10375658ff23e02d9272983ff323a52cc89a82c23b36c93a271b5dbcf32a941f

Analysis

max time kernel
134s
max time network
155s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
21-10-2023 21:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.29d44e10f90fa2e903709acc488ba3b0.exe
Size

350KB
MD5

29d44e10f90fa2e903709acc488ba3b0
SHA1

52a2dc32866cbfce81dddb7a5a6c608077301691
SHA256

10375658ff23e02d9272983ff323a52cc89a82c23b36c93a271b5dbcf32a941f
SHA512

2d6d9f05b126540e0877687bdab0cd3694f29b0eee521c33b61877303f4444c6f990284cae347098699c2372d966eecb608268fd97de53d49ffadb0a22cbe2c6
SSDEEP

3072:+YUb5QoJ4g+CLi8HSpmWAVW9UNpZj6Iz1ZdW4SrO7FSVpEv4wD66ib7:+YwLTNV97h6SZI4z7FSVp84+23

Score

10^/10

dropper persistence trojan

Malware Config

Signatures

Malware Backdoor - Berbew 64 IoCs

Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.

persistence dropper trojan

resource	yara_rule
behavioral1/memory/1732-0-0x0000000000400000-0x0000000000424000-memory.dmp	family_berbew
behavioral1/files/0x000d00000001200b-5.dat	family_berbew
behavioral1/files/0x000d00000001200b-7.dat	family_berbew
behavioral1/files/0x000d00000001200b-8.dat	family_berbew
behavioral1/files/0x000d00000001200b-13.dat	family_berbew
behavioral1/files/0x000d00000001200b-16.dat	family_berbew
behavioral1/files/0x000d00000001200b-19.dat	family_berbew
behavioral1/files/0x000d00000001200b-20.dat	family_berbew
behavioral1/memory/1732-21-0x0000000000400000-0x0000000000424000-memory.dmp	family_berbew
behavioral1/files/0x0014000000015604-26.dat	family_berbew
behavioral1/files/0x0014000000015604-28.dat	family_berbew
behavioral1/files/0x0014000000015604-37.dat	family_berbew
behavioral1/files/0x0014000000015604-34.dat	family_berbew
behavioral1/files/0x0014000000015604-40.dat	family_berbew
behavioral1/memory/2104-43-0x0000000000400000-0x0000000000424000-memory.dmp	family_berbew
behavioral1/files/0x0014000000015604-44.dat	family_berbew
behavioral1/memory/2756-42-0x0000000000400000-0x0000000000424000-memory.dmp	family_berbew
behavioral1/files/0x000900000001561b-48.dat	family_berbew
behavioral1/memory/2756-62-0x0000000000400000-0x0000000000424000-memory.dmp	family_berbew
behavioral1/memory/972-64-0x0000000000400000-0x0000000000424000-memory.dmp	family_berbew
behavioral1/files/0x000900000001561b-63.dat	family_berbew
behavioral1/files/0x000900000001561b-61.dat	family_berbew
behavioral1/files/0x000900000001561b-58.dat	family_berbew
behavioral1/files/0x000900000001561b-55.dat	family_berbew
behavioral1/files/0x000900000001561b-50.dat	family_berbew
behavioral1/files/0x000e00000001200b-78.dat	family_berbew
behavioral1/files/0x000e00000001200b-75.dat	family_berbew
behavioral1/files/0x000e00000001200b-70.dat	family_berbew
behavioral1/files/0x000e00000001200b-68.dat	family_berbew
behavioral1/files/0x000e00000001200b-81.dat	family_berbew
behavioral1/memory/972-84-0x0000000000400000-0x0000000000424000-memory.dmp	family_berbew
behavioral1/files/0x000e00000001200b-83.dat	family_berbew
behavioral1/memory/2876-82-0x0000000000400000-0x0000000000424000-memory.dmp	family_berbew
behavioral1/files/0x0015000000015604-88.dat	family_berbew
behavioral1/files/0x0015000000015604-99.dat	family_berbew
behavioral1/files/0x0015000000015604-96.dat	family_berbew
behavioral1/files/0x0015000000015604-91.dat	family_berbew
behavioral1/files/0x0015000000015604-101.dat	family_berbew
behavioral1/memory/1108-104-0x0000000000400000-0x0000000000424000-memory.dmp	family_berbew
behavioral1/memory/2876-103-0x0000000000400000-0x0000000000424000-memory.dmp	family_berbew
behavioral1/files/0x0015000000015604-105.dat	family_berbew
behavioral1/files/0x000a00000001561b-111.dat	family_berbew
behavioral1/files/0x000a00000001561b-109.dat	family_berbew
behavioral1/files/0x000a00000001561b-120.dat	family_berbew
behavioral1/files/0x000a00000001561b-117.dat	family_berbew
behavioral1/files/0x000a00000001561b-122.dat	family_berbew
behavioral1/memory/1108-123-0x0000000000400000-0x0000000000424000-memory.dmp	family_berbew
behavioral1/files/0x000a00000001561b-124.dat	family_berbew
behavioral1/files/0x000f00000001200b-130.dat	family_berbew
behavioral1/files/0x000f00000001200b-128.dat	family_berbew
behavioral1/memory/524-140-0x00000000032A0000-0x00000000032C4000-memory.dmp	family_berbew
behavioral1/files/0x000f00000001200b-138.dat	family_berbew
behavioral1/files/0x000f00000001200b-135.dat	family_berbew
behavioral1/files/0x000f00000001200b-143.dat	family_berbew
behavioral1/memory/2380-145-0x0000000000400000-0x0000000000424000-memory.dmp	family_berbew
behavioral1/memory/524-144-0x0000000000400000-0x0000000000424000-memory.dmp	family_berbew
behavioral1/files/0x000f00000001200b-146.dat	family_berbew
behavioral1/files/0x0016000000015604-162.dat	family_berbew
behavioral1/files/0x0016000000015604-159.dat	family_berbew
behavioral1/files/0x0016000000015604-153.dat	family_berbew
behavioral1/files/0x0016000000015604-164.dat	family_berbew
behavioral1/files/0x0016000000015604-150.dat	family_berbew
behavioral1/memory/2380-167-0x0000000003C80000-0x0000000003CA4000-memory.dmp	family_berbew
behavioral1/files/0x0016000000015604-166.dat	family_berbew

Blocklisted process makes network request 18 IoCs

flow	pid	Process
312	1048	cmd.exe
313	1048	cmd.exe
314	1048	cmd.exe
316	956	cmd.exe
317	956	cmd.exe
318	956	cmd.exe
320	1484	cmd.exe
321	1484	cmd.exe
322	1484	cmd.exe
380	1588	cmd.exe
381	1588	cmd.exe
382	1588	cmd.exe
384	1304	cmd.exe
385	1304	cmd.exe
386	1304	cmd.exe
400	2140	cmd.exe
401	2140	cmd.exe
402	2140	cmd.exe

Deletes itself 1 IoCs

pid	Process
2772	cmd.exe

Executes dropped EXE 64 IoCs

pid	Process
2104	wnxykdc.exe
2756	wgmbaj.exe
972	wxid.exe
2876	wgiumy.exe
1108	wgnaq.exe
524	wtdsh.exe
2380	wtuipi.exe
912	wuhohb.exe
2208	wkskvp.exe
2768	wlm.exe
2944	wpde.exe
2628	wldly.exe
2888	wxdxo.exe
1216	wscfoa.exe
1044	winbcoo.exe
568	wimdsm.exe
2648	wxwyhbu.exe
2484	wlncqwbcl.exe
2268	wtotpcmm.exe
2636	wcleve.exe
2552	wdxllw.exe
932	wqonv.exe
844	wdantqvcx.exe
1200	wgfom.exe
2972	wpvvfgl.exe
1760	wffrtups.exe
2164	wjwdvinx.exe
1352	wjci.exe
320	wbdr.exe
2816	wrnnufvsc.exe
2820	winxbt.exe
2836	wdnebyn.exe
2868	wytnmdtwv.exe
2792	wckynp.exe
2912	wbulkndlr.exe
2412	wgkxla.exe
940	wmf.exe
848	wpcpu.exe
2252	wllhbxv.exe
1520	wxmvrv.exe
2664	wvwiot.exe
2068	wnxsvg.exe
1280	wjvyumo.exe
2904	wjvelk.exe
1980	wqk.exe
2124	whl.exe
2352	wjv.exe
2440	wolqa.exe
1616	wnuewcl.exe
1364	wavsmxc.exe
2772	wlwgcus.exe
2740	wtflhcl.exe
2408	wcosnigt.exe
2892	wvajso.exe
2500	wvivp.exe
2912	wysfd.exe
1808	wewgyndiu.exe
2140	wqnl.exe
1372	wdmy.exe
2736	wcxmud.exe
2560	wwfvi.exe
2596	wctuqqq.exe
2636	wdaask.exe
1280	wxlryriu.exe

Loads dropped DLL 64 IoCs

pid	Process
1732	NEAS.29d44e10f90fa2e903709acc488ba3b0.exe
1732	NEAS.29d44e10f90fa2e903709acc488ba3b0.exe
1732	NEAS.29d44e10f90fa2e903709acc488ba3b0.exe
1732	NEAS.29d44e10f90fa2e903709acc488ba3b0.exe
2104	wnxykdc.exe
2104	wnxykdc.exe
2104	wnxykdc.exe
2104	wnxykdc.exe
2756	wgmbaj.exe
2756	wgmbaj.exe
2756	wgmbaj.exe
2756	wgmbaj.exe
972	wxid.exe
972	wxid.exe
972	wxid.exe
972	wxid.exe
2876	wgiumy.exe
2876	wgiumy.exe
2876	wgiumy.exe
2876	wgiumy.exe
1108	wgnaq.exe
1108	wgnaq.exe
1108	wgnaq.exe
1108	wgnaq.exe
524	wtdsh.exe
524	wtdsh.exe
524	wtdsh.exe
524	wtdsh.exe
2380	wtuipi.exe
2380	wtuipi.exe
2380	wtuipi.exe
2380	wtuipi.exe
912	wuhohb.exe
912	wuhohb.exe
912	wuhohb.exe
912	wuhohb.exe
2208	wkskvp.exe
2208	wkskvp.exe
2208	wkskvp.exe
2208	wkskvp.exe
2768	wlm.exe
2768	wlm.exe
2768	wlm.exe
2768	wlm.exe
2944	wpde.exe
2944	wpde.exe
2944	wpde.exe
2944	wpde.exe
2628	wldly.exe
2628	wldly.exe
2628	wldly.exe
2628	wldly.exe
2888	wxdxo.exe
2888	wxdxo.exe
2888	wxdxo.exe
2888	wxdxo.exe
1216	wscfoa.exe
1216	wscfoa.exe
1216	wscfoa.exe
1216	wscfoa.exe
1044	winbcoo.exe
1044	winbcoo.exe
1044	winbcoo.exe
1044	winbcoo.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\wffrtups.exe	wpvvfgl.exe
File created	C:\Windows\SysWOW64\wdmy.exe	wqnl.exe
File created	C:\Windows\SysWOW64\whpxoxnq.exe	cmd.exe
File created	C:\Windows\SysWOW64\wiqlbqe.exe	wwqxlsos.exe
File created	C:\Windows\SysWOW64\wvntro.exe	wbont.exe
File opened for modification	C:\Windows\SysWOW64\wxid.exe	wgmbaj.exe
File opened for modification	C:\Windows\SysWOW64\wqonv.exe	wdxllw.exe
File created	C:\Windows\SysWOW64\wdgbjxxj.exe	wehysav.exe
File created	C:\Windows\SysWOW64\wtotpcmm.exe	wlncqwbcl.exe
File opened for modification	C:\Windows\SysWOW64\winxbt.exe	wrnnufvsc.exe
File created	C:\Windows\SysWOW64\wwrkovkf.exe	wpjejoqu.exe
File opened for modification	C:\Windows\SysWOW64\wpiia.exe	wyiyt.exe
File opened for modification	C:\Windows\SysWOW64\wdantqvcx.exe	wqonv.exe
File opened for modification	C:\Windows\SysWOW64\wxlryriu.exe	wdaask.exe
File created	C:\Windows\SysWOW64\wpquxgtj.exe	wcjeulva.exe
File created	C:\Windows\SysWOW64\wudhxfph.exe	wksia.exe
File opened for modification	C:\Windows\SysWOW64\wxfdg.exe	wudhxfph.exe
File created	C:\Windows\SysWOW64\weqtaubup.exe	wiqlbqe.exe
File created	C:\Windows\SysWOW64\wqbkof.exe	wemgejb.exe
File created	C:\Windows\SysWOW64\wdxllw.exe	wcleve.exe
File created	C:\Windows\SysWOW64\wpvvfgl.exe	wgfom.exe
File created	C:\Windows\SysWOW64\wbulkndlr.exe	wckynp.exe
File opened for modification	C:\Windows\SysWOW64\waxdhd.exe	wvntro.exe
File created	C:\Windows\SysWOW64\wlylac.exe	wqxebwllk.exe
File opened for modification	C:\Windows\SysWOW64\wsfjpps.exe	wcqjodjj.exe
File opened for modification	C:\Windows\SysWOW64\wlylac.exe	wqxebwllk.exe
File created	C:\Windows\SysWOW64\wbdr.exe	wjci.exe
File opened for modification	C:\Windows\SysWOW64\wbdr.exe	wjci.exe
File created	C:\Windows\SysWOW64\wjv.exe	whl.exe
File created	C:\Windows\SysWOW64\wjaaedvv.exe	wjpojfkpn.exe
File opened for modification	C:\Windows\SysWOW64\wdgbjxxj.exe	wehysav.exe
File opened for modification	C:\Windows\SysWOW64\wqnl.exe	wewgyndiu.exe
File created	C:\Windows\SysWOW64\wokbf.exe	wxlryriu.exe
File opened for modification	C:\Windows\SysWOW64\wbulkndlr.exe	wckynp.exe
File opened for modification	C:\Windows\SysWOW64\wwqxlsos.exe	wjtrn.exe
File created	C:\Windows\SysWOW64\wldly.exe	wpde.exe
File created	C:\Windows\SysWOW64\wpcpu.exe	wmf.exe
File opened for modification	C:\Windows\SysWOW64\wpnsvx.exe	wxwsu.exe
File created	C:\Windows\SysWOW64\wimdsm.exe	winbcoo.exe
File opened for modification	C:\Windows\SysWOW64\wcosnigt.exe	wtflhcl.exe
File opened for modification	C:\Windows\SysWOW64\wbjcm.exe	wunmbyl.exe
File created	C:\Windows\SysWOW64\wfhiuoui.exe	wtqus.exe
File created	C:\Windows\SysWOW64\wemgejb.exe	wihjlku.exe
File created	C:\Windows\SysWOW64\wqk.exe	wjvelk.exe
File created	C:\Windows\SysWOW64\wolqa.exe	wjv.exe
File opened for modification	C:\Windows\SysWOW64\wwfvi.exe	wcxmud.exe
File opened for modification	C:\Windows\SysWOW64\wnrc.exe	wjmbyiwi.exe
File created	C:\Windows\SysWOW64\wxwsu.exe	wmmuxnhym.exe
File opened for modification	C:\Windows\SysWOW64\wtdsh.exe	wgnaq.exe
File opened for modification	C:\Windows\SysWOW64\wxmvrv.exe	wllhbxv.exe
File opened for modification	C:\Windows\SysWOW64\wqk.exe	wjvelk.exe
File opened for modification	C:\Windows\SysWOW64\wvajso.exe	wcosnigt.exe
File opened for modification	C:\Windows\SysWOW64\wunmbyl.exe	wmtunr.exe
File created	C:\Windows\SysWOW64\wjtrn.exe	wgkib.exe
File created	C:\Windows\SysWOW64\wxfdg.exe	wudhxfph.exe
File created	C:\Windows\SysWOW64\wrnnufvsc.exe	wbdr.exe
File created	C:\Windows\SysWOW64\wnxsvg.exe	wvwiot.exe
File opened for modification	C:\Windows\SysWOW64\wtflhcl.exe	wlwgcus.exe
File created	C:\Windows\SysWOW64\wvivp.exe	wvajso.exe
File created	C:\Windows\SysWOW64\wcjeulva.exe	wxec.exe
File created	C:\Windows\SysWOW64\wdnebyn.exe	winxbt.exe
File created	C:\Windows\SysWOW64\wqnl.exe	wewgyndiu.exe
File created	C:\Windows\SysWOW64\wnrc.exe	wjmbyiwi.exe
File created	C:\Windows\SysWOW64\wossarv.exe	wmljmdg.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2312	1616	WerFault.exe	174

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1732 wrote to memory of 2104	1732	NEAS.29d44e10f90fa2e903709acc488ba3b0.exe	28
PID 1732 wrote to memory of 2104	1732	NEAS.29d44e10f90fa2e903709acc488ba3b0.exe	28
PID 1732 wrote to memory of 2104	1732	NEAS.29d44e10f90fa2e903709acc488ba3b0.exe	28
PID 1732 wrote to memory of 2104	1732	NEAS.29d44e10f90fa2e903709acc488ba3b0.exe	28
PID 1732 wrote to memory of 2772	1732	NEAS.29d44e10f90fa2e903709acc488ba3b0.exe	29
PID 1732 wrote to memory of 2772	1732	NEAS.29d44e10f90fa2e903709acc488ba3b0.exe	29
PID 1732 wrote to memory of 2772	1732	NEAS.29d44e10f90fa2e903709acc488ba3b0.exe	29
PID 1732 wrote to memory of 2772	1732	NEAS.29d44e10f90fa2e903709acc488ba3b0.exe	29
PID 2104 wrote to memory of 2756	2104	wnxykdc.exe	31
PID 2104 wrote to memory of 2756	2104	wnxykdc.exe	31
PID 2104 wrote to memory of 2756	2104	wnxykdc.exe	31
PID 2104 wrote to memory of 2756	2104	wnxykdc.exe	31
PID 2104 wrote to memory of 2600	2104	wnxykdc.exe	32
PID 2104 wrote to memory of 2600	2104	wnxykdc.exe	32
PID 2104 wrote to memory of 2600	2104	wnxykdc.exe	32
PID 2104 wrote to memory of 2600	2104	wnxykdc.exe	32
PID 2756 wrote to memory of 972	2756	wgmbaj.exe	34
PID 2756 wrote to memory of 972	2756	wgmbaj.exe	34
PID 2756 wrote to memory of 972	2756	wgmbaj.exe	34
PID 2756 wrote to memory of 972	2756	wgmbaj.exe	34
PID 2756 wrote to memory of 1020	2756	wgmbaj.exe	36
PID 2756 wrote to memory of 1020	2756	wgmbaj.exe	36
PID 2756 wrote to memory of 1020	2756	wgmbaj.exe	36
PID 2756 wrote to memory of 1020	2756	wgmbaj.exe	36
PID 972 wrote to memory of 2876	972	wxid.exe	37
PID 972 wrote to memory of 2876	972	wxid.exe	37
PID 972 wrote to memory of 2876	972	wxid.exe	37
PID 972 wrote to memory of 2876	972	wxid.exe	37
PID 972 wrote to memory of 1984	972	wxid.exe	38
PID 972 wrote to memory of 1984	972	wxid.exe	38
PID 972 wrote to memory of 1984	972	wxid.exe	38
PID 972 wrote to memory of 1984	972	wxid.exe	38
PID 2876 wrote to memory of 1108	2876	wgiumy.exe	40
PID 2876 wrote to memory of 1108	2876	wgiumy.exe	40
PID 2876 wrote to memory of 1108	2876	wgiumy.exe	40
PID 2876 wrote to memory of 1108	2876	wgiumy.exe	40
PID 2876 wrote to memory of 1044	2876	wgiumy.exe	41
PID 2876 wrote to memory of 1044	2876	wgiumy.exe	41
PID 2876 wrote to memory of 1044	2876	wgiumy.exe	41
PID 2876 wrote to memory of 1044	2876	wgiumy.exe	41
PID 1108 wrote to memory of 524	1108	wgnaq.exe	43
PID 1108 wrote to memory of 524	1108	wgnaq.exe	43
PID 1108 wrote to memory of 524	1108	wgnaq.exe	43
PID 1108 wrote to memory of 524	1108	wgnaq.exe	43
PID 1108 wrote to memory of 2732	1108	wgnaq.exe	44
PID 1108 wrote to memory of 2732	1108	wgnaq.exe	44
PID 1108 wrote to memory of 2732	1108	wgnaq.exe	44
PID 1108 wrote to memory of 2732	1108	wgnaq.exe	44
PID 524 wrote to memory of 2380	524	wtdsh.exe	46
PID 524 wrote to memory of 2380	524	wtdsh.exe	46
PID 524 wrote to memory of 2380	524	wtdsh.exe	46
PID 524 wrote to memory of 2380	524	wtdsh.exe	46
PID 524 wrote to memory of 976	524	wtdsh.exe	48
PID 524 wrote to memory of 976	524	wtdsh.exe	48
PID 524 wrote to memory of 976	524	wtdsh.exe	48
PID 524 wrote to memory of 976	524	wtdsh.exe	48
PID 2380 wrote to memory of 912	2380	wtuipi.exe	49
PID 2380 wrote to memory of 912	2380	wtuipi.exe	49
PID 2380 wrote to memory of 912	2380	wtuipi.exe	49
PID 2380 wrote to memory of 912	2380	wtuipi.exe	49
PID 2380 wrote to memory of 2976	2380	wtuipi.exe	50
PID 2380 wrote to memory of 2976	2380	wtuipi.exe	50
PID 2380 wrote to memory of 2976	2380	wtuipi.exe	50
PID 2380 wrote to memory of 2976	2380	wtuipi.exe	50

C:\Users\Admin\AppData\Local\Temp\NEAS.29d44e10f90fa2e903709acc488ba3b0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.29d44e10f90fa2e903709acc488ba3b0.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1732
- C:\Windows\SysWOW64\wnxykdc.exe
  "C:\Windows\system32\wnxykdc.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2104
- - C:\Windows\SysWOW64\wgmbaj.exe
    "C:\Windows\system32\wgmbaj.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in System32 directory
    - Suspicious use of WriteProcessMemory
    PID:2756
  - - C:\Windows\SysWOW64\wxid.exe
      "C:\Windows\system32\wxid.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:972
    - - C:\Windows\SysWOW64\wgiumy.exe
        
        "C:\Windows\system32\wgiumy.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2876
      - C:\Windows\SysWOW64\wgnaq.exe
        
        "C:\Windows\system32\wgnaq.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1108
        
        C:\Windows\SysWOW64\wtdsh.exe
        
        "C:\Windows\system32\wtdsh.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:524
        
        C:\Windows\SysWOW64\wtuipi.exe
        
        "C:\Windows\system32\wtuipi.exe"
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2380
        
        C:\Windows\SysWOW64\wuhohb.exe
        
        "C:\Windows\system32\wuhohb.exe"
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:912
        
        C:\Windows\SysWOW64\wkskvp.exe
        
        "C:\Windows\system32\wkskvp.exe"
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2208
        
        C:\Windows\SysWOW64\wlm.exe
        
        "C:\Windows\system32\wlm.exe"
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2768
        
        C:\Windows\SysWOW64\wpde.exe
        
        "C:\Windows\system32\wpde.exe"
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:2944
        
        C:\Windows\SysWOW64\wldly.exe
        
        "C:\Windows\system32\wldly.exe"
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2628
        
        C:\Windows\SysWOW64\wxdxo.exe
        
        "C:\Windows\system32\wxdxo.exe"
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2888
        
        C:\Windows\SysWOW64\wscfoa.exe
        
        "C:\Windows\system32\wscfoa.exe"
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1216
        
        C:\Windows\SysWOW64\winbcoo.exe
        
        "C:\Windows\system32\winbcoo.exe"
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:1044
        
        C:\Windows\SysWOW64\wimdsm.exe
        
        "C:\Windows\system32\wimdsm.exe"
        17⤵
        Executes dropped EXE
        
        PID:568
        
        C:\Windows\SysWOW64\wxwyhbu.exe
        
        "C:\Windows\system32\wxwyhbu.exe"
        18⤵
        Executes dropped EXE
        
        PID:2648
        
        C:\Windows\SysWOW64\wlncqwbcl.exe
        
        "C:\Windows\system32\wlncqwbcl.exe"
        19⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2484
        
        C:\Windows\SysWOW64\wtotpcmm.exe
        
        "C:\Windows\system32\wtotpcmm.exe"
        20⤵
        Executes dropped EXE
        
        PID:2268
        
        C:\Windows\SysWOW64\wcleve.exe
        
        "C:\Windows\system32\wcleve.exe"
        21⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2636
        
        C:\Windows\SysWOW64\wdxllw.exe
        
        "C:\Windows\system32\wdxllw.exe"
        22⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2552
        
        C:\Windows\SysWOW64\wqonv.exe
        
        "C:\Windows\system32\wqonv.exe"
        23⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:932
        
        C:\Windows\SysWOW64\wdantqvcx.exe
        
        "C:\Windows\system32\wdantqvcx.exe"
        24⤵
        Executes dropped EXE
        
        PID:844
        
        C:\Windows\SysWOW64\wgfom.exe
        
        "C:\Windows\system32\wgfom.exe"
        25⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1200
        
        C:\Windows\SysWOW64\wpvvfgl.exe
        
        "C:\Windows\system32\wpvvfgl.exe"
        26⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2972
        
        C:\Windows\SysWOW64\wffrtups.exe
        
        "C:\Windows\system32\wffrtups.exe"
        27⤵
        Executes dropped EXE
        
        PID:1760
        
        C:\Windows\SysWOW64\wjwdvinx.exe
        
        "C:\Windows\system32\wjwdvinx.exe"
        28⤵
        Executes dropped EXE
        
        PID:2164
        
        C:\Windows\SysWOW64\wjci.exe
        
        "C:\Windows\system32\wjci.exe"
        29⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1352
        
        C:\Windows\SysWOW64\wbdr.exe
        
        "C:\Windows\system32\wbdr.exe"
        30⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:320
        
        C:\Windows\SysWOW64\wrnnufvsc.exe
        
        "C:\Windows\system32\wrnnufvsc.exe"
        31⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2816
        
        C:\Windows\SysWOW64\winxbt.exe
        
        "C:\Windows\system32\winxbt.exe"
        32⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2820
        
        C:\Windows\SysWOW64\wdnebyn.exe
        
        "C:\Windows\system32\wdnebyn.exe"
        33⤵
        Executes dropped EXE
        
        PID:2836
        
        C:\Windows\SysWOW64\wytnmdtwv.exe
        
        "C:\Windows\system32\wytnmdtwv.exe"
        34⤵
        Executes dropped EXE
        
        PID:2868
        
        C:\Windows\SysWOW64\wckynp.exe
        
        "C:\Windows\system32\wckynp.exe"
        35⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2792
        
        C:\Windows\SysWOW64\wbulkndlr.exe
        
        "C:\Windows\system32\wbulkndlr.exe"
        36⤵
        Executes dropped EXE
        
        PID:2912
        
        C:\Windows\SysWOW64\wgkxla.exe
        
        "C:\Windows\system32\wgkxla.exe"
        37⤵
        Executes dropped EXE
        
        PID:2412
        
        C:\Windows\SysWOW64\wmf.exe
        
        "C:\Windows\system32\wmf.exe"
        38⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:940
        
        C:\Windows\SysWOW64\wpcpu.exe
        
        "C:\Windows\system32\wpcpu.exe"
        39⤵
        Executes dropped EXE
        
        PID:848
        
        C:\Windows\SysWOW64\wllhbxv.exe
        
        "C:\Windows\system32\wllhbxv.exe"
        40⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2252
        
        C:\Windows\SysWOW64\wxmvrv.exe
        
        "C:\Windows\system32\wxmvrv.exe"
        41⤵
        Executes dropped EXE
        
        PID:1520
        
        C:\Windows\SysWOW64\wvwiot.exe
        
        "C:\Windows\system32\wvwiot.exe"
        42⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2664
        
        C:\Windows\SysWOW64\wnxsvg.exe
        
        "C:\Windows\system32\wnxsvg.exe"
        43⤵
        Executes dropped EXE
        
        PID:2068
        
        C:\Windows\SysWOW64\wjvyumo.exe
        
        "C:\Windows\system32\wjvyumo.exe"
        44⤵
        Executes dropped EXE
        
        PID:1280
        
        C:\Windows\SysWOW64\wjvelk.exe
        
        "C:\Windows\system32\wjvelk.exe"
        45⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2904
        
        C:\Windows\SysWOW64\wqk.exe
        
        "C:\Windows\system32\wqk.exe"
        46⤵
        Executes dropped EXE
        
        PID:1980
        
        C:\Windows\SysWOW64\whl.exe
        
        "C:\Windows\system32\whl.exe"
        47⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2124
        
        C:\Windows\SysWOW64\wjv.exe
        
        "C:\Windows\system32\wjv.exe"
        48⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2352
        
        C:\Windows\SysWOW64\wolqa.exe
        
        "C:\Windows\system32\wolqa.exe"
        49⤵
        Executes dropped EXE
        
        PID:2440
        
        C:\Windows\SysWOW64\wnuewcl.exe
        
        "C:\Windows\system32\wnuewcl.exe"
        50⤵
        Executes dropped EXE
        
        PID:1616
        
        C:\Windows\SysWOW64\wavsmxc.exe
        
        "C:\Windows\system32\wavsmxc.exe"
        51⤵
        Executes dropped EXE
        
        PID:1364
        
        C:\Windows\SysWOW64\wlwgcus.exe
        
        "C:\Windows\system32\wlwgcus.exe"
        52⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2772
        
        C:\Windows\SysWOW64\wtflhcl.exe
        
        "C:\Windows\system32\wtflhcl.exe"
        53⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2740
        
        C:\Windows\SysWOW64\wcosnigt.exe
        
        "C:\Windows\system32\wcosnigt.exe"
        54⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2408
        
        C:\Windows\SysWOW64\wvajso.exe
        
        "C:\Windows\system32\wvajso.exe"
        55⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2892
        
        C:\Windows\SysWOW64\wvivp.exe
        
        "C:\Windows\system32\wvivp.exe"
        56⤵
        Executes dropped EXE
        
        PID:2500
        
        C:\Windows\SysWOW64\wysfd.exe
        
        "C:\Windows\system32\wysfd.exe"
        57⤵
        Executes dropped EXE
        
        PID:2912
        
        C:\Windows\SysWOW64\wewgyndiu.exe
        
        "C:\Windows\system32\wewgyndiu.exe"
        58⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1808
        
        C:\Windows\SysWOW64\wqnl.exe
        
        "C:\Windows\system32\wqnl.exe"
        59⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2140
        
        C:\Windows\SysWOW64\wdmy.exe
        
        "C:\Windows\system32\wdmy.exe"
        60⤵
        Executes dropped EXE
        
        PID:1372
        
        C:\Windows\SysWOW64\wcxmud.exe
        
        "C:\Windows\system32\wcxmud.exe"
        61⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2736
        
        C:\Windows\SysWOW64\wwfvi.exe
        
        "C:\Windows\system32\wwfvi.exe"
        62⤵
        Executes dropped EXE
        
        PID:2560
        
        C:\Windows\SysWOW64\wctuqqq.exe
        
        "C:\Windows\system32\wctuqqq.exe"
        63⤵
        Executes dropped EXE
        
        PID:2596
        
        C:\Windows\SysWOW64\wdaask.exe
        
        "C:\Windows\system32\wdaask.exe"
        64⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2636
        
        C:\Windows\SysWOW64\wxlryriu.exe
        
        "C:\Windows\system32\wxlryriu.exe"
        65⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1280
        
        C:\Windows\SysWOW64\wokbf.exe
        
        "C:\Windows\system32\wokbf.exe"
        66⤵
        
        PID:2892
        
        C:\Windows\SysWOW64\wsbnhs.exe
        
        "C:\Windows\system32\wsbnhs.exe"
        67⤵
        
        PID:1928
        
        C:\Windows\SysWOW64\wjpojfkpn.exe
        
        "C:\Windows\system32\wjpojfkpn.exe"
        68⤵
        Drops file in System32 directory
        
        PID:1216
        
        C:\Windows\SysWOW64\wjaaedvv.exe
        
        "C:\Windows\system32\wjaaedvv.exe"
        69⤵
        
        PID:3004
        
        C:\Windows\SysWOW64\wekrlj.exe
        
        "C:\Windows\system32\wekrlj.exe"
        70⤵
        
        PID:2936
        
        C:\Windows\SysWOW64\whirrxjxp.exe
        
        "C:\Windows\system32\whirrxjxp.exe"
        71⤵
        
        PID:2928
        
        C:\Windows\SysWOW64\wodheenw.exe
        
        "C:\Windows\system32\wodheenw.exe"
        72⤵
        
        PID:2584
        
        C:\Windows\SysWOW64\wgr.exe
        
        "C:\Windows\system32\wgr.exe"
        73⤵
        
        PID:2560
        
        C:\Windows\SysWOW64\wjmbyiwi.exe
        
        "C:\Windows\system32\wjmbyiwi.exe"
        74⤵
        Drops file in System32 directory
        
        PID:2596
        
        C:\Windows\SysWOW64\wnrc.exe
        
        "C:\Windows\system32\wnrc.exe"
        75⤵
        
        PID:2384
        
        C:\Windows\SysWOW64\wedwhjoev.exe
        
        "C:\Windows\system32\wedwhjoev.exe"
        76⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\wedaxfr.exe
        
        "C:\Windows\system32\wedaxfr.exe"
        77⤵
        
        PID:1048
        
        C:\Windows\SysWOW64\wxbhw.exe
        
        "C:\Windows\system32\wxbhw.exe"
        78⤵
        
        PID:956
        
        C:\Windows\SysWOW64\wkgdhlge.exe
        
        "C:\Windows\system32\wkgdhlge.exe"
        79⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\wqpkm.exe
        
        "C:\Windows\system32\wqpkm.exe"
        80⤵
        
        PID:3004
        
        C:\Windows\SysWOW64\wuysagpn.exe
        
        "C:\Windows\system32\wuysagpn.exe"
        81⤵
        
        PID:1940
        
        C:\Windows\SysWOW64\wmtunr.exe
        
        "C:\Windows\system32\wmtunr.exe"
        82⤵
        Drops file in System32 directory
        
        PID:2776
        
        C:\Windows\SysWOW64\wunmbyl.exe
        
        "C:\Windows\system32\wunmbyl.exe"
        83⤵
        Drops file in System32 directory
        
        PID:2620
        
        C:\Windows\SysWOW64\wbjcm.exe
        
        "C:\Windows\system32\wbjcm.exe"
        84⤵
        
        PID:2580
        
        C:\Windows\SysWOW64\wkqir.exe
        
        "C:\Windows\system32\wkqir.exe"
        85⤵
        
        PID:1764
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkqir.exe"
        86⤵
        
        PID:1108
        
        C:\Windows\SysWOW64\wuktumsx.exe
        
        "C:\Windows\system32\wuktumsx.exe"
        86⤵
        
        PID:584
        
        C:\Windows\SysWOW64\wmatvybw.exe
        
        "C:\Windows\system32\wmatvybw.exe"
        87⤵
        
        PID:676
        
        C:\Windows\SysWOW64\wpjejoqu.exe
        
        "C:\Windows\system32\wpjejoqu.exe"
        88⤵
        Drops file in System32 directory
        
        PID:1396
        
        C:\Windows\SysWOW64\wwrkovkf.exe
        
        "C:\Windows\system32\wwrkovkf.exe"
        89⤵
        
        PID:900
        
        C:\Windows\SysWOW64\wilvrtr.exe
        
        "C:\Windows\system32\wilvrtr.exe"
        90⤵
        
        PID:1256
        
        C:\Windows\SysWOW64\wqfmd.exe
        
        "C:\Windows\system32\wqfmd.exe"
        91⤵
        
        PID:952
        
        C:\Windows\SysWOW64\wtqus.exe
        
        "C:\Windows\system32\wtqus.exe"
        92⤵
        Drops file in System32 directory
        
        PID:2660
        
        C:\Windows\SysWOW64\wfhiuoui.exe
        
        "C:\Windows\system32\wfhiuoui.exe"
        93⤵
        
        PID:896
        
        C:\Windows\SysWOW64\wnmghrlo.exe
        
        "C:\Windows\system32\wnmghrlo.exe"
        94⤵
        
        PID:1588
        
        C:\Windows\SysWOW64\wesyh.exe
        
        "C:\Windows\system32\wesyh.exe"
        95⤵
        
        PID:1304
        
        C:\Windows\SysWOW64\whpxoxnq.exe
        
        "C:\Windows\system32\whpxoxnq.exe"
        96⤵
        
        PID:1316
        
        C:\Windows\SysWOW64\wcoend.exe
        
        "C:\Windows\system32\wcoend.exe"
        97⤵
        
        PID:292
        
        C:\Windows\SysWOW64\wopseayug.exe
        
        "C:\Windows\system32\wopseayug.exe"
        98⤵
        
        PID:1508
        
        C:\Windows\SysWOW64\wjbjkgi.exe
        
        "C:\Windows\system32\wjbjkgi.exe"
        99⤵
        
        PID:2140
        
        C:\Windows\SysWOW64\wbbtrud.exe
        
        "C:\Windows\system32\wbbtrud.exe"
        100⤵
        
        PID:892
        
        C:\Windows\SysWOW64\wijawbwlq.exe
        
        "C:\Windows\system32\wijawbwlq.exe"
        101⤵
        
        PID:2696
        
        C:\Windows\SysWOW64\whsntyi.exe
        
        "C:\Windows\system32\whsntyi.exe"
        102⤵
        
        PID:2756
        
        C:\Windows\SysWOW64\wehysav.exe
        
        "C:\Windows\system32\wehysav.exe"
        103⤵
        Drops file in System32 directory
        
        PID:1516
        
        C:\Windows\SysWOW64\wdgbjxxj.exe
        
        "C:\Windows\system32\wdgbjxxj.exe"
        104⤵
        
        PID:2944
        
        C:\Windows\SysWOW64\wpyomuf.exe
        
        "C:\Windows\system32\wpyomuf.exe"
        105⤵
        
        PID:2420
        
        C:\Windows\SysWOW64\wgkib.exe
        
        "C:\Windows\system32\wgkib.exe"
        106⤵
        Drops file in System32 directory
        
        PID:472
        
        C:\Windows\SysWOW64\wjtrn.exe
        
        "C:\Windows\system32\wjtrn.exe"
        107⤵
        Drops file in System32 directory
        
        PID:2380
        
        C:\Windows\SysWOW64\wwqxlsos.exe
        
        "C:\Windows\system32\wwqxlsos.exe"
        108⤵
        Drops file in System32 directory
        
        PID:1564
        
        C:\Windows\SysWOW64\wiqlbqe.exe
        
        "C:\Windows\system32\wiqlbqe.exe"
        109⤵
        Drops file in System32 directory
        
        PID:1544
        
        C:\Windows\SysWOW64\weqtaubup.exe
        
        "C:\Windows\system32\weqtaubup.exe"
        110⤵
        
        PID:2948
        
        C:\Windows\SysWOW64\wmljmdg.exe
        
        "C:\Windows\system32\wmljmdg.exe"
        111⤵
        Drops file in System32 directory
        
        PID:3032
        
        C:\Windows\SysWOW64\wossarv.exe
        
        "C:\Windows\system32\wossarv.exe"
        112⤵
        
        PID:2324
        
        C:\Windows\SysWOW64\wfbfucxp.exe
        
        "C:\Windows\system32\wfbfucxp.exe"
        113⤵
        
        PID:2660
        
        C:\Windows\SysWOW64\wabms.exe
        
        "C:\Windows\system32\wabms.exe"
        114⤵
        
        PID:908
        
        C:\Windows\SysWOW64\wpetdbsyx.exe
        
        "C:\Windows\system32\wpetdbsyx.exe"
        115⤵
        
        PID:1060
        
        C:\Windows\SysWOW64\wovinvmq.exe
        
        "C:\Windows\system32\wovinvmq.exe"
        116⤵
        
        PID:1280
        
        C:\Windows\SysWOW64\wxec.exe
        
        "C:\Windows\system32\wxec.exe"
        117⤵
        Drops file in System32 directory
        
        PID:832
        
        C:\Windows\SysWOW64\wcjeulva.exe
        
        "C:\Windows\system32\wcjeulva.exe"
        118⤵
        Drops file in System32 directory
        
        PID:1656
        
        C:\Windows\SysWOW64\wpquxgtj.exe
        
        "C:\Windows\system32\wpquxgtj.exe"
        119⤵
        
        PID:1576
        
        C:\Windows\SysWOW64\wcqjodjj.exe
        
        "C:\Windows\system32\wcqjodjj.exe"
        120⤵
        Drops file in System32 directory
        
        PID:1700
        
        C:\Windows\SysWOW64\wsfjpps.exe
        
        "C:\Windows\system32\wsfjpps.exe"
        121⤵
        
        PID:2576
        
        C:\Windows\SysWOW64\wekfaoln.exe
        
        "C:\Windows\system32\wekfaoln.exe"
        122⤵
        
        PID:2764
        
        C:\Windows\SysWOW64\wmodmsdt.exe
        
        "C:\Windows\system32\wmodmsdt.exe"
        123⤵
        
        PID:2800
        
        C:\Windows\SysWOW64\wtiux.exe
        
        "C:\Windows\system32\wtiux.exe"
        124⤵
        
        PID:2212
        
        C:\Windows\SysWOW64\wljeen.exe
        
        "C:\Windows\system32\wljeen.exe"
        125⤵
        
        PID:2156
        
        C:\Windows\SysWOW64\wyfkbh.exe
        
        "C:\Windows\system32\wyfkbh.exe"
        126⤵
        
        PID:2628
        
        C:\Windows\SysWOW64\wksia.exe
        
        "C:\Windows\system32\wksia.exe"
        127⤵
        Drops file in System32 directory
        
        PID:2328
        
        C:\Windows\SysWOW64\wudhxfph.exe
        
        "C:\Windows\system32\wudhxfph.exe"
        128⤵
        Drops file in System32 directory
        
        PID:1596
        
        C:\Windows\SysWOW64\wxfdg.exe
        
        "C:\Windows\system32\wxfdg.exe"
        129⤵
        
        PID:1572
        
        C:\Windows\SysWOW64\wbont.exe
        
        "C:\Windows\system32\wbont.exe"
        130⤵
        Drops file in System32 directory
        
        PID:2268
        
        C:\Windows\SysWOW64\wvntro.exe
        
        "C:\Windows\system32\wvntro.exe"
        131⤵
        Drops file in System32 directory
        
        PID:2932
        
        C:\Windows\SysWOW64\waxdhd.exe
        
        "C:\Windows\system32\waxdhd.exe"
        132⤵
        
        PID:2816
        
        C:\Windows\SysWOW64\wihjlku.exe
        
        "C:\Windows\system32\wihjlku.exe"
        133⤵
        Drops file in System32 directory
        
        PID:1100
        
        C:\Windows\SysWOW64\wemgejb.exe
        
        "C:\Windows\system32\wemgejb.exe"
        134⤵
        Drops file in System32 directory
        
        PID:2176
        
        C:\Windows\SysWOW64\wqbkof.exe
        
        "C:\Windows\system32\wqbkof.exe"
        135⤵
        
        PID:2756
        
        C:\Windows\SysWOW64\wqhnraqtb.exe
        
        "C:\Windows\system32\wqhnraqtb.exe"
        136⤵
        
        PID:396
        
        C:\Windows\SysWOW64\wqxebwllk.exe
        
        "C:\Windows\system32\wqxebwllk.exe"
        137⤵
        Drops file in System32 directory
        
        PID:3048
        
        C:\Windows\SysWOW64\wlylac.exe
        
        "C:\Windows\system32\wlylac.exe"
        138⤵
        
        PID:972
        
        C:\Windows\SysWOW64\wlhywa.exe
        
        "C:\Windows\system32\wlhywa.exe"
        139⤵
        
        PID:1612
        
        C:\Windows\SysWOW64\wtfjdcgb.exe
        
        "C:\Windows\system32\wtfjdcgb.exe"
        140⤵
        
        PID:1508
        
        C:\Windows\SysWOW64\wmmuxnhym.exe
        
        "C:\Windows\system32\wmmuxnhym.exe"
        141⤵
        Drops file in System32 directory
        
        PID:2712
        
        C:\Windows\SysWOW64\wxwsu.exe
        
        "C:\Windows\system32\wxwsu.exe"
        142⤵
        Drops file in System32 directory
        
        PID:1720
        
        C:\Windows\SysWOW64\wpnsvx.exe
        
        "C:\Windows\system32\wpnsvx.exe"
        143⤵
        
        PID:2880
        
        C:\Windows\SysWOW64\wowhsvet.exe
        
        "C:\Windows\system32\wowhsvet.exe"
        144⤵
        
        PID:1948
        
        C:\Windows\SysWOW64\wonvcqyk.exe
        
        "C:\Windows\system32\wonvcqyk.exe"
        145⤵
        
        PID:2392
        
        C:\Windows\SysWOW64\wenhk.exe
        
        "C:\Windows\system32\wenhk.exe"
        146⤵
        
        PID:1408
        
        C:\Windows\SysWOW64\wwqkln.exe
        
        "C:\Windows\system32\wwqkln.exe"
        147⤵
        
        PID:2492
        
        C:\Windows\SysWOW64\waleges.exe
        
        "C:\Windows\system32\waleges.exe"
        148⤵
        
        PID:1252
        
        C:\Windows\SysWOW64\wploorm.exe
        
        "C:\Windows\system32\wploorm.exe"
        149⤵
        
        PID:2036
        
        C:\Windows\SysWOW64\wyiyt.exe
        
        "C:\Windows\system32\wyiyt.exe"
        150⤵
        Drops file in System32 directory
        
        PID:2220
        
        C:\Windows\SysWOW64\wpiia.exe
        
        "C:\Windows\system32\wpiia.exe"
        151⤵
        
        PID:2728
        
        C:\Windows\SysWOW64\wdyolevwd.exe
        
        "C:\Windows\system32\wdyolevwd.exe"
        152⤵
        
        PID:2796
        
        C:\Windows\SysWOW64\wghwxtms.exe
        
        "C:\Windows\system32\wghwxtms.exe"
        153⤵
        
        PID:1824
        
        C:\Windows\SysWOW64\wjjsg.exe
        
        "C:\Windows\system32\wjjsg.exe"
        154⤵
        
        PID:572
        
        C:\Windows\SysWOW64\wnsct.exe
        
        "C:\Windows\system32\wnsct.exe"
        155⤵
        
        PID:2656
        
        C:\Windows\SysWOW64\wmcpr.exe
        
        "C:\Windows\system32\wmcpr.exe"
        156⤵
        
        PID:1168
        
        C:\Windows\SysWOW64\wedax.exe
        
        "C:\Windows\system32\wedax.exe"
        157⤵
        
        PID:1244
        
        C:\Windows\SysWOW64\wqseievr.exe
        
        "C:\Windows\system32\wqseievr.exe"
        158⤵
        
        PID:1628
        
        C:\Windows\SysWOW64\wtbnvsmo.exe
        
        "C:\Windows\system32\wtbnvsmo.exe"
        159⤵
        
        PID:872
        
        C:\Windows\SysWOW64\wuhsaov.exe
        
        "C:\Windows\system32\wuhsaov.exe"
        160⤵
        
        PID:1644
        
        C:\Windows\SysWOW64\wgigqk.exe
        
        "C:\Windows\system32\wgigqk.exe"
        161⤵
        
        PID:892
        
        C:\Windows\SysWOW64\wkqqea.exe
        
        "C:\Windows\system32\wkqqea.exe"
        162⤵
        
        PID:612
        
        C:\Windows\SysWOW64\wbrbmnv.exe
        
        "C:\Windows\system32\wbrbmnv.exe"
        163⤵
        
        PID:2104
        
        C:\Windows\SysWOW64\wqcw.exe
        
        "C:\Windows\system32\wqcw.exe"
        164⤵
        
        PID:1820
        
        C:\Windows\SysWOW64\wlddy.exe
        
        "C:\Windows\system32\wlddy.exe"
        165⤵
        
        PID:1548
        
        C:\Windows\SysWOW64\wercauhh.exe
        
        "C:\Windows\system32\wercauhh.exe"
        166⤵
        
        PID:2556
        
        C:\Windows\SysWOW64\wdjsj.exe
        
        "C:\Windows\system32\wdjsj.exe"
        167⤵
        
        PID:2876
        
        C:\Windows\SysWOW64\wxsjowk.exe
        
        "C:\Windows\system32\wxsjowk.exe"
        168⤵
        
        PID:2296
        
        C:\Windows\SysWOW64\wottwkf.exe
        
        "C:\Windows\system32\wottwkf.exe"
        169⤵
        
        PID:832
        
        C:\Windows\SysWOW64\wrbdlau.exe
        
        "C:\Windows\system32\wrbdlau.exe"
        170⤵
        
        PID:2572
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wottwkf.exe"
        170⤵
        
        PID:2328
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxsjowk.exe"
        169⤵
        
        PID:268
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdjsj.exe"
        168⤵
        
        PID:1528
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wercauhh.exe"
        167⤵
        
        PID:2384
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlddy.exe"
        166⤵
        
        PID:908
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqcw.exe"
        165⤵
        
        PID:2488
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbrbmnv.exe"
        164⤵
        
        PID:2576
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkqqea.exe"
        163⤵
        
        PID:1372
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgigqk.exe"
        162⤵
        
        PID:2760
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wuhsaov.exe"
        161⤵
        
        PID:1572
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtbnvsmo.exe"
        160⤵
        
        PID:2032
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqseievr.exe"
        159⤵
        
        PID:2256
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wedax.exe"
        158⤵
        
        PID:2856
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmcpr.exe"
        157⤵
        
        PID:2620
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnsct.exe"
        156⤵
        
        PID:1704
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjjsg.exe"
        155⤵
        
        PID:1100
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wghwxtms.exe"
        154⤵
        
        PID:2084
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdyolevwd.exe"
        153⤵
        
        PID:2472
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpiia.exe"
        152⤵
        
        PID:2768
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wyiyt.exe"
        151⤵
        
        PID:2292
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wploorm.exe"
        150⤵
        
        PID:2520
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\waleges.exe"
        149⤵
        
        PID:676
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwqkln.exe"
        148⤵
        
        PID:2952
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wenhk.exe"
        147⤵
        
        PID:2184
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wonvcqyk.exe"
        146⤵
        
        PID:908
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wowhsvet.exe"
        145⤵
        
        PID:1640
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpnsvx.exe"
        144⤵
        
        PID:2672
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxwsu.exe"
        143⤵
        
        PID:2832
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmmuxnhym.exe"
        142⤵
        
        PID:2152
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtfjdcgb.exe"
        141⤵
        
        PID:2772
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlhywa.exe"
        140⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlylac.exe"
        139⤵
        
        PID:568
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqxebwllk.exe"
        138⤵
        
        PID:2648
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqhnraqtb.exe"
        137⤵
        
        PID:1304
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqbkof.exe"
        136⤵
        
        PID:1164
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wemgejb.exe"
        135⤵
        
        PID:2536
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wihjlku.exe"
        134⤵
        
        PID:1548
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\waxdhd.exe"
        133⤵
        
        PID:2600
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvntro.exe"
        132⤵
        
        PID:808
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbont.exe"
        131⤵
        
        PID:880
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxfdg.exe"
        130⤵
        
        PID:2712
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wudhxfph.exe"
        129⤵
        
        PID:1508
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wksia.exe"
        128⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wyfkbh.exe"
        127⤵
        
        PID:2020
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wljeen.exe"
        126⤵
        
        PID:2384
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtiux.exe"
        125⤵
        
        PID:396
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmodmsdt.exe"
        124⤵
        
        PID:2620
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wekfaoln.exe"
        123⤵
        
        PID:1952
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wsfjpps.exe"
        122⤵
        
        PID:2700
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wcqjodjj.exe"
        121⤵
        
        PID:640
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpquxgtj.exe"
        120⤵
        
        PID:2504
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wcjeulva.exe"
        119⤵
        
        PID:2352
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxec.exe"
        118⤵
        
        PID:1928
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wovinvmq.exe"
        117⤵
        
        PID:2500
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpetdbsyx.exe"
        116⤵
        
        PID:2972
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wabms.exe"
        115⤵
        
        PID:928
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfbfucxp.exe"
        114⤵
        
        PID:2836
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wossarv.exe"
        113⤵
        
        PID:588
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmljmdg.exe"
        112⤵
        
        PID:1820
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\weqtaubup.exe"
        111⤵
        
        PID:2820
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wiqlbqe.exe"
        110⤵
        Blocklisted process makes network request
        
        PID:2140
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwqxlsos.exe"
        109⤵
        
        PID:2016
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjtrn.exe"
        108⤵
        
        PID:2008
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgkib.exe"
        107⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpyomuf.exe"
        106⤵
        Blocklisted process makes network request
        Drops file in System32 directory
        
        PID:1304
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdgbjxxj.exe"
        105⤵
        Blocklisted process makes network request
        
        PID:1588
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wehysav.exe"
        104⤵
        
        PID:1632
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whsntyi.exe"
        103⤵
        
        PID:2860
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wijawbwlq.exe"
        102⤵
        
        PID:2176
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbbtrud.exe"
        101⤵
        
        PID:3004
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjbjkgi.exe"
        100⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wopseayug.exe"
        99⤵
        
        PID:2992
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wcoend.exe"
        98⤵
        
        PID:1976
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whpxoxnq.exe"
        97⤵
        
        PID:2572
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wesyh.exe"
        96⤵
        
        PID:1168
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnmghrlo.exe"
        95⤵
        
        PID:928
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfhiuoui.exe"
        94⤵
        
        PID:944
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtqus.exe"
        93⤵
        
        PID:2604
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqfmd.exe"
        92⤵
        
        PID:2704
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wilvrtr.exe"
        91⤵
        
        PID:1720
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwrkovkf.exe"
        90⤵
        Blocklisted process makes network request
        
        PID:1484
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpjejoqu.exe"
        89⤵
        Blocklisted process makes network request
        
        PID:956
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmatvybw.exe"
        88⤵
        Blocklisted process makes network request
        
        PID:1048
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wuktumsx.exe"
        87⤵
        
        PID:2980
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbjcm.exe"
        85⤵
        
        PID:2184
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wunmbyl.exe"
        84⤵
        
        PID:2212
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmtunr.exe"
        83⤵
        
        PID:972
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wuysagpn.exe"
        82⤵
        
        PID:612
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqpkm.exe"
        81⤵
        
        PID:2768
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkgdhlge.exe"
        80⤵
        
        PID:756
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxbhw.exe"
        79⤵
        
        PID:2992
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wedaxfr.exe"
        78⤵
        
        PID:1976
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wedwhjoev.exe"
        77⤵
        
        PID:1628
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnrc.exe"
        76⤵
        
        PID:2876
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjmbyiwi.exe"
        75⤵
        
        PID:1040
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgr.exe"
        74⤵
        
        PID:2408
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wodheenw.exe"
        73⤵
        
        PID:2760
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whirrxjxp.exe"
        72⤵
        
        PID:3032
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wekrlj.exe"
        71⤵
        
        PID:2688
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjaaedvv.exe"
        70⤵
        
        PID:2316
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjpojfkpn.exe"
        69⤵
        
        PID:2088
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wsbnhs.exe"
        68⤵
        
        PID:2376
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wokbf.exe"
        67⤵
        
        PID:2296
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxlryriu.exe"
        66⤵
        
        PID:2092
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdaask.exe"
        65⤵
        
        PID:1408
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wctuqqq.exe"
        64⤵
        
        PID:2132
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwfvi.exe"
        63⤵
        
        PID:3036
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wcxmud.exe"
        62⤵
        
        PID:2432
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdmy.exe"
        61⤵
        
        PID:1672
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqnl.exe"
        60⤵
        
        PID:880
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wewgyndiu.exe"
        59⤵
        
        PID:1816
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wysfd.exe"
        58⤵
        
        PID:1368
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvivp.exe"
        57⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvajso.exe"
        56⤵
        
        PID:1988
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wcosnigt.exe"
        55⤵
        
        PID:972
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtflhcl.exe"
        54⤵
        
        PID:2760
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlwgcus.exe"
        53⤵
        
        PID:3032
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wavsmxc.exe"
        52⤵
        
        PID:2812
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnuewcl.exe"
        51⤵
        
        PID:2680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 844
        51⤵
        Program crash
        
        PID:2312
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wolqa.exe"
        50⤵
        
        PID:1864
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjv.exe"
        49⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whl.exe"
        48⤵
        
        PID:2972
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqk.exe"
        47⤵
        
        PID:2344
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjvelk.exe"
        46⤵
        
        PID:1244
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjvyumo.exe"
        45⤵
        
        PID:2492
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnxsvg.exe"
        44⤵
        
        PID:612
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvwiot.exe"
        43⤵
        
        PID:2840
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxmvrv.exe"
        42⤵
        
        PID:2748
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wllhbxv.exe"
        41⤵
        
        PID:1500
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpcpu.exe"
        40⤵
        
        PID:2388
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmf.exe"
        39⤵
        
        PID:900
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgkxla.exe"
        38⤵
        
        PID:2152
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbulkndlr.exe"
        37⤵
        
        PID:1656
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wckynp.exe"
        36⤵
        
        PID:268
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wytnmdtwv.exe"
        35⤵
        
        PID:1480
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdnebyn.exe"
        34⤵
        
        PID:1236
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\winxbt.exe"
        33⤵
        
        PID:1796
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrnnufvsc.exe"
        32⤵
        
        PID:2776
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbdr.exe"
        31⤵
        
        PID:1544
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjci.exe"
        30⤵
        
        PID:2312
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjwdvinx.exe"
        29⤵
        
        PID:564
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wffrtups.exe"
        28⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpvvfgl.exe"
        27⤵
        
        PID:2592
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgfom.exe"
        26⤵
        
        PID:1268
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdantqvcx.exe"
        25⤵
        
        PID:1452
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqonv.exe"
        24⤵
        
        PID:2864
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdxllw.exe"
        23⤵
        
        PID:432
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wcleve.exe"
        22⤵
        
        PID:2668
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtotpcmm.exe"
        21⤵
        
        PID:2692
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlncqwbcl.exe"
        20⤵
        
        PID:2448
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxwyhbu.exe"
        19⤵
        
        PID:556
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wimdsm.exe"
        18⤵
        
        PID:1628
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\winbcoo.exe"
        17⤵
        
        PID:2160
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wscfoa.exe"
        16⤵
        
        PID:1928
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxdxo.exe"
        15⤵
        
        PID:312
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wldly.exe"
        14⤵
        
        PID:1168
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpde.exe"
        13⤵
        
        PID:1100
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlm.exe"
        12⤵
        
        PID:2248
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkskvp.exe"
        11⤵
        
        PID:2824
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wuhohb.exe"
        10⤵
        
        PID:1524
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtuipi.exe"
        9⤵
        
        PID:2976
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtdsh.exe"
        8⤵
        
        PID:976
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgnaq.exe"
        7⤵
        
        PID:2732
      - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgiumy.exe"
        6⤵
        
        PID:1044
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxid.exe"
        5⤵
        
        PID:1984
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgmbaj.exe"
      4⤵
      PID:1020
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnxykdc.exe"
    3⤵
    PID:2600
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c del "C:\Users\Admin\AppData\Local\Temp\NEAS.29d44e10f90fa2e903709acc488ba3b0.exe"
  2⤵
  - Deletes itself
  PID:2772

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "191232487124412977-215410012-89991948210154979493986881361184166245952121398"
1⤵
PID:1976

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-3250720282029748051269675231-16646590841510683137-1805240481769619026601968712"
1⤵
PID:2992

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "19860021837948834561386219764181816868319219488891524677232-1631481094637528351"
1⤵
PID:972

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "1075134538-2079094755634987099-867434261915748638-254905686-228998542284629211"
1⤵
PID:292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YV4U0ZIU\install[2].htm

Filesize
7KB

MD5
de2cb7023f57d742c0e5ff96070ba265

SHA1
399bb27e5a043e80c784f4a40c243cf31cbd1f5b

SHA256
b30382416de9457126a6d65ac3ac77d3df82c5aa611b55de79506ac96a0b371f

SHA512
0139886128788bda0869a890fd062989cdc1d2b001e9f5c366e7f31d9a8fa18ee819a0e4bb1a4eabe837c3a9bbd478c7a5ef03676ec595936bec0f98d6128069

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\084E0F13.txt

Filesize
98B

MD5
29cf61a3831bf3da170d5d7367848a0b

SHA1
cea93945b5b4b77d0e2445a52aedda9ce22b9227

SHA256
55d354802421993b648256fb9682addf9c30a9090fe6d22c4e3a8edc81575165

SHA512
b2521a3ca4446f534a2c6cfd39353f2d9ce3ed8b4afe2228b1fc7f674b1c6eebad7cd4cb0a6b3b5f94cfd6b36c1fbf05377d5fcd49b96f7b58986bdf9b9db37c

Download Submit
C:\Windows\SysWOW64\wgiumy.exe

Filesize
350KB

MD5
85b4881735c765557bdc9acc55027667

SHA1
42c3624e83bc6f3e86ab3d938eb5d9aa480ab33e

SHA256
0fec7cabea0d72957766d7cb463c9ae3787b493024393038f8d20823659457b4

SHA512
2406844074a52d7324cfb3c7715e62f91a42d22feabdab2aa9d5bef2a9530102badd9a0eb74db59962dee721a4abed9e14a974ea547da475baec284507105a87

Download Submit
C:\Windows\SysWOW64\wgiumy.exe

Filesize
350KB

MD5
85b4881735c765557bdc9acc55027667

SHA1
42c3624e83bc6f3e86ab3d938eb5d9aa480ab33e

SHA256
0fec7cabea0d72957766d7cb463c9ae3787b493024393038f8d20823659457b4

SHA512
2406844074a52d7324cfb3c7715e62f91a42d22feabdab2aa9d5bef2a9530102badd9a0eb74db59962dee721a4abed9e14a974ea547da475baec284507105a87

Download Submit
C:\Windows\SysWOW64\wgmbaj.exe

Filesize
350KB

MD5
77923d7e2a3ab241ca43bc4931c00221

SHA1
ea3cc875071baeddf883de955616aa487c6f6ffd

SHA256
18f3cb09fc11dac36f5d6dbb5750fd5f9ae2a2e484c1245916b4953b4278b15d

SHA512
e8eb7f851fc533905b10e0f861bf504ac1df2bac94704ee437dfcc0e81e27d4aebe940ef39876e411a0904100e9bf243f7df7fcbb1a6d96f30ffc5ec3c01778a

Download Submit
C:\Windows\SysWOW64\wgmbaj.exe

Filesize
350KB

MD5
77923d7e2a3ab241ca43bc4931c00221

SHA1
ea3cc875071baeddf883de955616aa487c6f6ffd

SHA256
18f3cb09fc11dac36f5d6dbb5750fd5f9ae2a2e484c1245916b4953b4278b15d

SHA512
e8eb7f851fc533905b10e0f861bf504ac1df2bac94704ee437dfcc0e81e27d4aebe940ef39876e411a0904100e9bf243f7df7fcbb1a6d96f30ffc5ec3c01778a

Download Submit
C:\Windows\SysWOW64\wgnaq.exe

Filesize
350KB

MD5
50a3429487c82fcc366c225dd3b5793b

SHA1
eb8ed73b9b62d1d666e02228b9596c0465079616

SHA256
2d5ae2266da42cc46e9cf9293f337895d765c96b1573f6a2fb83594fbce3d48f

SHA512
d4b5663575945ff0802af8a3d0fce2082c388dd67b744261c4c7dba16d25221fbc4397b9a0d5881775bf8c0adfc32e6099c10f35be6e568ec3e8ecf49d5a1d93

Download Submit
C:\Windows\SysWOW64\wgnaq.exe

Filesize
350KB

MD5
50a3429487c82fcc366c225dd3b5793b

SHA1
eb8ed73b9b62d1d666e02228b9596c0465079616

SHA256
2d5ae2266da42cc46e9cf9293f337895d765c96b1573f6a2fb83594fbce3d48f

SHA512
d4b5663575945ff0802af8a3d0fce2082c388dd67b744261c4c7dba16d25221fbc4397b9a0d5881775bf8c0adfc32e6099c10f35be6e568ec3e8ecf49d5a1d93

Download Submit
C:\Windows\SysWOW64\wkskvp.exe

Filesize
350KB

MD5
119d6a31349d9657c92fd61615620b49

SHA1
980623596832c1febdcb51da040ec16433028e2a

SHA256
f36415bd73177216a51cd31df029f2b91a46d29f82d12081aa558a6df4a2d33c

SHA512
01b73ec0100f2704d8e872042144109b7ef5845758dfcbfed0b96b6352a86ec79d4f8abd8d88e0cc59ff3cceacecf68996937c10852402b37938d6b15e91ff52

Download Submit
C:\Windows\SysWOW64\wkskvp.exe

Filesize
350KB

MD5
119d6a31349d9657c92fd61615620b49

SHA1
980623596832c1febdcb51da040ec16433028e2a

SHA256
f36415bd73177216a51cd31df029f2b91a46d29f82d12081aa558a6df4a2d33c

SHA512
01b73ec0100f2704d8e872042144109b7ef5845758dfcbfed0b96b6352a86ec79d4f8abd8d88e0cc59ff3cceacecf68996937c10852402b37938d6b15e91ff52

Download Submit
C:\Windows\SysWOW64\wlm.exe

Filesize
350KB

MD5
c44d094170b37efbafb2074678acacaa

SHA1
9a1355a38b6e76c8dc1cc5c12387be94ebffbd9e

SHA256
4e7e6fa4ec7f3c0378ffd8a0a92b9a140368f87f844157d23c9401ac76f3c60e

SHA512
91a306345cf54f864be3dc9711e02526f379f12da7973b8e3538cd573fa89af6eefe69612de4f41886cab652594d4b85c5f48fdf17e7f4ebbf53d419c5eb956b

Download Submit
C:\Windows\SysWOW64\wlm.exe

Filesize
350KB

MD5
c44d094170b37efbafb2074678acacaa

SHA1
9a1355a38b6e76c8dc1cc5c12387be94ebffbd9e

SHA256
4e7e6fa4ec7f3c0378ffd8a0a92b9a140368f87f844157d23c9401ac76f3c60e

SHA512
91a306345cf54f864be3dc9711e02526f379f12da7973b8e3538cd573fa89af6eefe69612de4f41886cab652594d4b85c5f48fdf17e7f4ebbf53d419c5eb956b

Download Submit
C:\Windows\SysWOW64\wnxykdc.exe

Filesize
350KB

MD5
671b7f266bb722438f1b8941e4cf28fe

SHA1
c82f801381e741942a36b64e7a5790bdb171205b

SHA256
3f93b466d788ef9dfeb1631b6326eecb1b5f8764e4cb7975ec3ac3c9140e2e70

SHA512
cc9e0da0f3e61963455da612cc995ea430a88669a35977ac88ca115952b28500563f8c295606b7d419cf6e508cdb832a530b4d361dff989c8f710a314d80fa24

Download Submit
C:\Windows\SysWOW64\wnxykdc.exe

Filesize
350KB

MD5
671b7f266bb722438f1b8941e4cf28fe

SHA1
c82f801381e741942a36b64e7a5790bdb171205b

SHA256
3f93b466d788ef9dfeb1631b6326eecb1b5f8764e4cb7975ec3ac3c9140e2e70

SHA512
cc9e0da0f3e61963455da612cc995ea430a88669a35977ac88ca115952b28500563f8c295606b7d419cf6e508cdb832a530b4d361dff989c8f710a314d80fa24

Download Submit
C:\Windows\SysWOW64\wnxykdc.exe

Filesize
350KB

MD5
671b7f266bb722438f1b8941e4cf28fe

SHA1
c82f801381e741942a36b64e7a5790bdb171205b

SHA256
3f93b466d788ef9dfeb1631b6326eecb1b5f8764e4cb7975ec3ac3c9140e2e70

SHA512
cc9e0da0f3e61963455da612cc995ea430a88669a35977ac88ca115952b28500563f8c295606b7d419cf6e508cdb832a530b4d361dff989c8f710a314d80fa24

Download Submit
C:\Windows\SysWOW64\wtdsh.exe

Filesize
350KB

MD5
b0d19a5a3559d177bff3f4f7c8ea0ff5

SHA1
dd7ae1fadf67a3a7adbf6edfab0b0f56c73f3820

SHA256
218a7588c6842d2dbdd7b6b6810e23f1b10b939b75e2d41f3577dc7c57fd72f8

SHA512
98d194a5cb52f247151adf421cdb003d57c7ae50da9d0a7df009a9d10a07602772d83c215e30609fdb47795e32b6085d1e1844b3fa0bbff128a81af0f91798b7

Download Submit
C:\Windows\SysWOW64\wtdsh.exe

Filesize
350KB

MD5
b0d19a5a3559d177bff3f4f7c8ea0ff5

SHA1
dd7ae1fadf67a3a7adbf6edfab0b0f56c73f3820

SHA256
218a7588c6842d2dbdd7b6b6810e23f1b10b939b75e2d41f3577dc7c57fd72f8

SHA512
98d194a5cb52f247151adf421cdb003d57c7ae50da9d0a7df009a9d10a07602772d83c215e30609fdb47795e32b6085d1e1844b3fa0bbff128a81af0f91798b7

Download Submit
C:\Windows\SysWOW64\wtuipi.exe

Filesize
350KB

MD5
a36f2ab06cb656f455380f1caa9af193

SHA1
150ede4842faaee27beecddbbb718a101c18bc8d

SHA256
40e4897fc7f6ae82c7bd6b2116af39ac429ecb9d07afe614548113b227a7917c

SHA512
9695b305fa02785ed9feb40a0468c50973fa0d9f52e41341047989f09e5bb703718ba71aea0d997358146ab8aecd96e0d91319906f5f437864226ed22cc4d138

Download Submit
C:\Windows\SysWOW64\wtuipi.exe

Filesize
350KB

MD5
a36f2ab06cb656f455380f1caa9af193

SHA1
150ede4842faaee27beecddbbb718a101c18bc8d

SHA256
40e4897fc7f6ae82c7bd6b2116af39ac429ecb9d07afe614548113b227a7917c

SHA512
9695b305fa02785ed9feb40a0468c50973fa0d9f52e41341047989f09e5bb703718ba71aea0d997358146ab8aecd96e0d91319906f5f437864226ed22cc4d138

Download Submit
C:\Windows\SysWOW64\wuhohb.exe

Filesize
350KB

MD5
ab1ec00ccc65835790e6dc3dc92da7a7

SHA1
379e2dd86a8448f90412497e4945f4b36fad13ea

SHA256
fe5c271b58015dcc3ea11850abc27d27c90d8a047ea4c49d71768d906779da4d

SHA512
7a5fc129b7e814c9d14a2974721f7d49ebee7cd74d9ebc7076574030acce550cfbf435d9aaef15b6f9b2bf1968078f550954422e8b4c781a998aab63dd820ad6

Download Submit
C:\Windows\SysWOW64\wuhohb.exe

Filesize
350KB

MD5
ab1ec00ccc65835790e6dc3dc92da7a7

SHA1
379e2dd86a8448f90412497e4945f4b36fad13ea

SHA256
fe5c271b58015dcc3ea11850abc27d27c90d8a047ea4c49d71768d906779da4d

SHA512
7a5fc129b7e814c9d14a2974721f7d49ebee7cd74d9ebc7076574030acce550cfbf435d9aaef15b6f9b2bf1968078f550954422e8b4c781a998aab63dd820ad6

Download Submit
C:\Windows\SysWOW64\wxid.exe

Filesize
350KB

MD5
eec3e9457b66e16403e412d0ae5d37fc

SHA1
30da93ce00ec967245606a5ca0e41a1fa4f7a9a6

SHA256
ad5628b0d01a7ff24a0947f6d43057c6a45dc7729d892693cf0e68e787e62748

SHA512
bcb0d08df646fd6f90027efe42df41b254d4e0089a0e4528f425462e45fd0510aa3f756ca08d6d901ba9dbb3069c3164d497f3d62858a9fbaee1e52f8f9ad0e0

Download Submit
C:\Windows\SysWOW64\wxid.exe

Filesize
350KB

MD5
eec3e9457b66e16403e412d0ae5d37fc

SHA1
30da93ce00ec967245606a5ca0e41a1fa4f7a9a6

SHA256
ad5628b0d01a7ff24a0947f6d43057c6a45dc7729d892693cf0e68e787e62748

SHA512
bcb0d08df646fd6f90027efe42df41b254d4e0089a0e4528f425462e45fd0510aa3f756ca08d6d901ba9dbb3069c3164d497f3d62858a9fbaee1e52f8f9ad0e0

Download Submit
\Windows\SysWOW64\wgiumy.exe

Filesize
350KB

MD5
85b4881735c765557bdc9acc55027667

SHA1
42c3624e83bc6f3e86ab3d938eb5d9aa480ab33e

SHA256
0fec7cabea0d72957766d7cb463c9ae3787b493024393038f8d20823659457b4

SHA512
2406844074a52d7324cfb3c7715e62f91a42d22feabdab2aa9d5bef2a9530102badd9a0eb74db59962dee721a4abed9e14a974ea547da475baec284507105a87

Download Submit
\Windows\SysWOW64\wgiumy.exe

Filesize
350KB

MD5
85b4881735c765557bdc9acc55027667

SHA1
42c3624e83bc6f3e86ab3d938eb5d9aa480ab33e

SHA256
0fec7cabea0d72957766d7cb463c9ae3787b493024393038f8d20823659457b4

SHA512
2406844074a52d7324cfb3c7715e62f91a42d22feabdab2aa9d5bef2a9530102badd9a0eb74db59962dee721a4abed9e14a974ea547da475baec284507105a87

Download Submit
\Windows\SysWOW64\wgiumy.exe

Filesize
350KB

MD5
85b4881735c765557bdc9acc55027667

SHA1
42c3624e83bc6f3e86ab3d938eb5d9aa480ab33e

SHA256
0fec7cabea0d72957766d7cb463c9ae3787b493024393038f8d20823659457b4

SHA512
2406844074a52d7324cfb3c7715e62f91a42d22feabdab2aa9d5bef2a9530102badd9a0eb74db59962dee721a4abed9e14a974ea547da475baec284507105a87

Download Submit
\Windows\SysWOW64\wgiumy.exe

Filesize
350KB

MD5
85b4881735c765557bdc9acc55027667

SHA1
42c3624e83bc6f3e86ab3d938eb5d9aa480ab33e

SHA256
0fec7cabea0d72957766d7cb463c9ae3787b493024393038f8d20823659457b4

SHA512
2406844074a52d7324cfb3c7715e62f91a42d22feabdab2aa9d5bef2a9530102badd9a0eb74db59962dee721a4abed9e14a974ea547da475baec284507105a87

Download Submit
\Windows\SysWOW64\wgmbaj.exe

Filesize
350KB

MD5
77923d7e2a3ab241ca43bc4931c00221

SHA1
ea3cc875071baeddf883de955616aa487c6f6ffd

SHA256
18f3cb09fc11dac36f5d6dbb5750fd5f9ae2a2e484c1245916b4953b4278b15d

SHA512
e8eb7f851fc533905b10e0f861bf504ac1df2bac94704ee437dfcc0e81e27d4aebe940ef39876e411a0904100e9bf243f7df7fcbb1a6d96f30ffc5ec3c01778a

Download Submit
\Windows\SysWOW64\wgmbaj.exe

Filesize
350KB

MD5
77923d7e2a3ab241ca43bc4931c00221

SHA1
ea3cc875071baeddf883de955616aa487c6f6ffd

SHA256
18f3cb09fc11dac36f5d6dbb5750fd5f9ae2a2e484c1245916b4953b4278b15d

SHA512
e8eb7f851fc533905b10e0f861bf504ac1df2bac94704ee437dfcc0e81e27d4aebe940ef39876e411a0904100e9bf243f7df7fcbb1a6d96f30ffc5ec3c01778a

Download Submit
\Windows\SysWOW64\wgmbaj.exe

Filesize
350KB

MD5
77923d7e2a3ab241ca43bc4931c00221

SHA1
ea3cc875071baeddf883de955616aa487c6f6ffd

SHA256
18f3cb09fc11dac36f5d6dbb5750fd5f9ae2a2e484c1245916b4953b4278b15d

SHA512
e8eb7f851fc533905b10e0f861bf504ac1df2bac94704ee437dfcc0e81e27d4aebe940ef39876e411a0904100e9bf243f7df7fcbb1a6d96f30ffc5ec3c01778a

Download Submit
\Windows\SysWOW64\wgmbaj.exe

Filesize
350KB

MD5
77923d7e2a3ab241ca43bc4931c00221

SHA1
ea3cc875071baeddf883de955616aa487c6f6ffd

SHA256
18f3cb09fc11dac36f5d6dbb5750fd5f9ae2a2e484c1245916b4953b4278b15d

SHA512
e8eb7f851fc533905b10e0f861bf504ac1df2bac94704ee437dfcc0e81e27d4aebe940ef39876e411a0904100e9bf243f7df7fcbb1a6d96f30ffc5ec3c01778a

Download Submit
\Windows\SysWOW64\wgnaq.exe

Filesize
350KB

MD5
50a3429487c82fcc366c225dd3b5793b

SHA1
eb8ed73b9b62d1d666e02228b9596c0465079616

SHA256
2d5ae2266da42cc46e9cf9293f337895d765c96b1573f6a2fb83594fbce3d48f

SHA512
d4b5663575945ff0802af8a3d0fce2082c388dd67b744261c4c7dba16d25221fbc4397b9a0d5881775bf8c0adfc32e6099c10f35be6e568ec3e8ecf49d5a1d93

Download Submit
\Windows\SysWOW64\wgnaq.exe

Filesize
350KB

MD5
50a3429487c82fcc366c225dd3b5793b

SHA1
eb8ed73b9b62d1d666e02228b9596c0465079616

SHA256
2d5ae2266da42cc46e9cf9293f337895d765c96b1573f6a2fb83594fbce3d48f

SHA512
d4b5663575945ff0802af8a3d0fce2082c388dd67b744261c4c7dba16d25221fbc4397b9a0d5881775bf8c0adfc32e6099c10f35be6e568ec3e8ecf49d5a1d93

Download Submit
\Windows\SysWOW64\wgnaq.exe

Filesize
350KB

MD5
50a3429487c82fcc366c225dd3b5793b

SHA1
eb8ed73b9b62d1d666e02228b9596c0465079616

SHA256
2d5ae2266da42cc46e9cf9293f337895d765c96b1573f6a2fb83594fbce3d48f

SHA512
d4b5663575945ff0802af8a3d0fce2082c388dd67b744261c4c7dba16d25221fbc4397b9a0d5881775bf8c0adfc32e6099c10f35be6e568ec3e8ecf49d5a1d93

Download Submit
\Windows\SysWOW64\wgnaq.exe

Filesize
350KB

MD5
50a3429487c82fcc366c225dd3b5793b

SHA1
eb8ed73b9b62d1d666e02228b9596c0465079616

SHA256
2d5ae2266da42cc46e9cf9293f337895d765c96b1573f6a2fb83594fbce3d48f

SHA512
d4b5663575945ff0802af8a3d0fce2082c388dd67b744261c4c7dba16d25221fbc4397b9a0d5881775bf8c0adfc32e6099c10f35be6e568ec3e8ecf49d5a1d93

Download Submit
\Windows\SysWOW64\wkskvp.exe

Filesize
350KB

MD5
119d6a31349d9657c92fd61615620b49

SHA1
980623596832c1febdcb51da040ec16433028e2a

SHA256
f36415bd73177216a51cd31df029f2b91a46d29f82d12081aa558a6df4a2d33c

SHA512
01b73ec0100f2704d8e872042144109b7ef5845758dfcbfed0b96b6352a86ec79d4f8abd8d88e0cc59ff3cceacecf68996937c10852402b37938d6b15e91ff52

Download Submit
\Windows\SysWOW64\wkskvp.exe

Filesize
350KB

MD5
119d6a31349d9657c92fd61615620b49

SHA1
980623596832c1febdcb51da040ec16433028e2a

SHA256
f36415bd73177216a51cd31df029f2b91a46d29f82d12081aa558a6df4a2d33c

SHA512
01b73ec0100f2704d8e872042144109b7ef5845758dfcbfed0b96b6352a86ec79d4f8abd8d88e0cc59ff3cceacecf68996937c10852402b37938d6b15e91ff52

Download Submit
\Windows\SysWOW64\wkskvp.exe

Filesize
350KB

MD5
119d6a31349d9657c92fd61615620b49

SHA1
980623596832c1febdcb51da040ec16433028e2a

SHA256
f36415bd73177216a51cd31df029f2b91a46d29f82d12081aa558a6df4a2d33c

SHA512
01b73ec0100f2704d8e872042144109b7ef5845758dfcbfed0b96b6352a86ec79d4f8abd8d88e0cc59ff3cceacecf68996937c10852402b37938d6b15e91ff52

Download Submit
\Windows\SysWOW64\wkskvp.exe

Filesize
350KB

MD5
119d6a31349d9657c92fd61615620b49

SHA1
980623596832c1febdcb51da040ec16433028e2a

SHA256
f36415bd73177216a51cd31df029f2b91a46d29f82d12081aa558a6df4a2d33c

SHA512
01b73ec0100f2704d8e872042144109b7ef5845758dfcbfed0b96b6352a86ec79d4f8abd8d88e0cc59ff3cceacecf68996937c10852402b37938d6b15e91ff52

Download Submit
\Windows\SysWOW64\wlm.exe

Filesize
350KB

MD5
c44d094170b37efbafb2074678acacaa

SHA1
9a1355a38b6e76c8dc1cc5c12387be94ebffbd9e

SHA256
4e7e6fa4ec7f3c0378ffd8a0a92b9a140368f87f844157d23c9401ac76f3c60e

SHA512
91a306345cf54f864be3dc9711e02526f379f12da7973b8e3538cd573fa89af6eefe69612de4f41886cab652594d4b85c5f48fdf17e7f4ebbf53d419c5eb956b

Download Submit
\Windows\SysWOW64\wlm.exe

Filesize
350KB

MD5
c44d094170b37efbafb2074678acacaa

SHA1
9a1355a38b6e76c8dc1cc5c12387be94ebffbd9e

SHA256
4e7e6fa4ec7f3c0378ffd8a0a92b9a140368f87f844157d23c9401ac76f3c60e

SHA512
91a306345cf54f864be3dc9711e02526f379f12da7973b8e3538cd573fa89af6eefe69612de4f41886cab652594d4b85c5f48fdf17e7f4ebbf53d419c5eb956b

Download Submit
\Windows\SysWOW64\wlm.exe

Filesize
350KB

MD5
c44d094170b37efbafb2074678acacaa

SHA1
9a1355a38b6e76c8dc1cc5c12387be94ebffbd9e

SHA256
4e7e6fa4ec7f3c0378ffd8a0a92b9a140368f87f844157d23c9401ac76f3c60e

SHA512
91a306345cf54f864be3dc9711e02526f379f12da7973b8e3538cd573fa89af6eefe69612de4f41886cab652594d4b85c5f48fdf17e7f4ebbf53d419c5eb956b

Download Submit
\Windows\SysWOW64\wlm.exe

Filesize
350KB

MD5
c44d094170b37efbafb2074678acacaa

SHA1
9a1355a38b6e76c8dc1cc5c12387be94ebffbd9e

SHA256
4e7e6fa4ec7f3c0378ffd8a0a92b9a140368f87f844157d23c9401ac76f3c60e

SHA512
91a306345cf54f864be3dc9711e02526f379f12da7973b8e3538cd573fa89af6eefe69612de4f41886cab652594d4b85c5f48fdf17e7f4ebbf53d419c5eb956b

Download Submit
\Windows\SysWOW64\wnxykdc.exe

Filesize
350KB

MD5
671b7f266bb722438f1b8941e4cf28fe

SHA1
c82f801381e741942a36b64e7a5790bdb171205b

SHA256
3f93b466d788ef9dfeb1631b6326eecb1b5f8764e4cb7975ec3ac3c9140e2e70

SHA512
cc9e0da0f3e61963455da612cc995ea430a88669a35977ac88ca115952b28500563f8c295606b7d419cf6e508cdb832a530b4d361dff989c8f710a314d80fa24

Download Submit
\Windows\SysWOW64\wnxykdc.exe

Filesize
350KB

MD5
671b7f266bb722438f1b8941e4cf28fe

SHA1
c82f801381e741942a36b64e7a5790bdb171205b

SHA256
3f93b466d788ef9dfeb1631b6326eecb1b5f8764e4cb7975ec3ac3c9140e2e70

SHA512
cc9e0da0f3e61963455da612cc995ea430a88669a35977ac88ca115952b28500563f8c295606b7d419cf6e508cdb832a530b4d361dff989c8f710a314d80fa24

Download Submit
\Windows\SysWOW64\wnxykdc.exe

Filesize
350KB

MD5
671b7f266bb722438f1b8941e4cf28fe

SHA1
c82f801381e741942a36b64e7a5790bdb171205b

SHA256
3f93b466d788ef9dfeb1631b6326eecb1b5f8764e4cb7975ec3ac3c9140e2e70

SHA512
cc9e0da0f3e61963455da612cc995ea430a88669a35977ac88ca115952b28500563f8c295606b7d419cf6e508cdb832a530b4d361dff989c8f710a314d80fa24

Download Submit
\Windows\SysWOW64\wnxykdc.exe

Filesize
350KB

MD5
671b7f266bb722438f1b8941e4cf28fe

SHA1
c82f801381e741942a36b64e7a5790bdb171205b

SHA256
3f93b466d788ef9dfeb1631b6326eecb1b5f8764e4cb7975ec3ac3c9140e2e70

SHA512
cc9e0da0f3e61963455da612cc995ea430a88669a35977ac88ca115952b28500563f8c295606b7d419cf6e508cdb832a530b4d361dff989c8f710a314d80fa24

Download Submit
\Windows\SysWOW64\wpde.exe

Filesize
350KB

MD5
4755aed866126c207e3699a89a979d62

SHA1
c8abb669996feb74ec7b0192d022fb9fd24c2be0

SHA256
c8b02c19f0a20960028060028497f6de6109f969a55a8f7a4a29ecc7ee02a6b3

SHA512
d4f70158aa7bdeaea2c5236f3965b9a315ed2ed82bceb0ca9766553132ffc22a7328b5f954565f70af0ea2088f85e85ffb6e4d1ce296cc1004f239cd71d12767

Download Submit
\Windows\SysWOW64\wpde.exe

Filesize
350KB

MD5
4755aed866126c207e3699a89a979d62

SHA1
c8abb669996feb74ec7b0192d022fb9fd24c2be0

SHA256
c8b02c19f0a20960028060028497f6de6109f969a55a8f7a4a29ecc7ee02a6b3

SHA512
d4f70158aa7bdeaea2c5236f3965b9a315ed2ed82bceb0ca9766553132ffc22a7328b5f954565f70af0ea2088f85e85ffb6e4d1ce296cc1004f239cd71d12767

Download Submit
\Windows\SysWOW64\wpde.exe

Filesize
350KB

MD5
4755aed866126c207e3699a89a979d62

SHA1
c8abb669996feb74ec7b0192d022fb9fd24c2be0

SHA256
c8b02c19f0a20960028060028497f6de6109f969a55a8f7a4a29ecc7ee02a6b3

SHA512
d4f70158aa7bdeaea2c5236f3965b9a315ed2ed82bceb0ca9766553132ffc22a7328b5f954565f70af0ea2088f85e85ffb6e4d1ce296cc1004f239cd71d12767

Download Submit
\Windows\SysWOW64\wtdsh.exe

Filesize
350KB

MD5
b0d19a5a3559d177bff3f4f7c8ea0ff5

SHA1
dd7ae1fadf67a3a7adbf6edfab0b0f56c73f3820

SHA256
218a7588c6842d2dbdd7b6b6810e23f1b10b939b75e2d41f3577dc7c57fd72f8

SHA512
98d194a5cb52f247151adf421cdb003d57c7ae50da9d0a7df009a9d10a07602772d83c215e30609fdb47795e32b6085d1e1844b3fa0bbff128a81af0f91798b7

Download Submit
\Windows\SysWOW64\wtdsh.exe

Filesize
350KB

MD5
b0d19a5a3559d177bff3f4f7c8ea0ff5

SHA1
dd7ae1fadf67a3a7adbf6edfab0b0f56c73f3820

SHA256
218a7588c6842d2dbdd7b6b6810e23f1b10b939b75e2d41f3577dc7c57fd72f8

SHA512
98d194a5cb52f247151adf421cdb003d57c7ae50da9d0a7df009a9d10a07602772d83c215e30609fdb47795e32b6085d1e1844b3fa0bbff128a81af0f91798b7

Download Submit
\Windows\SysWOW64\wtdsh.exe

Filesize
350KB

MD5
b0d19a5a3559d177bff3f4f7c8ea0ff5

SHA1
dd7ae1fadf67a3a7adbf6edfab0b0f56c73f3820

SHA256
218a7588c6842d2dbdd7b6b6810e23f1b10b939b75e2d41f3577dc7c57fd72f8

SHA512
98d194a5cb52f247151adf421cdb003d57c7ae50da9d0a7df009a9d10a07602772d83c215e30609fdb47795e32b6085d1e1844b3fa0bbff128a81af0f91798b7

Download Submit
\Windows\SysWOW64\wtdsh.exe

Filesize
350KB

MD5
b0d19a5a3559d177bff3f4f7c8ea0ff5

SHA1
dd7ae1fadf67a3a7adbf6edfab0b0f56c73f3820

SHA256
218a7588c6842d2dbdd7b6b6810e23f1b10b939b75e2d41f3577dc7c57fd72f8

SHA512
98d194a5cb52f247151adf421cdb003d57c7ae50da9d0a7df009a9d10a07602772d83c215e30609fdb47795e32b6085d1e1844b3fa0bbff128a81af0f91798b7

Download Submit
\Windows\SysWOW64\wtuipi.exe

Filesize
350KB

MD5
a36f2ab06cb656f455380f1caa9af193

SHA1
150ede4842faaee27beecddbbb718a101c18bc8d

SHA256
40e4897fc7f6ae82c7bd6b2116af39ac429ecb9d07afe614548113b227a7917c

SHA512
9695b305fa02785ed9feb40a0468c50973fa0d9f52e41341047989f09e5bb703718ba71aea0d997358146ab8aecd96e0d91319906f5f437864226ed22cc4d138

Download Submit
\Windows\SysWOW64\wtuipi.exe

Filesize
350KB

MD5
a36f2ab06cb656f455380f1caa9af193

SHA1
150ede4842faaee27beecddbbb718a101c18bc8d

SHA256
40e4897fc7f6ae82c7bd6b2116af39ac429ecb9d07afe614548113b227a7917c

SHA512
9695b305fa02785ed9feb40a0468c50973fa0d9f52e41341047989f09e5bb703718ba71aea0d997358146ab8aecd96e0d91319906f5f437864226ed22cc4d138

Download Submit
\Windows\SysWOW64\wtuipi.exe

Filesize
350KB

MD5
a36f2ab06cb656f455380f1caa9af193

SHA1
150ede4842faaee27beecddbbb718a101c18bc8d

SHA256
40e4897fc7f6ae82c7bd6b2116af39ac429ecb9d07afe614548113b227a7917c

SHA512
9695b305fa02785ed9feb40a0468c50973fa0d9f52e41341047989f09e5bb703718ba71aea0d997358146ab8aecd96e0d91319906f5f437864226ed22cc4d138

Download Submit
\Windows\SysWOW64\wtuipi.exe

Filesize
350KB

MD5
a36f2ab06cb656f455380f1caa9af193

SHA1
150ede4842faaee27beecddbbb718a101c18bc8d

SHA256
40e4897fc7f6ae82c7bd6b2116af39ac429ecb9d07afe614548113b227a7917c

SHA512
9695b305fa02785ed9feb40a0468c50973fa0d9f52e41341047989f09e5bb703718ba71aea0d997358146ab8aecd96e0d91319906f5f437864226ed22cc4d138

Download Submit
\Windows\SysWOW64\wuhohb.exe

Filesize
350KB

MD5
ab1ec00ccc65835790e6dc3dc92da7a7

SHA1
379e2dd86a8448f90412497e4945f4b36fad13ea

SHA256
fe5c271b58015dcc3ea11850abc27d27c90d8a047ea4c49d71768d906779da4d

SHA512
7a5fc129b7e814c9d14a2974721f7d49ebee7cd74d9ebc7076574030acce550cfbf435d9aaef15b6f9b2bf1968078f550954422e8b4c781a998aab63dd820ad6

Download Submit
\Windows\SysWOW64\wuhohb.exe

Filesize
350KB

MD5
ab1ec00ccc65835790e6dc3dc92da7a7

SHA1
379e2dd86a8448f90412497e4945f4b36fad13ea

SHA256
fe5c271b58015dcc3ea11850abc27d27c90d8a047ea4c49d71768d906779da4d

SHA512
7a5fc129b7e814c9d14a2974721f7d49ebee7cd74d9ebc7076574030acce550cfbf435d9aaef15b6f9b2bf1968078f550954422e8b4c781a998aab63dd820ad6

Download Submit
\Windows\SysWOW64\wuhohb.exe

Filesize
350KB

MD5
ab1ec00ccc65835790e6dc3dc92da7a7

SHA1
379e2dd86a8448f90412497e4945f4b36fad13ea

SHA256
fe5c271b58015dcc3ea11850abc27d27c90d8a047ea4c49d71768d906779da4d

SHA512
7a5fc129b7e814c9d14a2974721f7d49ebee7cd74d9ebc7076574030acce550cfbf435d9aaef15b6f9b2bf1968078f550954422e8b4c781a998aab63dd820ad6

Download Submit
\Windows\SysWOW64\wuhohb.exe

Filesize
350KB

MD5
ab1ec00ccc65835790e6dc3dc92da7a7

SHA1
379e2dd86a8448f90412497e4945f4b36fad13ea

SHA256
fe5c271b58015dcc3ea11850abc27d27c90d8a047ea4c49d71768d906779da4d

SHA512
7a5fc129b7e814c9d14a2974721f7d49ebee7cd74d9ebc7076574030acce550cfbf435d9aaef15b6f9b2bf1968078f550954422e8b4c781a998aab63dd820ad6

Download Submit
\Windows\SysWOW64\wxid.exe

Filesize
350KB

MD5
eec3e9457b66e16403e412d0ae5d37fc

SHA1
30da93ce00ec967245606a5ca0e41a1fa4f7a9a6

SHA256
ad5628b0d01a7ff24a0947f6d43057c6a45dc7729d892693cf0e68e787e62748

SHA512
bcb0d08df646fd6f90027efe42df41b254d4e0089a0e4528f425462e45fd0510aa3f756ca08d6d901ba9dbb3069c3164d497f3d62858a9fbaee1e52f8f9ad0e0

Download Submit
\Windows\SysWOW64\wxid.exe

Filesize
350KB

MD5
eec3e9457b66e16403e412d0ae5d37fc

SHA1
30da93ce00ec967245606a5ca0e41a1fa4f7a9a6

SHA256
ad5628b0d01a7ff24a0947f6d43057c6a45dc7729d892693cf0e68e787e62748

SHA512
bcb0d08df646fd6f90027efe42df41b254d4e0089a0e4528f425462e45fd0510aa3f756ca08d6d901ba9dbb3069c3164d497f3d62858a9fbaee1e52f8f9ad0e0

Download Submit
\Windows\SysWOW64\wxid.exe

Filesize
350KB

MD5
eec3e9457b66e16403e412d0ae5d37fc

SHA1
30da93ce00ec967245606a5ca0e41a1fa4f7a9a6

SHA256
ad5628b0d01a7ff24a0947f6d43057c6a45dc7729d892693cf0e68e787e62748

SHA512
bcb0d08df646fd6f90027efe42df41b254d4e0089a0e4528f425462e45fd0510aa3f756ca08d6d901ba9dbb3069c3164d497f3d62858a9fbaee1e52f8f9ad0e0

Download Submit
\Windows\SysWOW64\wxid.exe

Filesize
350KB

MD5
eec3e9457b66e16403e412d0ae5d37fc

SHA1
30da93ce00ec967245606a5ca0e41a1fa4f7a9a6

SHA256
ad5628b0d01a7ff24a0947f6d43057c6a45dc7729d892693cf0e68e787e62748

SHA512
bcb0d08df646fd6f90027efe42df41b254d4e0089a0e4528f425462e45fd0510aa3f756ca08d6d901ba9dbb3069c3164d497f3d62858a9fbaee1e52f8f9ad0e0

Download Submit
memory/524-144-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/524-142-0x00000000032A0000-0x00000000032C4000-memory.dmp

Filesize
144KB

Download
memory/524-141-0x00000000032A0000-0x00000000032C4000-memory.dmp

Filesize
144KB

Download
memory/524-140-0x00000000032A0000-0x00000000032C4000-memory.dmp

Filesize
144KB

Download
memory/568-306-0x0000000003C80000-0x0000000003CA4000-memory.dmp

Filesize
144KB

Download
memory/568-315-0x0000000003C80000-0x0000000003CA4000-memory.dmp

Filesize
144KB

Download
memory/568-300-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/568-314-0x0000000003C80000-0x0000000003CA4000-memory.dmp

Filesize
144KB

Download
memory/912-179-0x0000000003DD0000-0x0000000003DF4000-memory.dmp

Filesize
144KB

Download
memory/912-185-0x0000000003DD0000-0x0000000003DF4000-memory.dmp

Filesize
144KB

Download
memory/912-186-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/912-168-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/972-84-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/972-80-0x0000000003BD0000-0x0000000003BF4000-memory.dmp

Filesize
144KB

Download
memory/972-64-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/1044-295-0x0000000003C50000-0x0000000003C74000-memory.dmp

Filesize
144KB

Download
memory/1044-301-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/1044-286-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/1044-299-0x0000000003C50000-0x0000000003C74000-memory.dmp

Filesize
144KB

Download
memory/1108-104-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/1108-123-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/1108-116-0x0000000003C00000-0x0000000003C24000-memory.dmp

Filesize
144KB

Download
memory/1216-284-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/1216-285-0x0000000003C90000-0x0000000003CB4000-memory.dmp

Filesize
144KB

Download
memory/1216-278-0x0000000003C90000-0x0000000003CB4000-memory.dmp

Filesize
144KB

Download
memory/1216-283-0x0000000003C90000-0x0000000003CB4000-memory.dmp

Filesize
144KB

Download
memory/1216-270-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/1732-18-0x0000000003D90000-0x0000000003DB4000-memory.dmp

Filesize
144KB

Download
memory/1732-0-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/1732-11-0x0000000003C90000-0x0000000003CB4000-memory.dmp

Filesize
144KB

Download
memory/1732-21-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2104-32-0x0000000003C80000-0x0000000003CA4000-memory.dmp

Filesize
144KB

Download
memory/2104-41-0x0000000003C80000-0x0000000003CA4000-memory.dmp

Filesize
144KB

Download
memory/2104-39-0x0000000003C80000-0x0000000003CA4000-memory.dmp

Filesize
144KB

Download
memory/2104-43-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2208-201-0x0000000003B50000-0x0000000003B74000-memory.dmp

Filesize
144KB

Download
memory/2208-208-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2208-188-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2208-206-0x0000000003B50000-0x0000000003B74000-memory.dmp

Filesize
144KB

Download
memory/2380-158-0x0000000003C80000-0x0000000003CA4000-memory.dmp

Filesize
144KB

Download
memory/2380-145-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2380-152-0x0000000003C80000-0x0000000003CA4000-memory.dmp

Filesize
144KB

Download
memory/2380-165-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2380-167-0x0000000003C80000-0x0000000003CA4000-memory.dmp

Filesize
144KB

Download
memory/2628-252-0x0000000003D80000-0x0000000003DA4000-memory.dmp

Filesize
144KB

Download
memory/2628-247-0x0000000003C70000-0x0000000003C94000-memory.dmp

Filesize
144KB

Download
memory/2628-254-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2628-238-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2756-42-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2756-60-0x0000000003CD0000-0x0000000003CF4000-memory.dmp

Filesize
144KB

Download
memory/2756-62-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2768-224-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2876-102-0x00000000037C0000-0x00000000037E4000-memory.dmp

Filesize
144KB

Download
memory/2876-103-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2876-90-0x00000000037C0000-0x00000000037E4000-memory.dmp

Filesize
144KB

Download
memory/2876-82-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2888-263-0x0000000003C80000-0x0000000003CA4000-memory.dmp

Filesize
144KB

Download
memory/2888-268-0x0000000003C80000-0x0000000003CA4000-memory.dmp

Filesize
144KB

Download
memory/2888-269-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2888-267-0x0000000003C80000-0x0000000003CA4000-memory.dmp

Filesize
144KB

Download
memory/2888-253-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2944-239-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/2944-237-0x0000000003EC0000-0x0000000003EE4000-memory.dmp

Filesize
144KB

Download
memory/2944-225-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download