1
601718a8fd6a2762424dc5d35361aebad2e9dd0c

SHA256
e55c8ef3d3eaa794590091d0f67409544c1f6a20db71509e78fe5b62e1e588d0

SHA512
cb36444a480a543779ed83ca4fb0f3b28903a9988d73b3a4147d64187021111cfb4c532b6abc6cd93ffe7ac684ff1e1d153f53f3e9078f1e21242aa973cd64f1

Download Submit
C:\Windows\SysWOW64\wpyhayo.exe

Filesize
341KB

MD5
8d164da6beb3564b43f91f6254f84774

SHA1
601718a8fd6a2762424dc5d35361aebad2e9dd0c

SHA256
e55c8ef3d3eaa794590091d0f67409544c1f6a20db71509e78fe5b62e1e588d0

SHA512
cb36444a480a543779ed83ca4fb0f3b28903a9988d73b3a4147d64187021111cfb4c532b6abc6cd93ffe7ac684ff1e1d153f53f3e9078f1e21242aa973cd64f1

Download Submit
C:\Windows\SysWOW64\wqouj.exe

Filesize
341KB

MD5
01154b8aecb0e9dff286f9995bd92d03

SHA1
f66c3ee5ec925b78bfc7d23d6558e09b746d8e6a

SHA256
2e2f345a8155c8a252bad66a915dc0a41d0ab7e9298a7531787b5b62a69239d2

SHA512
27b4949586417d6e04e4e793d4f2b07b7daf79091b5afcdb52940c21b31dd1abceb9cb774590d3e7ad49a36ef9cd360a0c8b15d0486a640ceeeabeac38557361

Download Submit
C:\Windows\SysWOW64\wqouj.exe

Filesize
341KB

MD5
01154b8aecb0e9dff286f9995bd92d03

SHA1
f66c3ee5ec925b78bfc7d23d6558e09b746d8e6a

SHA256
2e2f345a8155c8a252bad66a915dc0a41d0ab7e9298a7531787b5b62a69239d2

SHA512
27b4949586417d6e04e4e793d4f2b07b7daf79091b5afcdb52940c21b31dd1abceb9cb774590d3e7ad49a36ef9cd360a0c8b15d0486a640ceeeabeac38557361

Download Submit
C:\Windows\SysWOW64\wqouj.exe

Filesize
341KB

MD5
01154b8aecb0e9dff286f9995bd92d03

SHA1
f66c3ee5ec925b78bfc7d23d6558e09b746d8e6a

SHA256
2e2f345a8155c8a252bad66a915dc0a41d0ab7e9298a7531787b5b62a69239d2

SHA512
27b4949586417d6e04e4e793d4f2b07b7daf79091b5afcdb52940c21b31dd1abceb9cb774590d3e7ad49a36ef9cd360a0c8b15d0486a640ceeeabeac38557361

Download Submit
C:\Windows\SysWOW64\wruonenx.exe

Filesize
341KB

MD5
567642d7cbe51130964ddd5564adc4a4

SHA1
16731da9aa8cd4aefd28a3048ddcff82daf9671e

SHA256
74ca895c4026218e52833e611bbbeef33d3972f272a4eb1941ff52fdf643961d

SHA512
c7490b80dd68789136adb596ebd598aa2ebb7ede4eb825f60895caee015f7a3b35d2f46e18ea8205bcf382cd91dca5fb6ac70040ca62c0f7d7beed9b7efc1c07

Download Submit
C:\Windows\SysWOW64\wruonenx.exe

Filesize
341KB

MD5
567642d7cbe51130964ddd5564adc4a4

SHA1
16731da9aa8cd4aefd28a3048ddcff82daf9671e

SHA256
74ca895c4026218e52833e611bbbeef33d3972f272a4eb1941ff52fdf643961d

SHA512
c7490b80dd68789136adb596ebd598aa2ebb7ede4eb825f60895caee015f7a3b35d2f46e18ea8205bcf382cd91dca5fb6ac70040ca62c0f7d7beed9b7efc1c07

Download Submit
C:\Windows\SysWOW64\wseh.exe

Filesize
341KB

MD5
b54e0d73b2679a44dfdcb231af4a3bd8

SHA1
f196cc3846cd091c7f94a062873c38f5050c304d

SHA256
d073bf01aaeebae3b2642cf3e3c1b986c84d3346287cc489ceae410efc998bac

SHA512
1037c95b79c4d8090b777d0fd63508b80ea103428c08dc39728cf95020bcdd02b30b1464c69127563a8c8591f507db595acbf8d17453f3d408e4140f417fb1e7

Download Submit
C:\Windows\SysWOW64\wseh.exe

Filesize
341KB

MD5
b54e0d73b2679a44dfdcb231af4a3bd8

SHA1
f196cc3846cd091c7f94a062873c38f5050c304d

SHA256
d073bf01aaeebae3b2642cf3e3c1b986c84d3346287cc489ceae410efc998bac

SHA512
1037c95b79c4d8090b777d0fd63508b80ea103428c08dc39728cf95020bcdd02b30b1464c69127563a8c8591f507db595acbf8d17453f3d408e4140f417fb1e7

Download Submit
C:\Windows\SysWOW64\wtkxmy.exe

Filesize
341KB

MD5
00a7ad2f2a6c3f6f4edf7e17c847aed3

SHA1
b796b14e689f7d66aa48889d206a8e1e08896638

SHA256
3784ca3628842c8d1d10df1945f6a9e45ad41ca4317a0e31b5c9b86b558003ed

SHA512
d5b38cf4e8bf42e5e993c2631d6998c58c3aac03cd49a6b9e43a5d84be9dc616e70548add42a0433f72d6402c322af508622ea1d0df1be2e646a12b8511e658d

Download Submit
C:\Windows\SysWOW64\wtkxmy.exe

Filesize
341KB

MD5
00a7ad2f2a6c3f6f4edf7e17c847aed3

SHA1
b796b14e689f7d66aa48889d206a8e1e08896638

SHA256
3784ca3628842c8d1d10df1945f6a9e45ad41ca4317a0e31b5c9b86b558003ed

SHA512
d5b38cf4e8bf42e5e993c2631d6998c58c3aac03cd49a6b9e43a5d84be9dc616e70548add42a0433f72d6402c322af508622ea1d0df1be2e646a12b8511e658d

Download Submit
C:\Windows\SysWOW64\wuapfp.exe

Filesize
341KB

MD5
9d99c5ccfb9cbf56796ba1b2e88e01fd

SHA1
7fa7d1c56f5096a64bc2d7c34df2768ae282ca39

SHA256
d176d767627eaff96b7e08be984b4b0a494182703ae90301c394da1395552e98

SHA512
99ce658e08807c5aa0e5d01cb792342d117e4aa28a136870b3a94a1749c33b3443d90d4e0be1045b00ab5fbd9d5023c1beded8f7f5abc7df5a0c131436b7965d

Download Submit
C:\Windows\SysWOW64\wuapfp.exe

Filesize
341KB

MD5
9d99c5ccfb9cbf56796ba1b2e88e01fd

SHA1
7fa7d1c56f5096a64bc2d7c34df2768ae282ca39

SHA256
d176d767627eaff96b7e08be984b4b0a494182703ae90301c394da1395552e98

SHA512
99ce658e08807c5aa0e5d01cb792342d117e4aa28a136870b3a94a1749c33b3443d90d4e0be1045b00ab5fbd9d5023c1beded8f7f5abc7df5a0c131436b7965d

Download Submit
C:\Windows\SysWOW64\wuuxu.exe

Filesize
341KB

MD5
2a0a58712bf8b6c3b1bab88efbccfd6b

SHA1
34fa7779374b28213417e4892c84c604a6a58157

SHA256
464ce829e2723fb26fc405864a38accf0b2ce90c4479c7050437c6376c5b9b6e

SHA512
c112c6703cb0d2f2bbd89b8a5bacc640ee57e9acf7aae38fddbc627adf5530bcbcc71c9fdfde5cae8bfeb311187db834f4f83a787cb70f881183ce2e8111ebf9

Download Submit
C:\Windows\SysWOW64\wuuxu.exe

Filesize
341KB

MD5
2a0a58712bf8b6c3b1bab88efbccfd6b

SHA1
34fa7779374b28213417e4892c84c604a6a58157

SHA256
464ce829e2723fb26fc405864a38accf0b2ce90c4479c7050437c6376c5b9b6e

SHA512
c112c6703cb0d2f2bbd89b8a5bacc640ee57e9acf7aae38fddbc627adf5530bcbcc71c9fdfde5cae8bfeb311187db834f4f83a787cb70f881183ce2e8111ebf9

Download Submit
C:\Windows\SysWOW64\wwswxm.exe

Filesize
341KB

MD5
7710a8560f894d1812ff68f666c3e190

SHA1
48c2813e04e972d04c7e099435cf84b7bada845b

SHA256
76eb1e3d10f78075e4ceae40ee0656b5a2f4f661e061192de1aa488c61bad0b5

SHA512
dc3b2e3056d46ce6542bcfd2fd12b59ee5f8b6b88c071399bf2c4a872af0fcf74e1525e9a737e3ff41583c0a2605b8f2b7d80a67370701dd671e7b38591faea4

Download Submit
C:\Windows\SysWOW64\wwswxm.exe

Filesize
341KB

MD5
7710a8560f894d1812ff68f666c3e190

SHA1
48c2813e04e972d04c7e099435cf84b7bada845b

SHA256
76eb1e3d10f78075e4ceae40ee0656b5a2f4f661e061192de1aa488c61bad0b5

SHA512
dc3b2e3056d46ce6542bcfd2fd12b59ee5f8b6b88c071399bf2c4a872af0fcf74e1525e9a737e3ff41583c0a2605b8f2b7d80a67370701dd671e7b38591faea4

Download Submit
C:\Windows\SysWOW64\wxeghcf.exe

Filesize
341KB

MD5
3c5dec8fe897b67c3e2008cb866604b5

SHA1
40955c4b0570f206167ed6f092522e8b0b90f59c

SHA256
7008ebfc2f1ea5a597ea8df9fc05fdf9b2632df40fd9945da931ee34dd3a7b01

SHA512
e9aa09eb591d98c7007325a8733048754be48adda965e23a54078f918f8dac5dfad13f664b75c40f53a67a8e79b40ef959cef62d0d5236bd8730331efad7e87a

Download Submit
C:\Windows\SysWOW64\wxeghcf.exe

Filesize
341KB

MD5
3c5dec8fe897b67c3e2008cb866604b5

SHA1
40955c4b0570f206167ed6f092522e8b0b90f59c

SHA256
7008ebfc2f1ea5a597ea8df9fc05fdf9b2632df40fd9945da931ee34dd3a7b01

SHA512
e9aa09eb591d98c7007325a8733048754be48adda965e23a54078f918f8dac5dfad13f664b75c40f53a67a8e79b40ef959cef62d0d5236bd8730331efad7e87a

Download Submit
memory/432-526-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/464-91-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/488-542-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/644-265-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/848-506-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1056-366-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1104-518-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1312-306-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1316-430-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1384-101-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1548-41-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1588-285-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1588-296-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1592-326-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1620-10-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1620-0-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1852-162-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1864-132-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1988-454-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2036-31-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2072-342-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2120-152-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2200-172-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2200-414-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2236-71-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2460-275-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2512-438-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2684-406-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2712-550-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2724-29-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2904-350-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2928-422-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/3140-474-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/3216-482-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/3224-534-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/3384-316-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/3508-121-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/3508-490-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/3580-566-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/3580-498-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/3596-182-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/3616-398-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/3716-446-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/3784-222-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/3804-61-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/3996-374-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/4072-466-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/4140-286-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/4144-232-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/4304-358-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/4372-51-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/4416-81-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/4420-111-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/4456-212-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/4460-131-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/4460-142-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/4480-334-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/4532-202-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/4556-382-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/4616-261-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/4716-192-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/4736-242-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/4924-558-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/4984-390-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download