6fc731fdc75b2bc1a873afa63283be5dd9e8db4c78b8e829fb2d099275f77754

Analysis

max time kernel
151s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
31-10-2023 08:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.a561882ae24e57905a0b4ab2aa1a0118.exe
Size

96KB
MD5

a561882ae24e57905a0b4ab2aa1a0118
SHA1

3d1faa78f83d027c2a4de2c242c50d124ffc1288
SHA256

6fc731fdc75b2bc1a873afa63283be5dd9e8db4c78b8e829fb2d099275f77754
SHA512

3290b707a4f626c34d0e9287d9094d897d2f6932475756ff880bb4dc7d5f057af51fa34883f037f23724d30a11c70697a980d03c6779e89d717b6b03fbf64f52
SSDEEP

1536:2zfXIsxrhzk2nfsW3ou3yWW2dvcW6eHcBwUi6vWE0Dl27b58XBdqaMm:yfjxrhzk2nfsWhP7dvavi6vWEbh8Xv

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 64 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	whikim.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wgmnpfuh.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wdmfkwe.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wntilslv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wkcclo.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wsdirv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wahvayl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wwfds.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	whpmbv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wgbvblps.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	woptmb.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wsl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	whfixyci.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wuqjnt.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wxrqdl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wlcohuvp.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wnaslxb.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wxxn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wqspd.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	weoahkr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wclctt.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wvquuy.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wmfvkl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wyrx.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wsbrp.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wckc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wasfjifqw.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	whkcst.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wwowyb.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wyaf.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wwcfumq.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wugpjoy.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wofkfcgm.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wyicsbv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	whwxv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wvak.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wklugiv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	woxy.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wevvun.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	weccsttmy.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wnajrk.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wboopedd.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wlqm.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wjdysrdp.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wdlsnauy.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wrofh.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	werhe.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wbqfd.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wahnxyg.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wmwca.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wsuqxqyd.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wpesdtw.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wwpnbqq.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wfnieenx.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wwajx.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wxv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wwpfqdu.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wapoqxk.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wjqshgkd.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wdr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wrwsi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	NEAS.a561882ae24e57905a0b4ab2aa1a0118.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wrnrejgnb.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation	wued.exe

Executes dropped EXE 64 IoCs

pid	Process
4724	weccsttmy.exe
2476	wnajrk.exe
1264	wmwca.exe
1352	whfixyci.exe
4060	wyrx.exe
4240	wntilslv.exe
1956	wboopedd.exe
2908	wapoqxk.exe
1488	werhe.exe
3456	wsuqxqyd.exe
3356	wuqjnt.exe
2620	whikim.exe
1008	wsbrp.exe
3664	whwxv.exe
2812	wgmnpfuh.exe
3776	wxrqdl.exe
3844	wued.exe
856	wkcclo.exe
2228	wjqshgkd.exe
4408	wdr.exe
5064	wugpjoy.exe
2832	wlcohuvp.exe
4840	wsdirv.exe
1428	wbqfd.exe
4528	wrwsi.exe
3356	wnaslxb.exe
3420	wfnieenx.exe
3316	wahvayl.exe
1736	wwajx.exe
3544	wvak.exe
4860	wuxd.exe
1756	wofkfcgm.exe
2936	wclctt.exe
4528	wxxn.exe
5004	wthuapi.exe
1072	wwfds.exe
3224	wklugiv.exe
4724	wqspd.exe
2424	wlqm.exe
4744	wxv.exe
540	whkcst.exe
1572	wyicsbv.exe
1564	woxy.exe
2068	wwpfqdu.exe
4444	wjdysrdp.exe
3756	wahnxyg.exe
4616	wvquuy.exe
1204	wdmfkwe.exe
1956	weoahkr.exe
4720	wdlsnauy.exe
2312	wwowyb.exe
2004	wmfvkl.exe
4060	wpesdtw.exe
3940	wyaf.exe
3888	wwcfumq.exe
1972	wrnrejgnb.exe
3756	wjlrdp.exe
3804	wrofh.exe
1696	whpmbv.exe
2264	wgbvblps.exe
1652	wckc.exe
2320	woptmb.exe
1724	wsl.exe
4844	wasfjifqw.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\whfixyci.exe	wmwca.exe
File opened for modification	C:\Windows\SysWOW64\wued.exe	wxrqdl.exe
File created	C:\Windows\SysWOW64\wqspd.exe	wklugiv.exe
File created	C:\Windows\SysWOW64\wntilslv.exe	wyrx.exe
File created	C:\Windows\SysWOW64\wofkfcgm.exe	wuxd.exe
File created	C:\Windows\SysWOW64\wthuapi.exe	wxxn.exe
File opened for modification	C:\Windows\SysWOW64\wdr.exe	wjqshgkd.exe
File opened for modification	C:\Windows\SysWOW64\wwajx.exe	wahvayl.exe
File created	C:\Windows\SysWOW64\wrnrejgnb.exe	wwcfumq.exe
File opened for modification	C:\Windows\SysWOW64\wwpnbqq.exe	wevvun.exe
File created	C:\Windows\SysWOW64\wuqocj.exe	wwpnbqq.exe
File created	C:\Windows\SysWOW64\wdr.exe	wjqshgkd.exe
File created	C:\Windows\SysWOW64\wsdirv.exe	wlcohuvp.exe
File opened for modification	C:\Windows\SysWOW64\wwpfqdu.exe	woxy.exe
File opened for modification	C:\Windows\SysWOW64\wdlsnauy.exe	weoahkr.exe
File created	C:\Windows\SysWOW64\wwpnbqq.exe	wevvun.exe
File opened for modification	C:\Windows\SysWOW64\wntilslv.exe	wyrx.exe
File opened for modification	C:\Windows\SysWOW64\woptmb.exe	wckc.exe
File created	C:\Windows\SysWOW64\wboopedd.exe	wntilslv.exe
File created	C:\Windows\SysWOW64\wmfvkl.exe	wwowyb.exe
File opened for modification	C:\Windows\SysWOW64\whikim.exe	wuqjnt.exe
File created	C:\Windows\SysWOW64\wwcfumq.exe	wyaf.exe
File opened for modification	C:\Windows\SysWOW64\wgbvblps.exe	whpmbv.exe
File created	C:\Windows\SysWOW64\wapoqxk.exe	wboopedd.exe
File opened for modification	C:\Windows\SysWOW64\werhe.exe	wapoqxk.exe
File opened for modification	C:\Windows\SysWOW64\wuxd.exe	wvak.exe
File created	C:\Windows\SysWOW64\whkcst.exe	wxv.exe
File created	C:\Windows\SysWOW64\wdmfkwe.exe	wvquuy.exe
File created	C:\Windows\SysWOW64\wgmnpfuh.exe	whwxv.exe
File created	C:\Windows\SysWOW64\wrwsi.exe	wbqfd.exe
File opened for modification	C:\Windows\SysWOW64\wxv.exe	wlqm.exe
File created	C:\Windows\SysWOW64\wvak.exe	wwajx.exe
File created	C:\Windows\SysWOW64\wtohjy.exe	wuqocj.exe
File opened for modification	C:\Windows\SysWOW64\wkcclo.exe	wued.exe
File opened for modification	C:\Windows\SysWOW64\wqspd.exe	wklugiv.exe
File created	C:\Windows\SysWOW64\wjdysrdp.exe	wwpfqdu.exe
File created	C:\Windows\SysWOW64\wevvun.exe	wasfjifqw.exe
File created	C:\Windows\SysWOW64\werhe.exe	wapoqxk.exe
File created	C:\Windows\SysWOW64\wbqfd.exe	wsdirv.exe
File opened for modification	C:\Windows\SysWOW64\wyaf.exe	wpesdtw.exe
File created	C:\Windows\SysWOW64\whpmbv.exe	wrofh.exe
File opened for modification	C:\Windows\SysWOW64\wckc.exe	wgbvblps.exe
File opened for modification	C:\Windows\SysWOW64\wyrx.exe	whfixyci.exe
File created	C:\Windows\SysWOW64\wlcohuvp.exe	wugpjoy.exe
File created	C:\Windows\SysWOW64\wmwca.exe	wnajrk.exe
File opened for modification	C:\Windows\SysWOW64\wbqfd.exe	wsdirv.exe
File created	C:\Windows\SysWOW64\wwfds.exe	wthuapi.exe
File opened for modification	C:\Windows\SysWOW64\wrofh.exe	wjlrdp.exe
File created	C:\Windows\SysWOW64\woptmb.exe	wckc.exe
File opened for modification	C:\Windows\SysWOW64\wnajrk.exe	weccsttmy.exe
File created	C:\Windows\SysWOW64\whikim.exe	wuqjnt.exe
File opened for modification	C:\Windows\SysWOW64\wlcohuvp.exe	wugpjoy.exe
File opened for modification	C:\Windows\SysWOW64\wahvayl.exe	wfnieenx.exe
File opened for modification	C:\Windows\SysWOW64\wxxn.exe	wclctt.exe
File created	C:\Windows\SysWOW64\wwajx.exe	wahvayl.exe
File opened for modification	C:\Windows\SysWOW64\wpesdtw.exe	wmfvkl.exe
File opened for modification	C:\Windows\SysWOW64\wwcfumq.exe	wyaf.exe
File created	C:\Windows\SysWOW64\wkcclo.exe	wued.exe
File created	C:\Windows\SysWOW64\wklugiv.exe	wwfds.exe
File created	C:\Windows\SysWOW64\wwowyb.exe	wdlsnauy.exe
File created	C:\Windows\SysWOW64\wsl.exe	woptmb.exe
File created	C:\Windows\SysWOW64\wfnieenx.exe	wnaslxb.exe
File opened for modification	C:\Windows\SysWOW64\wthuapi.exe	wxxn.exe
File created	C:\Windows\SysWOW64\weoahkr.exe	wdmfkwe.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 5 IoCs

pid	pid_target	Process	procid_target
3456	4724	WerFault.exe	89
1436	3456	WerFault.exe	125
4864	4528	WerFault.exe	181
3496	4860	WerFault.exe	201
1564	1724	WerFault.exe	300

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4452 wrote to memory of 4724	4452	NEAS.a561882ae24e57905a0b4ab2aa1a0118.exe	89
PID 4452 wrote to memory of 4724	4452	NEAS.a561882ae24e57905a0b4ab2aa1a0118.exe	89
PID 4452 wrote to memory of 4724	4452	NEAS.a561882ae24e57905a0b4ab2aa1a0118.exe	89
PID 4452 wrote to memory of 3188	4452	NEAS.a561882ae24e57905a0b4ab2aa1a0118.exe	91
PID 4452 wrote to memory of 3188	4452	NEAS.a561882ae24e57905a0b4ab2aa1a0118.exe	91
PID 4452 wrote to memory of 3188	4452	NEAS.a561882ae24e57905a0b4ab2aa1a0118.exe	91
PID 4724 wrote to memory of 2476	4724	weccsttmy.exe	95
PID 4724 wrote to memory of 2476	4724	weccsttmy.exe	95
PID 4724 wrote to memory of 2476	4724	weccsttmy.exe	95
PID 4724 wrote to memory of 3804	4724	weccsttmy.exe	96
PID 4724 wrote to memory of 3804	4724	weccsttmy.exe	96
PID 4724 wrote to memory of 3804	4724	weccsttmy.exe	96
PID 2476 wrote to memory of 1264	2476	wnajrk.exe	102
PID 2476 wrote to memory of 1264	2476	wnajrk.exe	102
PID 2476 wrote to memory of 1264	2476	wnajrk.exe	102
PID 2476 wrote to memory of 2224	2476	wnajrk.exe	103
PID 2476 wrote to memory of 2224	2476	wnajrk.exe	103
PID 2476 wrote to memory of 2224	2476	wnajrk.exe	103
PID 1264 wrote to memory of 1352	1264	wmwca.exe	106
PID 1264 wrote to memory of 1352	1264	wmwca.exe	106
PID 1264 wrote to memory of 1352	1264	wmwca.exe	106
PID 1264 wrote to memory of 3752	1264	wmwca.exe	107
PID 1264 wrote to memory of 3752	1264	wmwca.exe	107
PID 1264 wrote to memory of 3752	1264	wmwca.exe	107
PID 1352 wrote to memory of 4060	1352	whfixyci.exe	109
PID 1352 wrote to memory of 4060	1352	whfixyci.exe	109
PID 1352 wrote to memory of 4060	1352	whfixyci.exe	109
PID 1352 wrote to memory of 1296	1352	whfixyci.exe	111
PID 1352 wrote to memory of 1296	1352	whfixyci.exe	111
PID 1352 wrote to memory of 1296	1352	whfixyci.exe	111
PID 4060 wrote to memory of 4240	4060	wyrx.exe	113
PID 4060 wrote to memory of 4240	4060	wyrx.exe	113
PID 4060 wrote to memory of 4240	4060	wyrx.exe	113
PID 4060 wrote to memory of 1756	4060	wyrx.exe	114
PID 4060 wrote to memory of 1756	4060	wyrx.exe	114
PID 4060 wrote to memory of 1756	4060	wyrx.exe	114
PID 4240 wrote to memory of 1956	4240	wntilslv.exe	116
PID 4240 wrote to memory of 1956	4240	wntilslv.exe	116
PID 4240 wrote to memory of 1956	4240	wntilslv.exe	116
PID 4240 wrote to memory of 3756	4240	wntilslv.exe	117
PID 4240 wrote to memory of 3756	4240	wntilslv.exe	117
PID 4240 wrote to memory of 3756	4240	wntilslv.exe	117
PID 1956 wrote to memory of 2908	1956	wboopedd.exe	119
PID 1956 wrote to memory of 2908	1956	wboopedd.exe	119
PID 1956 wrote to memory of 2908	1956	wboopedd.exe	119
PID 1956 wrote to memory of 2184	1956	wboopedd.exe	120
PID 1956 wrote to memory of 2184	1956	wboopedd.exe	120
PID 1956 wrote to memory of 2184	1956	wboopedd.exe	120
PID 2908 wrote to memory of 1488	2908	wapoqxk.exe	122
PID 2908 wrote to memory of 1488	2908	wapoqxk.exe	122
PID 2908 wrote to memory of 1488	2908	wapoqxk.exe	122
PID 2908 wrote to memory of 5068	2908	wapoqxk.exe	123
PID 2908 wrote to memory of 5068	2908	wapoqxk.exe	123
PID 2908 wrote to memory of 5068	2908	wapoqxk.exe	123
PID 1488 wrote to memory of 3456	1488	werhe.exe	125
PID 1488 wrote to memory of 3456	1488	werhe.exe	125
PID 1488 wrote to memory of 3456	1488	werhe.exe	125
PID 1488 wrote to memory of 1440	1488	werhe.exe	126
PID 1488 wrote to memory of 1440	1488	werhe.exe	126
PID 1488 wrote to memory of 1440	1488	werhe.exe	126
PID 3456 wrote to memory of 3356	3456	wsuqxqyd.exe	128
PID 3456 wrote to memory of 3356	3456	wsuqxqyd.exe	128
PID 3456 wrote to memory of 3356	3456	wsuqxqyd.exe	128
PID 3456 wrote to memory of 5004	3456	wsuqxqyd.exe	129

C:\Users\Admin\AppData\Local\Temp\NEAS.a561882ae24e57905a0b4ab2aa1a0118.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.a561882ae24e57905a0b4ab2aa1a0118.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4452
- C:\Windows\SysWOW64\weccsttmy.exe
  "C:\Windows\system32\weccsttmy.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:4724
- - C:\Windows\SysWOW64\wnajrk.exe
    "C:\Windows\system32\wnajrk.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Drops file in System32 directory
    - Suspicious use of WriteProcessMemory
    PID:2476
  - - C:\Windows\SysWOW64\wmwca.exe
      "C:\Windows\system32\wmwca.exe"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:1264
    - - C:\Windows\SysWOW64\whfixyci.exe
        
        "C:\Windows\system32\whfixyci.exe"
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1352
      - C:\Windows\SysWOW64\wyrx.exe
        
        "C:\Windows\system32\wyrx.exe"
        6⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:4060
        
        C:\Windows\SysWOW64\wntilslv.exe
        
        "C:\Windows\system32\wntilslv.exe"
        7⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:4240
        
        C:\Windows\SysWOW64\wboopedd.exe
        
        "C:\Windows\system32\wboopedd.exe"
        8⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1956
        
        C:\Windows\SysWOW64\wapoqxk.exe
        
        "C:\Windows\system32\wapoqxk.exe"
        9⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2908
        
        C:\Windows\SysWOW64\werhe.exe
        
        "C:\Windows\system32\werhe.exe"
        10⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1488
        
        C:\Windows\SysWOW64\wsuqxqyd.exe
        
        "C:\Windows\system32\wsuqxqyd.exe"
        11⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3456
        
        C:\Windows\SysWOW64\wuqjnt.exe
        
        "C:\Windows\system32\wuqjnt.exe"
        12⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3356
        
        C:\Windows\SysWOW64\whikim.exe
        
        "C:\Windows\system32\whikim.exe"
        13⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:2620
        
        C:\Windows\SysWOW64\wsbrp.exe
        
        "C:\Windows\system32\wsbrp.exe"
        14⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:1008
        
        C:\Windows\SysWOW64\whwxv.exe
        
        "C:\Windows\system32\whwxv.exe"
        15⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3664
        
        C:\Windows\SysWOW64\wgmnpfuh.exe
        
        "C:\Windows\system32\wgmnpfuh.exe"
        16⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:2812
        
        C:\Windows\SysWOW64\wxrqdl.exe
        
        "C:\Windows\system32\wxrqdl.exe"
        17⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3776
        
        C:\Windows\SysWOW64\wued.exe
        
        "C:\Windows\system32\wued.exe"
        18⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3844
        
        C:\Windows\SysWOW64\wkcclo.exe
        
        "C:\Windows\system32\wkcclo.exe"
        19⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:856
        
        C:\Windows\SysWOW64\wjqshgkd.exe
        
        "C:\Windows\system32\wjqshgkd.exe"
        20⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2228
        
        C:\Windows\SysWOW64\wdr.exe
        
        "C:\Windows\system32\wdr.exe"
        21⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:4408
        
        C:\Windows\SysWOW64\wugpjoy.exe
        
        "C:\Windows\system32\wugpjoy.exe"
        22⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:5064
        
        C:\Windows\SysWOW64\wlcohuvp.exe
        
        "C:\Windows\system32\wlcohuvp.exe"
        23⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2832
        
        C:\Windows\SysWOW64\wsdirv.exe
        
        "C:\Windows\system32\wsdirv.exe"
        24⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4840
        
        C:\Windows\SysWOW64\wbqfd.exe
        
        "C:\Windows\system32\wbqfd.exe"
        25⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1428
        
        C:\Windows\SysWOW64\wrwsi.exe
        
        "C:\Windows\system32\wrwsi.exe"
        26⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:4528
        
        C:\Windows\SysWOW64\wnaslxb.exe
        
        "C:\Windows\system32\wnaslxb.exe"
        27⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3356
        
        C:\Windows\SysWOW64\wfnieenx.exe
        
        "C:\Windows\system32\wfnieenx.exe"
        28⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3420
        
        C:\Windows\SysWOW64\wahvayl.exe
        
        "C:\Windows\system32\wahvayl.exe"
        29⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3316
        
        C:\Windows\SysWOW64\wwajx.exe
        
        "C:\Windows\system32\wwajx.exe"
        30⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1736
        
        C:\Windows\SysWOW64\wvak.exe
        
        "C:\Windows\system32\wvak.exe"
        31⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3544
        
        C:\Windows\SysWOW64\wuxd.exe
        
        "C:\Windows\system32\wuxd.exe"
        32⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4860
        
        C:\Windows\SysWOW64\wofkfcgm.exe
        
        "C:\Windows\system32\wofkfcgm.exe"
        33⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:1756
        
        C:\Windows\SysWOW64\wclctt.exe
        
        "C:\Windows\system32\wclctt.exe"
        34⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2936
        
        C:\Windows\SysWOW64\wxxn.exe
        
        "C:\Windows\system32\wxxn.exe"
        35⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4528
        
        C:\Windows\SysWOW64\wthuapi.exe
        
        "C:\Windows\system32\wthuapi.exe"
        36⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:5004
        
        C:\Windows\SysWOW64\wwfds.exe
        
        "C:\Windows\system32\wwfds.exe"
        37⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1072
        
        C:\Windows\SysWOW64\wklugiv.exe
        
        "C:\Windows\system32\wklugiv.exe"
        38⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3224
        
        C:\Windows\SysWOW64\wqspd.exe
        
        "C:\Windows\system32\wqspd.exe"
        39⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:4724
        
        C:\Windows\SysWOW64\wlqm.exe
        
        "C:\Windows\system32\wlqm.exe"
        40⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2424
        
        C:\Windows\SysWOW64\wxv.exe
        
        "C:\Windows\system32\wxv.exe"
        41⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4744
        
        C:\Windows\SysWOW64\whkcst.exe
        
        "C:\Windows\system32\whkcst.exe"
        42⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:540
        
        C:\Windows\SysWOW64\wyicsbv.exe
        
        "C:\Windows\system32\wyicsbv.exe"
        43⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:1572
        
        C:\Windows\SysWOW64\woxy.exe
        
        "C:\Windows\system32\woxy.exe"
        44⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1564
        
        C:\Windows\SysWOW64\wwpfqdu.exe
        
        "C:\Windows\system32\wwpfqdu.exe"
        45⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2068
        
        C:\Windows\SysWOW64\wjdysrdp.exe
        
        "C:\Windows\system32\wjdysrdp.exe"
        46⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:4444
        
        C:\Windows\SysWOW64\wahnxyg.exe
        
        "C:\Windows\system32\wahnxyg.exe"
        47⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:3756
        
        C:\Windows\SysWOW64\wvquuy.exe
        
        "C:\Windows\system32\wvquuy.exe"
        48⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4616
        
        C:\Windows\SysWOW64\wdmfkwe.exe
        
        "C:\Windows\system32\wdmfkwe.exe"
        49⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1204
        
        C:\Windows\SysWOW64\weoahkr.exe
        
        "C:\Windows\system32\weoahkr.exe"
        50⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1956
        
        C:\Windows\SysWOW64\wdlsnauy.exe
        
        "C:\Windows\system32\wdlsnauy.exe"
        51⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4720
        
        C:\Windows\SysWOW64\wwowyb.exe
        
        "C:\Windows\system32\wwowyb.exe"
        52⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2312
        
        C:\Windows\SysWOW64\wmfvkl.exe
        
        "C:\Windows\system32\wmfvkl.exe"
        53⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2004
        
        C:\Windows\SysWOW64\wpesdtw.exe
        
        "C:\Windows\system32\wpesdtw.exe"
        54⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4060
        
        C:\Windows\SysWOW64\wyaf.exe
        
        "C:\Windows\system32\wyaf.exe"
        55⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3940
        
        C:\Windows\SysWOW64\wwcfumq.exe
        
        "C:\Windows\system32\wwcfumq.exe"
        56⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3888
        
        C:\Windows\SysWOW64\wrnrejgnb.exe
        
        "C:\Windows\system32\wrnrejgnb.exe"
        57⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:1972
        
        C:\Windows\SysWOW64\wjlrdp.exe
        
        "C:\Windows\system32\wjlrdp.exe"
        58⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3756
        
        C:\Windows\SysWOW64\wrofh.exe
        
        "C:\Windows\system32\wrofh.exe"
        59⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3804
        
        C:\Windows\SysWOW64\whpmbv.exe
        
        "C:\Windows\system32\whpmbv.exe"
        60⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1696
        
        C:\Windows\SysWOW64\wgbvblps.exe
        
        "C:\Windows\system32\wgbvblps.exe"
        61⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2264
        
        C:\Windows\SysWOW64\wckc.exe
        
        "C:\Windows\system32\wckc.exe"
        62⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1652
        
        C:\Windows\SysWOW64\woptmb.exe
        
        "C:\Windows\system32\woptmb.exe"
        63⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2320
        
        C:\Windows\SysWOW64\wsl.exe
        
        "C:\Windows\system32\wsl.exe"
        64⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:1724
        
        C:\Windows\SysWOW64\wasfjifqw.exe
        
        "C:\Windows\system32\wasfjifqw.exe"
        65⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4844
        
        C:\Windows\SysWOW64\wevvun.exe
        
        "C:\Windows\system32\wevvun.exe"
        66⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:4380
        
        C:\Windows\SysWOW64\wwpnbqq.exe
        
        "C:\Windows\system32\wwpnbqq.exe"
        67⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:1896
        
        C:\Windows\SysWOW64\wuqocj.exe
        
        "C:\Windows\system32\wuqocj.exe"
        68⤵
        Drops file in System32 directory
        
        PID:860
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwpnbqq.exe"
        68⤵
        
        PID:3676
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wevvun.exe"
        67⤵
        
        PID:1528
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wasfjifqw.exe"
        66⤵
        
        PID:4512
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wsl.exe"
        65⤵
        
        PID:2032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 1712
        65⤵
        Program crash
        
        PID:1564
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\woptmb.exe"
        64⤵
        
        PID:3428
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wckc.exe"
        63⤵
        
        PID:4812
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgbvblps.exe"
        62⤵
        
        PID:4508
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whpmbv.exe"
        61⤵
        
        PID:3660
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrofh.exe"
        60⤵
        
        PID:4852
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjlrdp.exe"
        59⤵
        
        PID:1892
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrnrejgnb.exe"
        58⤵
        
        PID:2832
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwcfumq.exe"
        57⤵
        
        PID:4348
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wyaf.exe"
        56⤵
        
        PID:3368
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpesdtw.exe"
        55⤵
        
        PID:3060
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmfvkl.exe"
        54⤵
        
        PID:1008
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwowyb.exe"
        53⤵
        
        PID:3288
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdlsnauy.exe"
        52⤵
        
        PID:5040
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\weoahkr.exe"
        51⤵
        
        PID:5016
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdmfkwe.exe"
        50⤵
        
        PID:3336
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvquuy.exe"
        49⤵
        
        PID:1892
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wahnxyg.exe"
        48⤵
        
        PID:5044
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjdysrdp.exe"
        47⤵
        
        PID:1072
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwpfqdu.exe"
        46⤵
        
        PID:2344
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\woxy.exe"
        45⤵
        
        PID:2668
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wyicsbv.exe"
        44⤵
        
        PID:1432
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whkcst.exe"
        43⤵
        
        PID:496
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxv.exe"
        42⤵
        
        PID:3244
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlqm.exe"
        41⤵
        
        PID:2052
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqspd.exe"
        40⤵
        
        PID:3292
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wklugiv.exe"
        39⤵
        
        PID:1272
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwfds.exe"
        38⤵
        
        PID:4340
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wthuapi.exe"
        37⤵
        
        PID:3420
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxxn.exe"
        36⤵
        
        PID:4240
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wclctt.exe"
        35⤵
        
        PID:2116
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wofkfcgm.exe"
        34⤵
        
        PID:2960
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wuxd.exe"
        33⤵
        
        PID:1068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 1432
        33⤵
        Program crash
        
        PID:3496
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvak.exe"
        32⤵
        
        PID:4492
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwajx.exe"
        31⤵
        
        PID:1892
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wahvayl.exe"
        30⤵
        
        PID:3888
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfnieenx.exe"
        29⤵
        
        PID:5024
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnaslxb.exe"
        28⤵
        
        PID:3372
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrwsi.exe"
        27⤵
        
        PID:5112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 1584
        27⤵
        Program crash
        
        PID:4864
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbqfd.exe"
        26⤵
        
        PID:4332
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wsdirv.exe"
        25⤵
        
        PID:4024
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlcohuvp.exe"
        24⤵
        
        PID:860
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wugpjoy.exe"
        23⤵
        
        PID:4028
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdr.exe"
        22⤵
        
        PID:4540
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjqshgkd.exe"
        21⤵
        
        PID:4172
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkcclo.exe"
        20⤵
        
        PID:2380
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wued.exe"
        19⤵
        
        PID:4060
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxrqdl.exe"
        18⤵
        
        PID:1280
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgmnpfuh.exe"
        17⤵
        
        PID:4708
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whwxv.exe"
        16⤵
        
        PID:5012
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wsbrp.exe"
        15⤵
        
        PID:4240
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whikim.exe"
        14⤵
        
        PID:4528
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wuqjnt.exe"
        13⤵
        
        PID:4436
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wsuqxqyd.exe"
        12⤵
        
        PID:5004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 1728
        12⤵
        Program crash
        
        PID:1436
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\werhe.exe"
        11⤵
        
        PID:1440
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wapoqxk.exe"
        10⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wboopedd.exe"
        9⤵
        
        PID:2184
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wntilslv.exe"
        8⤵
        
        PID:3756
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wyrx.exe"
        7⤵
        
        PID:1756
      - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whfixyci.exe"
        6⤵
        
        PID:1296
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmwca.exe"
        5⤵
        
        PID:3752
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnajrk.exe"
      4⤵
      PID:2224
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\weccsttmy.exe"
    3⤵
    PID:3804
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 1524
    3⤵
    - Program crash
    PID:3456
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c del "C:\Users\Admin\AppData\Local\Temp\NEAS.a561882ae24e57905a0b4ab2aa1a0118.exe"
  2⤵
  PID:3188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4724 -ip 4724
1⤵
PID:4932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 3456 -ip 3456
1⤵
PID:3736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4528 -ip 4528
1⤵
PID:2936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4860 -ip 4860
1⤵
PID:5036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 1724 -ip 1724
1⤵
PID:3884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\wahvayl.exe

Filesize
97KB

MD5
e043acc02cc4dbe7c4dbf1bc701fd788

SHA1
036f0776404b8160a4dbf7c806b87a55aa2db079

SHA256
28f46e1e12581fd7aee2d433a61c62fafcf9e5c0c8702ac2fc6feb9ad014fbee

SHA512
a224910a9fb977f27f101c586ba090f747cc0f54804bbc52dd191e4822cb2a803fbbd6f7f3be3c49b2c846041f27d0cae7813636c48bc1cb61289e735eeb9ff0

Download Submit
C:\Windows\SysWOW64\wahvayl.exe

Filesize
97KB

MD5
e043acc02cc4dbe7c4dbf1bc701fd788

SHA1
036f0776404b8160a4dbf7c806b87a55aa2db079

SHA256
28f46e1e12581fd7aee2d433a61c62fafcf9e5c0c8702ac2fc6feb9ad014fbee

SHA512
a224910a9fb977f27f101c586ba090f747cc0f54804bbc52dd191e4822cb2a803fbbd6f7f3be3c49b2c846041f27d0cae7813636c48bc1cb61289e735eeb9ff0

Download Submit
C:\Windows\SysWOW64\wapoqxk.exe

Filesize
96KB

MD5
53a28258331c52a4e7adff1d9e158cf5

SHA1
5978c5950543773172985be0fe7702ea7e1f8460

SHA256
17827974765777cf752a342a09173c106ae46701bc08b986ffa41b081443c2af

SHA512
9a74349bf4466ab963fcddfd8d505441cd2a66918202fe79e63496a510822eb974deed65847c6c9370d9726c69c3bf707f847414efa530a5e11698b1d3b926e0

Download Submit
C:\Windows\SysWOW64\wapoqxk.exe

Filesize
96KB

MD5
53a28258331c52a4e7adff1d9e158cf5

SHA1
5978c5950543773172985be0fe7702ea7e1f8460

SHA256
17827974765777cf752a342a09173c106ae46701bc08b986ffa41b081443c2af

SHA512
9a74349bf4466ab963fcddfd8d505441cd2a66918202fe79e63496a510822eb974deed65847c6c9370d9726c69c3bf707f847414efa530a5e11698b1d3b926e0

Download Submit
C:\Windows\SysWOW64\wboopedd.exe

Filesize
96KB

MD5
14575c0eb8c3d5ddcbbb2d53c60720a9

SHA1
9e855f8b9c755c2e2fd7841359a9b4de58752058

SHA256
906b8909815e2d4278d4b353458fd25c73323539b073e8782e6f00ddfeaa12c7

SHA512
1358630cccd38852435f5199d7de4add2752dc0204f670b2f04983cd154cef61e26b21151e35121c4a4ced0230a04ad8d7232b5ddcae337ffc8b8f8f71d0cf75

Download Submit
C:\Windows\SysWOW64\wboopedd.exe

Filesize
96KB

MD5
14575c0eb8c3d5ddcbbb2d53c60720a9

SHA1
9e855f8b9c755c2e2fd7841359a9b4de58752058

SHA256
906b8909815e2d4278d4b353458fd25c73323539b073e8782e6f00ddfeaa12c7

SHA512
1358630cccd38852435f5199d7de4add2752dc0204f670b2f04983cd154cef61e26b21151e35121c4a4ced0230a04ad8d7232b5ddcae337ffc8b8f8f71d0cf75

Download Submit
C:\Windows\SysWOW64\wbqfd.exe

Filesize
96KB

MD5
4e48a0986cb63b346fa04dcb92cbeedf

SHA1
69efa2b77644e9561c9434e251e21c7937ad8eeb

SHA256
a3947e2828d0e6ea17426a1de888263a04bdf38d92cb710994876f37b154e5a8

SHA512
75113e7eccff1004dcab0210796c8a088288217cecbc50a14af5e6575fb3e97b853a7881d4e929d274c87d64a0464663cdd957fa9b7f5ee8af778af4f03c9673

Download Submit
C:\Windows\SysWOW64\wbqfd.exe

Filesize
96KB

MD5
4e48a0986cb63b346fa04dcb92cbeedf

SHA1
69efa2b77644e9561c9434e251e21c7937ad8eeb

SHA256
a3947e2828d0e6ea17426a1de888263a04bdf38d92cb710994876f37b154e5a8

SHA512
75113e7eccff1004dcab0210796c8a088288217cecbc50a14af5e6575fb3e97b853a7881d4e929d274c87d64a0464663cdd957fa9b7f5ee8af778af4f03c9673

Download Submit
C:\Windows\SysWOW64\wdr.exe

Filesize
96KB

MD5
6773661e7b58901618c70f697e4f3ced

SHA1
8a3d4e0ff98a80ebcf020f8aaac1b176b5ed464e

SHA256
e936ca154401d099e8febaea084b9eb37bb3de4cccf2ca5da73e7ea739bb7eda

SHA512
923bf6dd6d9b2627a0db30490375b552187e1eeb361365cdb262742637c5ab9ac51963f0930354bf8aa87d547f4c7e496c436758e12e8605b7b9be6dd5427f6c

Download Submit
C:\Windows\SysWOW64\wdr.exe

Filesize
96KB

MD5
6773661e7b58901618c70f697e4f3ced

SHA1
8a3d4e0ff98a80ebcf020f8aaac1b176b5ed464e

SHA256
e936ca154401d099e8febaea084b9eb37bb3de4cccf2ca5da73e7ea739bb7eda

SHA512
923bf6dd6d9b2627a0db30490375b552187e1eeb361365cdb262742637c5ab9ac51963f0930354bf8aa87d547f4c7e496c436758e12e8605b7b9be6dd5427f6c

Download Submit
C:\Windows\SysWOW64\weccsttmy.exe

Filesize
96KB

MD5
1ca241b4cc40ff452b8c2e2ce97d5ef0

SHA1
583710013ed8d805b388e3b0edbde1a64d62de37

SHA256
ef523e8d723703569223ce50f4550f26262d7359f29294707686ff1a23473225

SHA512
c7b163e571a965b6a35b698bafcef67cd10a60ce3330cec6e9bf25d50357d71fb1a2c20333b5462cd36e75067ff3339daeb2b663233ee19531d6178150b87ec8

Download Submit
C:\Windows\SysWOW64\weccsttmy.exe

Filesize
96KB

MD5
1ca241b4cc40ff452b8c2e2ce97d5ef0

SHA1
583710013ed8d805b388e3b0edbde1a64d62de37

SHA256
ef523e8d723703569223ce50f4550f26262d7359f29294707686ff1a23473225

SHA512
c7b163e571a965b6a35b698bafcef67cd10a60ce3330cec6e9bf25d50357d71fb1a2c20333b5462cd36e75067ff3339daeb2b663233ee19531d6178150b87ec8

Download Submit
C:\Windows\SysWOW64\weccsttmy.exe

Filesize
96KB

MD5
1ca241b4cc40ff452b8c2e2ce97d5ef0

SHA1
583710013ed8d805b388e3b0edbde1a64d62de37

SHA256
ef523e8d723703569223ce50f4550f26262d7359f29294707686ff1a23473225

SHA512
c7b163e571a965b6a35b698bafcef67cd10a60ce3330cec6e9bf25d50357d71fb1a2c20333b5462cd36e75067ff3339daeb2b663233ee19531d6178150b87ec8

Download Submit
C:\Windows\SysWOW64\werhe.exe

Filesize
96KB

MD5
364e192e351e94e85046adc2692cbb5b

SHA1
3fbb1f89f204a40ef948fffb6ac0814c2194c8b3

SHA256
a7f3160612cdf31c5dcd792d2056b84f71886877d1ed30e35d53a63eed627f17

SHA512
8648491d364eea8162838babea205e0f7995a8d48aa150d2c89d161d3c5b3b221540c91b623bf6015e05d9dd8f96c3f43909c8f410512e0527588ed4becfc275

Download Submit
C:\Windows\SysWOW64\werhe.exe

Filesize
96KB

MD5
364e192e351e94e85046adc2692cbb5b

SHA1
3fbb1f89f204a40ef948fffb6ac0814c2194c8b3

SHA256
a7f3160612cdf31c5dcd792d2056b84f71886877d1ed30e35d53a63eed627f17

SHA512
8648491d364eea8162838babea205e0f7995a8d48aa150d2c89d161d3c5b3b221540c91b623bf6015e05d9dd8f96c3f43909c8f410512e0527588ed4becfc275

Download Submit
C:\Windows\SysWOW64\wfnieenx.exe

Filesize
96KB

MD5
fa6eca1bd799c89f7f199ae57ea1ca1b

SHA1
a046bf32af76d585819beb6e523c69288aa97ea0

SHA256
313a3c6afb15ba4488124b1df5831c6608234a55ade05abf539ead457d039aa5

SHA512
bbc785ed579e9b54b36e1ff553ef93ee4ab74790ba590aff7becdd13a30578354049068a7cc288e9fb906cfa17a725b55414f15930ec03059192fa7b73c8c3aa

Download Submit
C:\Windows\SysWOW64\wfnieenx.exe

Filesize
96KB

MD5
fa6eca1bd799c89f7f199ae57ea1ca1b

SHA1
a046bf32af76d585819beb6e523c69288aa97ea0

SHA256
313a3c6afb15ba4488124b1df5831c6608234a55ade05abf539ead457d039aa5

SHA512
bbc785ed579e9b54b36e1ff553ef93ee4ab74790ba590aff7becdd13a30578354049068a7cc288e9fb906cfa17a725b55414f15930ec03059192fa7b73c8c3aa

Download Submit
C:\Windows\SysWOW64\wgmnpfuh.exe

Filesize
96KB

MD5
153006885f7389d6a708f754727ae881

SHA1
68b173556c404a1338a0cba2484f530a2fbf1af4

SHA256
63530ea39545e7f1ce9810ba8c2aba49760149f1c7f96658872d29be3021dac9

SHA512
e7d753c3c523e0694d99d11ffb284fccc9b19e2c33f4ee2ab5c38a83bd5be07c53175869dd2f90268c7e0a1e1fbbd07957b9c943e169da795c962a7ee0e1c7f9

Download Submit
C:\Windows\SysWOW64\wgmnpfuh.exe

Filesize
96KB

MD5
153006885f7389d6a708f754727ae881

SHA1
68b173556c404a1338a0cba2484f530a2fbf1af4

SHA256
63530ea39545e7f1ce9810ba8c2aba49760149f1c7f96658872d29be3021dac9

SHA512
e7d753c3c523e0694d99d11ffb284fccc9b19e2c33f4ee2ab5c38a83bd5be07c53175869dd2f90268c7e0a1e1fbbd07957b9c943e169da795c962a7ee0e1c7f9

Download Submit
C:\Windows\SysWOW64\whfixyci.exe

Filesize
96KB

MD5
274b5d20815dff08933c5103914bdfca

SHA1
2302b04490bfd449e8d3cf25fe4b635458de968a

SHA256
80c617017b3b5c09540da890bc9e6c671efd19f0fc5eea9cae66e6f47f8fa2b8

SHA512
0f68ffd1e2157dcf612411281661906d531d8a56d473b9bafcb00415dd95a594f200a659f8fdb8e0c9bab93db203b1ab91db9092eaefb1d0ea738adb5863b3da

Download Submit
C:\Windows\SysWOW64\whfixyci.exe

Filesize
96KB

MD5
274b5d20815dff08933c5103914bdfca

SHA1
2302b04490bfd449e8d3cf25fe4b635458de968a

SHA256
80c617017b3b5c09540da890bc9e6c671efd19f0fc5eea9cae66e6f47f8fa2b8

SHA512
0f68ffd1e2157dcf612411281661906d531d8a56d473b9bafcb00415dd95a594f200a659f8fdb8e0c9bab93db203b1ab91db9092eaefb1d0ea738adb5863b3da

Download Submit
C:\Windows\SysWOW64\whikim.exe

Filesize
96KB

MD5
46ba04ec212738f6304cdcfc9388ad1d

SHA1
a5c29ec4ee3d1831d8c12fee73e7f4008fea94de

SHA256
dacf7118bcfe0b84e848b737aa1198de2ce37ba413377f249224b8e61050715a

SHA512
3e9c7dba95c7d53b54aa1484382ef6d55682228a6be855da63559efbee6285a96e426b213fcc4073e315fd763c151316617793706163f1d220fc79d62f9fc2eb

Download Submit
C:\Windows\SysWOW64\whikim.exe

Filesize
96KB

MD5
46ba04ec212738f6304cdcfc9388ad1d

SHA1
a5c29ec4ee3d1831d8c12fee73e7f4008fea94de

SHA256
dacf7118bcfe0b84e848b737aa1198de2ce37ba413377f249224b8e61050715a

SHA512
3e9c7dba95c7d53b54aa1484382ef6d55682228a6be855da63559efbee6285a96e426b213fcc4073e315fd763c151316617793706163f1d220fc79d62f9fc2eb

Download Submit
C:\Windows\SysWOW64\whwxv.exe

Filesize
96KB

MD5
2b9ef312553bbc1d8e5f2d289a67b4b2

SHA1
721032f16101c99eceaab3227bb8dfd98dc5effd

SHA256
3c85acaa441ee6efa5c0d96e55cc055ee1e3a29e3106729e06bdd1b08a748a8e

SHA512
4ec58bffcd69be68f68f81c7eb3f9755862a04a46ba23bf103145ce4671bdb61347812088ede0765c50beda295552d1cc29a5bc8a42016ecc10ce1e22ebe2fed

Download Submit
C:\Windows\SysWOW64\whwxv.exe

Filesize
96KB

MD5
2b9ef312553bbc1d8e5f2d289a67b4b2

SHA1
721032f16101c99eceaab3227bb8dfd98dc5effd

SHA256
3c85acaa441ee6efa5c0d96e55cc055ee1e3a29e3106729e06bdd1b08a748a8e

SHA512
4ec58bffcd69be68f68f81c7eb3f9755862a04a46ba23bf103145ce4671bdb61347812088ede0765c50beda295552d1cc29a5bc8a42016ecc10ce1e22ebe2fed

Download Submit
C:\Windows\SysWOW64\wjqshgkd.exe

Filesize
96KB

MD5
8690ea2828bef93f7ae16bf2e79dbdf4

SHA1
9a8f6103fc35b173a75ef4b72341232be67ee9b6

SHA256
701489250aa92a851e46962f274464bd5435e30c05bed71410fc2c727e946367

SHA512
0426d0275bf00b1e03641aee8389aff6b402d88366eb6f394332a942f36458f4d6953fc1f5231dfe086ef82248ca6c330493785e7a6add12f1b00a589f6e56dc

Download Submit
C:\Windows\SysWOW64\wjqshgkd.exe

Filesize
96KB

MD5
8690ea2828bef93f7ae16bf2e79dbdf4

SHA1
9a8f6103fc35b173a75ef4b72341232be67ee9b6

SHA256
701489250aa92a851e46962f274464bd5435e30c05bed71410fc2c727e946367

SHA512
0426d0275bf00b1e03641aee8389aff6b402d88366eb6f394332a942f36458f4d6953fc1f5231dfe086ef82248ca6c330493785e7a6add12f1b00a589f6e56dc

Download Submit
C:\Windows\SysWOW64\wkcclo.exe

Filesize
96KB

MD5
3ca4d742360cbbf1fddc92764e392553

SHA1
50df7ab21d200f68ff79e3bb9f0ec5a1095d8aaf

SHA256
c0622019d38a977769ec1a5d24635af3a993144a41cc7aa6e6536853158f7f1a

SHA512
3c5f318ca43ebeefc1be73c3f256b29e715b713c34c67cd43ac406a2851cd891e1f468ba895739a2e8c15d05b4ef6428e2020645b9fdc196d996cb2d2a879630

Download Submit
C:\Windows\SysWOW64\wkcclo.exe

Filesize
96KB

MD5
3ca4d742360cbbf1fddc92764e392553

SHA1
50df7ab21d200f68ff79e3bb9f0ec5a1095d8aaf

SHA256
c0622019d38a977769ec1a5d24635af3a993144a41cc7aa6e6536853158f7f1a

SHA512
3c5f318ca43ebeefc1be73c3f256b29e715b713c34c67cd43ac406a2851cd891e1f468ba895739a2e8c15d05b4ef6428e2020645b9fdc196d996cb2d2a879630

Download Submit
C:\Windows\SysWOW64\wlcohuvp.exe

Filesize
96KB

MD5
75116658572a8ed9ff3e67aa831fe397

SHA1
ea6ec220b2f6389a2291491e773121ca23bcb9b7

SHA256
13522c15a95e3c456904f525ff55a1ff62dbd054c5f71c7597e4265e30998318

SHA512
5f0d1db0a357c424148df26bd2dd710247dc432b8c94e05044f8fa0d45101858596ab3c416942a6ae796dcc1cad70332ef4f7854a4952a161eb40246e8deefcf

Download Submit
C:\Windows\SysWOW64\wlcohuvp.exe

Filesize
96KB

MD5
75116658572a8ed9ff3e67aa831fe397

SHA1
ea6ec220b2f6389a2291491e773121ca23bcb9b7

SHA256
13522c15a95e3c456904f525ff55a1ff62dbd054c5f71c7597e4265e30998318

SHA512
5f0d1db0a357c424148df26bd2dd710247dc432b8c94e05044f8fa0d45101858596ab3c416942a6ae796dcc1cad70332ef4f7854a4952a161eb40246e8deefcf

Download Submit
C:\Windows\SysWOW64\wmwca.exe

Filesize
96KB

MD5
ff9f2de53e127d15353618b96b2c996f

SHA1
ae33c472c6898980398e61295f456da183f707c1

SHA256
308505eb1de2a991ec317e1838b297ba68bef6b38271c1ea3e4916f72472b5c2

SHA512
b16daebf57bec0019aa379d880dd739495993df861bdb7c12d53688f0d5e2cbcb11c92993faef69af4d716d76fc5b780ef4aee7d8ae1b7541b604a830de245ba

Download Submit
C:\Windows\SysWOW64\wmwca.exe

Filesize
96KB

MD5
ff9f2de53e127d15353618b96b2c996f

SHA1
ae33c472c6898980398e61295f456da183f707c1

SHA256
308505eb1de2a991ec317e1838b297ba68bef6b38271c1ea3e4916f72472b5c2

SHA512
b16daebf57bec0019aa379d880dd739495993df861bdb7c12d53688f0d5e2cbcb11c92993faef69af4d716d76fc5b780ef4aee7d8ae1b7541b604a830de245ba

Download Submit
C:\Windows\SysWOW64\wnajrk.exe

Filesize
96KB

MD5
1bb4f58fb8bf098c56c8b34896c1c757

SHA1
f836da3dbd07e886eae0a184dfb0eb7b222749c2

SHA256
2ddb9b3adea590b242e9861fbda89a13836cc82f836e4494f82a8e3b76300a51

SHA512
2b564df9cb039f6090409a0b7fc0e8f25512910f7f9d0daf1a6ae2091d19320655862487ee104195f04e8573a51fa48b2812db60a279abd749e841321528a9d7

Download Submit
C:\Windows\SysWOW64\wnajrk.exe

Filesize
96KB

MD5
1bb4f58fb8bf098c56c8b34896c1c757

SHA1
f836da3dbd07e886eae0a184dfb0eb7b222749c2

SHA256
2ddb9b3adea590b242e9861fbda89a13836cc82f836e4494f82a8e3b76300a51

SHA512
2b564df9cb039f6090409a0b7fc0e8f25512910f7f9d0daf1a6ae2091d19320655862487ee104195f04e8573a51fa48b2812db60a279abd749e841321528a9d7

Download Submit
C:\Windows\SysWOW64\wnaslxb.exe

Filesize
96KB

MD5
26c84f3f7752d65988b0c2ec5e84f1be

SHA1
f32b655ba0b57e745267cdfc8a1ddfe9682ae95c

SHA256
7eae886f871b553bf5d3c179d3e7bda1c4d7c7976af595fd50571c8dc9cd25b2

SHA512
5cb8621fbc80b8370f652a88ab034facfc6f579ef4afe422c8a44c8f19c4af63f6b2ad7f02a1291674a629fe578675beb22d21442ca38d09fa61add0449a0996

Download Submit
C:\Windows\SysWOW64\wnaslxb.exe

Filesize
96KB

MD5
26c84f3f7752d65988b0c2ec5e84f1be

SHA1
f32b655ba0b57e745267cdfc8a1ddfe9682ae95c

SHA256
7eae886f871b553bf5d3c179d3e7bda1c4d7c7976af595fd50571c8dc9cd25b2

SHA512
5cb8621fbc80b8370f652a88ab034facfc6f579ef4afe422c8a44c8f19c4af63f6b2ad7f02a1291674a629fe578675beb22d21442ca38d09fa61add0449a0996

Download Submit
C:\Windows\SysWOW64\wntilslv.exe

Filesize
96KB

MD5
c142e0512953d765b0dcfe2f1483e8dd

SHA1
708a485304e9d37fd1411c90e2412dfdacfe929d

SHA256
51eebb89909d51ec59c54596f01a0c0a242aecd4d26cf1b191d020572f5133b4

SHA512
42d1080ee3990a203f8d638fe27246b780c71f72ae13483ca6ec7997ad0017bd0c04c7ee080fd137114d79521eb17c2ed326ad9485b1aa459af26f5ab00f2ce2

Download Submit
C:\Windows\SysWOW64\wntilslv.exe

Filesize
96KB

MD5
c142e0512953d765b0dcfe2f1483e8dd

SHA1
708a485304e9d37fd1411c90e2412dfdacfe929d

SHA256
51eebb89909d51ec59c54596f01a0c0a242aecd4d26cf1b191d020572f5133b4

SHA512
42d1080ee3990a203f8d638fe27246b780c71f72ae13483ca6ec7997ad0017bd0c04c7ee080fd137114d79521eb17c2ed326ad9485b1aa459af26f5ab00f2ce2

Download Submit
C:\Windows\SysWOW64\wofkfcgm.exe

Filesize
97KB

MD5
30ef0eda3329fd0880548e83331af9f9

SHA1
ff9537d0e98a51c67425f34dd5eab14f79038db6

SHA256
d7a10bd60dfc5b0521c824f641f1cdee000bff8c6f7c4de23c449367fcedda4e

SHA512
fa2fca722d510105f5865ed681153190fc09bd4839b0587e35dc07df9091550119ae94c1afc903e2b33818bbf396b0962a611dd0be41f3b4549c0d5a14a777dc

Download Submit
C:\Windows\SysWOW64\wofkfcgm.exe

Filesize
97KB

MD5
30ef0eda3329fd0880548e83331af9f9

SHA1
ff9537d0e98a51c67425f34dd5eab14f79038db6

SHA256
d7a10bd60dfc5b0521c824f641f1cdee000bff8c6f7c4de23c449367fcedda4e

SHA512
fa2fca722d510105f5865ed681153190fc09bd4839b0587e35dc07df9091550119ae94c1afc903e2b33818bbf396b0962a611dd0be41f3b4549c0d5a14a777dc

Download Submit
C:\Windows\SysWOW64\wrwsi.exe

Filesize
96KB

MD5
73d862e6acdca98da1352b6c0dfecf12

SHA1
5638c087fc3d1946f59e055a99314efb7aefcac9

SHA256
95cf597593ae7824db3d790f796b4f44d3a8d0d137ca408cf268946de5137b69

SHA512
dba28245a09e21dcc9d4b86d1108eb6e78a99e3130a50b1400868a2396b8535f29c7a5d91ca99ff63ad8867d215131452148e3bc52e533de17011e0187bd2028

Download Submit
C:\Windows\SysWOW64\wrwsi.exe

Filesize
96KB

MD5
73d862e6acdca98da1352b6c0dfecf12

SHA1
5638c087fc3d1946f59e055a99314efb7aefcac9

SHA256
95cf597593ae7824db3d790f796b4f44d3a8d0d137ca408cf268946de5137b69

SHA512
dba28245a09e21dcc9d4b86d1108eb6e78a99e3130a50b1400868a2396b8535f29c7a5d91ca99ff63ad8867d215131452148e3bc52e533de17011e0187bd2028

Download Submit
C:\Windows\SysWOW64\wsbrp.exe

Filesize
96KB

MD5
605ba0d4105d4c207e00c61cf8f2df86

SHA1
09d9653941a3f31fc4d3a875123ffe434d1865eb

SHA256
f4e4eec455c90cbca4939452f1ee0d13f0f9a350ad9973651848d4ea1d256337

SHA512
8a442b6765a12f2afe0139bcb5504f6198bd612f00d8f3130936d24b43e46719b00a5b67988e725c5c69c7de66151fb06d582bca89baf66877c31558a53e79e9

Download Submit
C:\Windows\SysWOW64\wsbrp.exe

Filesize
96KB

MD5
605ba0d4105d4c207e00c61cf8f2df86

SHA1
09d9653941a3f31fc4d3a875123ffe434d1865eb

SHA256
f4e4eec455c90cbca4939452f1ee0d13f0f9a350ad9973651848d4ea1d256337

SHA512
8a442b6765a12f2afe0139bcb5504f6198bd612f00d8f3130936d24b43e46719b00a5b67988e725c5c69c7de66151fb06d582bca89baf66877c31558a53e79e9

Download Submit
C:\Windows\SysWOW64\wsdirv.exe

Filesize
96KB

MD5
e86455c5b800fd65799b45ac8ae7173b

SHA1
77cdd5d782b47a03a229a226fc78ef1d491c1eae

SHA256
228251313225d887cfb554057efa90b6b6583d8faffcd427424542db27a3a505

SHA512
33fd242ae62f3309d3f3cc18849d78e95a0500a368880ee3a93149c38cc7f9693dbdcc4c5b4bf1e39358785ae45ae0ee940d65e58f98b38fbbde5d4673745422

Download Submit
C:\Windows\SysWOW64\wsdirv.exe

Filesize
96KB

MD5
e86455c5b800fd65799b45ac8ae7173b

SHA1
77cdd5d782b47a03a229a226fc78ef1d491c1eae

SHA256
228251313225d887cfb554057efa90b6b6583d8faffcd427424542db27a3a505

SHA512
33fd242ae62f3309d3f3cc18849d78e95a0500a368880ee3a93149c38cc7f9693dbdcc4c5b4bf1e39358785ae45ae0ee940d65e58f98b38fbbde5d4673745422

Download Submit
C:\Windows\SysWOW64\wsuqxqyd.exe

Filesize
96KB

MD5
7129fdadb7a12523b7739a45a70772eb

SHA1
5ddb4e46974aa15645f2b0c330ed87c3725b5435

SHA256
f796fa0468b184a4ea6618faad2e93e77e592e7af71a19c49d3ef38b4784f571

SHA512
a16d68088130c3cec5cd60ed405a6ea354aaf81cac638ccd70261b32848aecf4da2c13519189025614a8ec499e09046c242852a9a0d150bcbf1f709b955e26b6

Download Submit
C:\Windows\SysWOW64\wsuqxqyd.exe

Filesize
96KB

MD5
7129fdadb7a12523b7739a45a70772eb

SHA1
5ddb4e46974aa15645f2b0c330ed87c3725b5435

SHA256
f796fa0468b184a4ea6618faad2e93e77e592e7af71a19c49d3ef38b4784f571

SHA512
a16d68088130c3cec5cd60ed405a6ea354aaf81cac638ccd70261b32848aecf4da2c13519189025614a8ec499e09046c242852a9a0d150bcbf1f709b955e26b6

Download Submit
C:\Windows\SysWOW64\wued.exe

Filesize
96KB

MD5
10adb3357e4db0637a7be0a570964531

SHA1
3d4b9fcb23f4fb2207bc61bab7394bc8f2e39fbe

SHA256
7cbd96748fedca736d84c254f1335512550b127a8c995697f9e44dad3b627950

SHA512
1f6757c178134f9744efe483045f1cec0f259ce62347ed699d3cf7a69240bcafc7ce0b769315f73ca616b8511d88079b59aab4b4d0f034fa544777926179e0e7

Download Submit
C:\Windows\SysWOW64\wued.exe

Filesize
96KB

MD5
10adb3357e4db0637a7be0a570964531

SHA1
3d4b9fcb23f4fb2207bc61bab7394bc8f2e39fbe

SHA256
7cbd96748fedca736d84c254f1335512550b127a8c995697f9e44dad3b627950

SHA512
1f6757c178134f9744efe483045f1cec0f259ce62347ed699d3cf7a69240bcafc7ce0b769315f73ca616b8511d88079b59aab4b4d0f034fa544777926179e0e7

Download Submit
C:\Windows\SysWOW64\wugpjoy.exe

Filesize
96KB

MD5
c34239a0161f6678923007bf2fb790e2

SHA1
11a6394a0668dc598a5153d90057d7b2d40d4cd0

SHA256
668e036d573ac4a33293d2a0125feec0a0edca80c73ea500aec09041383370db

SHA512
be8f2e7d6a1f6b3ed70f21c30e34ad09b37ccd21bbea9f70daed13fe617a9559be1f596cc3d905ed22b4742451e3beee1714e3df932c22efc6f9d7c42dd1a836

Download Submit
C:\Windows\SysWOW64\wugpjoy.exe

Filesize
96KB

MD5
c34239a0161f6678923007bf2fb790e2

SHA1
11a6394a0668dc598a5153d90057d7b2d40d4cd0

SHA256
668e036d573ac4a33293d2a0125feec0a0edca80c73ea500aec09041383370db

SHA512
be8f2e7d6a1f6b3ed70f21c30e34ad09b37ccd21bbea9f70daed13fe617a9559be1f596cc3d905ed22b4742451e3beee1714e3df932c22efc6f9d7c42dd1a836

Download Submit
C:\Windows\SysWOW64\wuqjnt.exe

Filesize
96KB

MD5
6594291efb350e8b017c9bbaf9c8e9f1

SHA1
515e8b78e04ae07d519151df3b2bf98d8482e18f

SHA256
af395608867f44e2ece53ddb6e154f34119e0d29402ae010423cbee5789d27d0

SHA512
42aa65ecf2d941fc6a32d3517aeec3adfe679d23e76efcdf07ab00e83314e7a1f25c93cd9a9c0dbc41e4db3ce8fb1acb77db577e6f89335da7736cb46ba1a5d5

Download Submit
C:\Windows\SysWOW64\wuqjnt.exe

Filesize
96KB

MD5
6594291efb350e8b017c9bbaf9c8e9f1

SHA1
515e8b78e04ae07d519151df3b2bf98d8482e18f

SHA256
af395608867f44e2ece53ddb6e154f34119e0d29402ae010423cbee5789d27d0

SHA512
42aa65ecf2d941fc6a32d3517aeec3adfe679d23e76efcdf07ab00e83314e7a1f25c93cd9a9c0dbc41e4db3ce8fb1acb77db577e6f89335da7736cb46ba1a5d5

Download Submit
C:\Windows\SysWOW64\wuxd.exe

Filesize
97KB

MD5
d20401a3ab7c3910d6f9e050135e9c8b

SHA1
1ba873829f48fda41761ede6ddddc10e7a1f9102

SHA256
280e38a687d5240c9ba4b2fb0962ceeb8d5bb17938cd52d37263b6919a1490ef

SHA512
7d83ffa888a079efa147b1d23255c68e9b0e51bb24e3665e6789794786dfcc6d5ea442f1e48a7bbd0221241cc9c1a7b2ed39693b881280dddc75e9e22cecbdf4

Download Submit
C:\Windows\SysWOW64\wuxd.exe

Filesize
97KB

MD5
d20401a3ab7c3910d6f9e050135e9c8b

SHA1
1ba873829f48fda41761ede6ddddc10e7a1f9102

SHA256
280e38a687d5240c9ba4b2fb0962ceeb8d5bb17938cd52d37263b6919a1490ef

SHA512
7d83ffa888a079efa147b1d23255c68e9b0e51bb24e3665e6789794786dfcc6d5ea442f1e48a7bbd0221241cc9c1a7b2ed39693b881280dddc75e9e22cecbdf4

Download Submit
C:\Windows\SysWOW64\wvak.exe

Filesize
97KB

MD5
ad80db0bf13c97cf30b905b87daf7f3f

SHA1
11dea9cdc549a3295021fad022e6fef5c5c2dcc9

SHA256
3d8195ed2457b5fd5a49ec1bd8ec8d7bd688fba48d68738a47b9112a21dec774

SHA512
beabe34f1491aed3b98d069ad3001a841685eb52d5e305827e78558208d6c43ced5ad09f9e86b7a69d3ecc7170b6dea1bdf9014943c97f3145484847971c6ac9

Download Submit
C:\Windows\SysWOW64\wvak.exe

Filesize
97KB

MD5
ad80db0bf13c97cf30b905b87daf7f3f

SHA1
11dea9cdc549a3295021fad022e6fef5c5c2dcc9

SHA256
3d8195ed2457b5fd5a49ec1bd8ec8d7bd688fba48d68738a47b9112a21dec774

SHA512
beabe34f1491aed3b98d069ad3001a841685eb52d5e305827e78558208d6c43ced5ad09f9e86b7a69d3ecc7170b6dea1bdf9014943c97f3145484847971c6ac9

Download Submit
C:\Windows\SysWOW64\wwajx.exe

Filesize
97KB

MD5
33bdcc59e7869ed5a09c2bca5784d501

SHA1
8dfe737589ee38a44fbf7c5f1609c76ce03acfaa

SHA256
80e6fd74e4c19bbc9b344b8b09b08165cc03d38b34f201a4581509aec8eb4c48

SHA512
d8b837402236e6825b94fd54223c146049b02692cb5e345da0643ab19d30cc4379a969d41ec810ae01125ec306fc2b13e41221196a7ab495da7c0cef46b4cf30

Download Submit
C:\Windows\SysWOW64\wwajx.exe

Filesize
97KB

MD5
33bdcc59e7869ed5a09c2bca5784d501

SHA1
8dfe737589ee38a44fbf7c5f1609c76ce03acfaa

SHA256
80e6fd74e4c19bbc9b344b8b09b08165cc03d38b34f201a4581509aec8eb4c48

SHA512
d8b837402236e6825b94fd54223c146049b02692cb5e345da0643ab19d30cc4379a969d41ec810ae01125ec306fc2b13e41221196a7ab495da7c0cef46b4cf30

Download Submit
C:\Windows\SysWOW64\wxrqdl.exe

Filesize
96KB

MD5
a483d8538216b6cc0d0fdd48533c7f91

SHA1
1f44de8acfc71d7807dea416db5b6d8a15896e28

SHA256
afc2213b8c98fcc3bd65aa6f8802da2dc192f4b308dd3a67eae8627f256c5e4c

SHA512
a900860b13dbd5c3f216d484c194a63089f83656e465f75203a6dc63f79ed0f6a8248c2b264c64fe8ceb05fc2bcd26ffb5544d65176dee91723e4e56bbb1d2e7

Download Submit
C:\Windows\SysWOW64\wxrqdl.exe

Filesize
96KB

MD5
a483d8538216b6cc0d0fdd48533c7f91

SHA1
1f44de8acfc71d7807dea416db5b6d8a15896e28

SHA256
afc2213b8c98fcc3bd65aa6f8802da2dc192f4b308dd3a67eae8627f256c5e4c

SHA512
a900860b13dbd5c3f216d484c194a63089f83656e465f75203a6dc63f79ed0f6a8248c2b264c64fe8ceb05fc2bcd26ffb5544d65176dee91723e4e56bbb1d2e7

Download Submit
C:\Windows\SysWOW64\wyrx.exe

Filesize
96KB

MD5
fb80959c6b46bc5b3ae7f2f50e438170

SHA1
354096d4b6925fc555bfc59caa3c19570a413ba1

SHA256
864abfd07e98f59d1e77ca6563ca70da644944837ff04be754c28d41104a3994

SHA512
9ad7e72a8877f512f3b8e5cd2a59f362d13de2dac1c8f3f1557e32b85183ff28856a8e65be8a7232fe23158bb85f9b83ab47a2dc64466989c2feecfd6658f8b1

Download Submit
C:\Windows\SysWOW64\wyrx.exe

Filesize
96KB

MD5
fb80959c6b46bc5b3ae7f2f50e438170

SHA1
354096d4b6925fc555bfc59caa3c19570a413ba1

SHA256
864abfd07e98f59d1e77ca6563ca70da644944837ff04be754c28d41104a3994

SHA512
9ad7e72a8877f512f3b8e5cd2a59f362d13de2dac1c8f3f1557e32b85183ff28856a8e65be8a7232fe23158bb85f9b83ab47a2dc64466989c2feecfd6658f8b1

Download Submit
memory/540-404-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/856-194-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1008-143-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1072-364-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1204-460-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1264-40-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1352-50-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1428-254-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1488-101-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1564-420-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1572-412-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1696-548-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1736-304-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1756-332-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1956-81-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1956-70-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1956-468-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1972-524-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2004-492-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2068-428-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2228-204-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2228-193-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2264-556-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2312-484-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2424-388-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2476-30-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2620-133-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2812-163-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2832-234-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2908-91-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2936-340-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3224-372-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3316-294-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3356-274-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3356-123-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3420-284-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3456-113-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3544-314-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3664-153-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3756-444-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3756-532-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3776-173-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3804-540-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3844-183-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3888-516-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3940-508-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4060-60-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4060-500-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4240-71-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4408-214-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4444-436-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4452-10-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4452-0-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4528-348-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4528-264-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4616-452-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4720-476-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4724-380-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4724-22-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4744-396-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4840-244-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4860-324-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/5004-356-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/5064-224-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download