60541cf24ece582c3cf0e5955ca62d7082f5b2512ec326a9fff40ebca51ff970

Analysis

max time kernel
159s
max time network
179s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
01-11-2023 14:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.63fa7b758dc071970fd813b1bb70b740.exe
Size

95KB
MD5

63fa7b758dc071970fd813b1bb70b740
SHA1

7d6b8b403ddabb6a128b5b1e223c65ab4e5fd869
SHA256

60541cf24ece582c3cf0e5955ca62d7082f5b2512ec326a9fff40ebca51ff970
SHA512

a54835ce8ff27e105d5f3c3f1be4566c21e83dd3292c534b34a4d8ab754ec830b25b7deb97f174682ac9b7a2799aee56fc7795d94e69692ec5d86f0f2e814f05
SSDEEP

1536:2zfXIsxrhzk2nfsW3ou3yWW2dvcW6eHcBwUi6vWE0Dl27b58XBdqaMw:yfjxrhzk2nfsWhP7dvavi6vWEbh8XX

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 61 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wtoo.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wuvrpxgii.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	woeqf.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wufku.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wtgla.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wyl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wpxm.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	whsdw.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wmybuep.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wtyi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wdtj.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wpof.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wsmgksp.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wje.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wmbky.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wark.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wsuvfm.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wdgs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	whftud.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wulyest.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wdefdxtuv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wwdiywp.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wjdna.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wuja.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wsoq.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	whvdfpt.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wjcm.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wgsgb.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	NEAS.63fa7b758dc071970fd813b1bb70b740.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wqeejnv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wxkqaw.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wmgf.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wodwtdp.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wmhkvuul.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wjpqxihi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wmxckhsx.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	woaocst.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wgyujqk.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wsddffnv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wevok.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wapbouti.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wpkoxo.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wfaymiw.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wcmlvfnu.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wyuaay.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wjdwy.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wftbmdx.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wjnuwkt.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wbhdjpxs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wnbvfufwp.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wyyuume.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wdcl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	whowku.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wyfhgh.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wodgpdm.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wquaxbv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	whps.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wmynwyg.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wnucug.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wjmpnx.exe
Key value queried	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation	wuchbl.exe

Executes dropped EXE 61 IoCs

pid	Process
4540	wjdwy.exe
4336	wsuvfm.exe
3864	wftbmdx.exe
560	wgyujqk.exe
4164	woeqf.exe
1436	wjnuwkt.exe
3364	wapbouti.exe
3340	wulyest.exe
3444	wmynwyg.exe
5072	wufku.exe
4240	whsdw.exe
1864	wsddffnv.exe
1856	wmybuep.exe
1156	wtgla.exe
3996	wodgpdm.exe
5108	wqeejnv.exe
1960	wtyi.exe
4636	wdefdxtuv.exe
1852	wxkqaw.exe
1424	wtoo.exe
4504	wbhdjpxs.exe
4704	wjdna.exe
1272	wdgs.exe
2372	whvdfpt.exe
2348	wpkoxo.exe
400	wsmgksp.exe
848	wfaymiw.exe
3952	wcmlvfnu.exe
4636	wje.exe
2852	wnucug.exe
4968	wmhkvuul.exe
3336	wquaxbv.exe
1144	wuja.exe
1420	whps.exe
3856	wjpqxihi.exe
228	wwdiywp.exe
4520	wmbky.exe
2872	whftud.exe
1384	whowku.exe
2808	wjcm.exe
4636	wmxckhsx.exe
1892	wnbvfufwp.exe
3396	wevok.exe
3336	wark.exe
4980	wmgf.exe
3912	wyl.exe
1696	wpxm.exe
4712	wyfhgh.exe
4316	wdtj.exe
4284	wgsgb.exe
1692	wjmpnx.exe
456	wodwtdp.exe
1828	woaocst.exe
1892	wsoq.exe
4496	wyuaay.exe
3336	wyyuume.exe
3788	wdcl.exe
3632	wpof.exe
4988	wuchbl.exe
2212	wuvrpxgii.exe
5020	wvhnxj.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\wulyest.exe	wapbouti.exe
File opened for modification	C:\Windows\SysWOW64\whowku.exe	whftud.exe
File created	C:\Windows\SysWOW64\wjdwy.exe	NEAS.63fa7b758dc071970fd813b1bb70b740.exe
File opened for modification	C:\Windows\SysWOW64\wsuvfm.exe	wjdwy.exe
File created	C:\Windows\SysWOW64\wmynwyg.exe	wulyest.exe
File opened for modification	C:\Windows\SysWOW64\wjcm.exe	whowku.exe
File opened for modification	C:\Windows\SysWOW64\wevok.exe	wnbvfufwp.exe
File opened for modification	C:\Windows\SysWOW64\wtgla.exe	wmybuep.exe
File opened for modification	C:\Windows\SysWOW64\whps.exe	wuja.exe
File created	C:\Windows\SysWOW64\whftud.exe	wmbky.exe
File created	C:\Windows\SysWOW64\wuchbl.exe	wpof.exe
File opened for modification	C:\Windows\SysWOW64\wpof.exe	wdcl.exe
File opened for modification	C:\Windows\SysWOW64\whsdw.exe	wufku.exe
File opened for modification	C:\Windows\SysWOW64\wdgs.exe	wjdna.exe
File created	C:\Windows\SysWOW64\wmxckhsx.exe	wjcm.exe
File opened for modification	C:\Windows\SysWOW64\wmgf.exe	wark.exe
File opened for modification	C:\Windows\SysWOW64\wyfhgh.exe	wpxm.exe
File opened for modification	C:\Windows\SysWOW64\wodgpdm.exe	wtgla.exe
File created	C:\Windows\SysWOW64\wjdna.exe	wbhdjpxs.exe
File created	C:\Windows\SysWOW64\wfaymiw.exe	wsmgksp.exe
File created	C:\Windows\SysWOW64\wquaxbv.exe	wmhkvuul.exe
File created	C:\Windows\SysWOW64\wraduean.exe	wvhnxj.exe
File created	C:\Windows\SysWOW64\wftbmdx.exe	wsuvfm.exe
File created	C:\Windows\SysWOW64\wsddffnv.exe	whsdw.exe
File opened for modification	C:\Windows\SysWOW64\wcmlvfnu.exe	wfaymiw.exe
File created	C:\Windows\SysWOW64\wmbky.exe	wwdiywp.exe
File created	C:\Windows\SysWOW64\wgsgb.exe	wdtj.exe
File created	C:\Windows\SysWOW64\wyyuume.exe	wyuaay.exe
File opened for modification	C:\Windows\SysWOW64\wdcl.exe	wyyuume.exe
File created	C:\Windows\SysWOW64\wark.exe	wevok.exe
File opened for modification	C:\Windows\SysWOW64\wgyujqk.exe	wftbmdx.exe
File created	C:\Windows\SysWOW64\wulyest.exe	wapbouti.exe
File opened for modification	C:\Windows\SysWOW64\wuja.exe	wquaxbv.exe
File opened for modification	C:\Windows\SysWOW64\wyuaay.exe	wsoq.exe
File opened for modification	C:\Windows\SysWOW64\wsoq.exe	woaocst.exe
File created	C:\Windows\SysWOW64\wgyujqk.exe	wftbmdx.exe
File created	C:\Windows\SysWOW64\wmybuep.exe	wsddffnv.exe
File opened for modification	C:\Windows\SysWOW64\wpkoxo.exe	whvdfpt.exe
File opened for modification	C:\Windows\SysWOW64\wwdiywp.exe	wjpqxihi.exe
File created	C:\Windows\SysWOW64\wyl.exe	wmgf.exe
File opened for modification	C:\Windows\SysWOW64\woeqf.exe	wgyujqk.exe
File created	C:\Windows\SysWOW64\wufku.exe	wmynwyg.exe
File created	C:\Windows\SysWOW64\whps.exe	wuja.exe
File opened for modification	C:\Windows\SysWOW64\wark.exe	wevok.exe
File opened for modification	C:\Windows\SysWOW64\wjmpnx.exe	wgsgb.exe
File created	C:\Windows\SysWOW64\wodwtdp.exe	wjmpnx.exe
File created	C:\Windows\SysWOW64\whsdw.exe	wufku.exe
File created	C:\Windows\SysWOW64\wtgla.exe	wmybuep.exe
File opened for modification	C:\Windows\SysWOW64\wtyi.exe	wqeejnv.exe
File created	C:\Windows\SysWOW64\wtoo.exe	wxkqaw.exe
File created	C:\Windows\SysWOW64\wevok.exe	wnbvfufwp.exe
File created	C:\Windows\SysWOW64\wtyi.exe	wqeejnv.exe
File created	C:\Windows\SysWOW64\wxkqaw.exe	wdefdxtuv.exe
File created	C:\Windows\SysWOW64\wsoq.exe	woaocst.exe
File opened for modification	C:\Windows\SysWOW64\wuchbl.exe	wpof.exe
File opened for modification	C:\Windows\SysWOW64\wufku.exe	wmynwyg.exe
File opened for modification	C:\Windows\SysWOW64\wquaxbv.exe	wmhkvuul.exe
File created	C:\Windows\SysWOW64\wmgf.exe	wark.exe
File created	C:\Windows\SysWOW64\wvhnxj.exe	wuvrpxgii.exe
File created	C:\Windows\SysWOW64\wodgpdm.exe	wtgla.exe
File opened for modification	C:\Windows\SysWOW64\wjdna.exe	wbhdjpxs.exe
File created	C:\Windows\SysWOW64\wje.exe	wcmlvfnu.exe
File created	C:\Windows\SysWOW64\wpxm.exe	wyl.exe
File created	C:\Windows\SysWOW64\wuvrpxgii.exe	wuchbl.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 9 IoCs

pid	pid_target	Process	procid_target
2724	4540	WerFault.exe	91
2176	4540	WerFault.exe	91
2600	560	WerFault.exe	105
1820	560	WerFault.exe	105
1792	4636	WerFault.exe	158
4448	4636	WerFault.exe	158
4264	1144	WerFault.exe	208
1724	1692	WerFault.exe	264
3192	4496	WerFault.exe	278

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 4540	2044	NEAS.63fa7b758dc071970fd813b1bb70b740.exe	91
PID 2044 wrote to memory of 4540	2044	NEAS.63fa7b758dc071970fd813b1bb70b740.exe	91
PID 2044 wrote to memory of 4540	2044	NEAS.63fa7b758dc071970fd813b1bb70b740.exe	91
PID 2044 wrote to memory of 456	2044	NEAS.63fa7b758dc071970fd813b1bb70b740.exe	93
PID 2044 wrote to memory of 456	2044	NEAS.63fa7b758dc071970fd813b1bb70b740.exe	93
PID 2044 wrote to memory of 456	2044	NEAS.63fa7b758dc071970fd813b1bb70b740.exe	93
PID 4540 wrote to memory of 4336	4540	wjdwy.exe	95
PID 4540 wrote to memory of 4336	4540	wjdwy.exe	95
PID 4540 wrote to memory of 4336	4540	wjdwy.exe	95
PID 4540 wrote to memory of 3632	4540	wjdwy.exe	96
PID 4540 wrote to memory of 3632	4540	wjdwy.exe	96
PID 4540 wrote to memory of 3632	4540	wjdwy.exe	96
PID 4336 wrote to memory of 3864	4336	wsuvfm.exe	102
PID 4336 wrote to memory of 3864	4336	wsuvfm.exe	102
PID 4336 wrote to memory of 3864	4336	wsuvfm.exe	102
PID 4336 wrote to memory of 2280	4336	wsuvfm.exe	103
PID 4336 wrote to memory of 2280	4336	wsuvfm.exe	103
PID 4336 wrote to memory of 2280	4336	wsuvfm.exe	103
PID 3864 wrote to memory of 560	3864	wftbmdx.exe	105
PID 3864 wrote to memory of 560	3864	wftbmdx.exe	105
PID 3864 wrote to memory of 560	3864	wftbmdx.exe	105
PID 3864 wrote to memory of 1660	3864	wftbmdx.exe	106
PID 3864 wrote to memory of 1660	3864	wftbmdx.exe	106
PID 3864 wrote to memory of 1660	3864	wftbmdx.exe	106
PID 560 wrote to memory of 4164	560	wgyujqk.exe	108
PID 560 wrote to memory of 4164	560	wgyujqk.exe	108
PID 560 wrote to memory of 4164	560	wgyujqk.exe	108
PID 560 wrote to memory of 4656	560	wgyujqk.exe	109
PID 560 wrote to memory of 4656	560	wgyujqk.exe	109
PID 560 wrote to memory of 4656	560	wgyujqk.exe	109
PID 4164 wrote to memory of 1436	4164	woeqf.exe	115
PID 4164 wrote to memory of 1436	4164	woeqf.exe	115
PID 4164 wrote to memory of 1436	4164	woeqf.exe	115
PID 4164 wrote to memory of 2028	4164	woeqf.exe	116
PID 4164 wrote to memory of 2028	4164	woeqf.exe	116
PID 4164 wrote to memory of 2028	4164	woeqf.exe	116
PID 1436 wrote to memory of 3364	1436	wjnuwkt.exe	118
PID 1436 wrote to memory of 3364	1436	wjnuwkt.exe	118
PID 1436 wrote to memory of 3364	1436	wjnuwkt.exe	118
PID 1436 wrote to memory of 4308	1436	wjnuwkt.exe	119
PID 1436 wrote to memory of 4308	1436	wjnuwkt.exe	119
PID 1436 wrote to memory of 4308	1436	wjnuwkt.exe	119
PID 3364 wrote to memory of 3340	3364	wapbouti.exe	121
PID 3364 wrote to memory of 3340	3364	wapbouti.exe	121
PID 3364 wrote to memory of 3340	3364	wapbouti.exe	121
PID 3364 wrote to memory of 4488	3364	wapbouti.exe	122
PID 3364 wrote to memory of 4488	3364	wapbouti.exe	122
PID 3364 wrote to memory of 4488	3364	wapbouti.exe	122
PID 3340 wrote to memory of 3444	3340	wulyest.exe	124
PID 3340 wrote to memory of 3444	3340	wulyest.exe	124
PID 3340 wrote to memory of 3444	3340	wulyest.exe	124
PID 3340 wrote to memory of 2476	3340	wulyest.exe	125
PID 3340 wrote to memory of 2476	3340	wulyest.exe	125
PID 3340 wrote to memory of 2476	3340	wulyest.exe	125
PID 3444 wrote to memory of 5072	3444	wmynwyg.exe	127
PID 3444 wrote to memory of 5072	3444	wmynwyg.exe	127
PID 3444 wrote to memory of 5072	3444	wmynwyg.exe	127
PID 3444 wrote to memory of 3800	3444	wmynwyg.exe	128
PID 3444 wrote to memory of 3800	3444	wmynwyg.exe	128
PID 3444 wrote to memory of 3800	3444	wmynwyg.exe	128
PID 5072 wrote to memory of 4240	5072	wufku.exe	130
PID 5072 wrote to memory of 4240	5072	wufku.exe	130
PID 5072 wrote to memory of 4240	5072	wufku.exe	130
PID 5072 wrote to memory of 4528	5072	wufku.exe	131

C:\Users\Admin\AppData\Local\Temp\NEAS.63fa7b758dc071970fd813b1bb70b740.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.63fa7b758dc071970fd813b1bb70b740.exe"
1⤵
- Checks computer location settings
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Windows\SysWOW64\wjdwy.exe
  "C:\Windows\system32\wjdwy.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:4540
- - C:\Windows\SysWOW64\wsuvfm.exe
    "C:\Windows\system32\wsuvfm.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Drops file in System32 directory
    - Suspicious use of WriteProcessMemory
    PID:4336
  - - C:\Windows\SysWOW64\wftbmdx.exe
      "C:\Windows\system32\wftbmdx.exe"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:3864
    - - C:\Windows\SysWOW64\wgyujqk.exe
        
        "C:\Windows\system32\wgyujqk.exe"
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:560
      - C:\Windows\SysWOW64\woeqf.exe
        
        "C:\Windows\system32\woeqf.exe"
        6⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4164
        
        C:\Windows\SysWOW64\wjnuwkt.exe
        
        "C:\Windows\system32\wjnuwkt.exe"
        7⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1436
        
        C:\Windows\SysWOW64\wapbouti.exe
        
        "C:\Windows\system32\wapbouti.exe"
        8⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:3364
        
        C:\Windows\SysWOW64\wulyest.exe
        
        "C:\Windows\system32\wulyest.exe"
        9⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:3340
        
        C:\Windows\SysWOW64\wmynwyg.exe
        
        "C:\Windows\system32\wmynwyg.exe"
        10⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:3444
        
        C:\Windows\SysWOW64\wufku.exe
        
        "C:\Windows\system32\wufku.exe"
        11⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:5072
        
        C:\Windows\SysWOW64\whsdw.exe
        
        "C:\Windows\system32\whsdw.exe"
        12⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4240
        
        C:\Windows\SysWOW64\wsddffnv.exe
        
        "C:\Windows\system32\wsddffnv.exe"
        13⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1864
        
        C:\Windows\SysWOW64\wmybuep.exe
        
        "C:\Windows\system32\wmybuep.exe"
        14⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1856
        
        C:\Windows\SysWOW64\wtgla.exe
        
        "C:\Windows\system32\wtgla.exe"
        15⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1156
        
        C:\Windows\SysWOW64\wodgpdm.exe
        
        "C:\Windows\system32\wodgpdm.exe"
        16⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:3996
        
        C:\Windows\SysWOW64\wqeejnv.exe
        
        "C:\Windows\system32\wqeejnv.exe"
        17⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:5108
        
        C:\Windows\SysWOW64\wtyi.exe
        
        "C:\Windows\system32\wtyi.exe"
        18⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:1960
        
        C:\Windows\SysWOW64\wdefdxtuv.exe
        
        "C:\Windows\system32\wdefdxtuv.exe"
        19⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4636
        
        C:\Windows\SysWOW64\wxkqaw.exe
        
        "C:\Windows\system32\wxkqaw.exe"
        20⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1852
        
        C:\Windows\SysWOW64\wtoo.exe
        
        "C:\Windows\system32\wtoo.exe"
        21⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:1424
        
        C:\Windows\SysWOW64\wbhdjpxs.exe
        
        "C:\Windows\system32\wbhdjpxs.exe"
        22⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4504
        
        C:\Windows\SysWOW64\wjdna.exe
        
        "C:\Windows\system32\wjdna.exe"
        23⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4704
        
        C:\Windows\SysWOW64\wdgs.exe
        
        "C:\Windows\system32\wdgs.exe"
        24⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:1272
        
        C:\Windows\SysWOW64\whvdfpt.exe
        
        "C:\Windows\system32\whvdfpt.exe"
        25⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2372
        
        C:\Windows\SysWOW64\wpkoxo.exe
        
        "C:\Windows\system32\wpkoxo.exe"
        26⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:2348
        
        C:\Windows\SysWOW64\wsmgksp.exe
        
        "C:\Windows\system32\wsmgksp.exe"
        27⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:400
        
        C:\Windows\SysWOW64\wfaymiw.exe
        
        "C:\Windows\system32\wfaymiw.exe"
        28⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:848
        
        C:\Windows\SysWOW64\wcmlvfnu.exe
        
        "C:\Windows\system32\wcmlvfnu.exe"
        29⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3952
        
        C:\Windows\SysWOW64\wje.exe
        
        "C:\Windows\system32\wje.exe"
        30⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:4636
        
        C:\Windows\SysWOW64\wnucug.exe
        
        "C:\Windows\system32\wnucug.exe"
        31⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:2852
        
        C:\Windows\SysWOW64\wmhkvuul.exe
        
        "C:\Windows\system32\wmhkvuul.exe"
        32⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4968
        
        C:\Windows\SysWOW64\wquaxbv.exe
        
        "C:\Windows\system32\wquaxbv.exe"
        33⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3336
        
        C:\Windows\SysWOW64\wuja.exe
        
        "C:\Windows\system32\wuja.exe"
        34⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1144
        
        C:\Windows\SysWOW64\whps.exe
        
        "C:\Windows\system32\whps.exe"
        35⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:1420
        
        C:\Windows\SysWOW64\wjpqxihi.exe
        
        "C:\Windows\system32\wjpqxihi.exe"
        36⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3856
        
        C:\Windows\SysWOW64\wwdiywp.exe
        
        "C:\Windows\system32\wwdiywp.exe"
        37⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:228
        
        C:\Windows\SysWOW64\wmbky.exe
        
        "C:\Windows\system32\wmbky.exe"
        38⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4520
        
        C:\Windows\SysWOW64\whftud.exe
        
        "C:\Windows\system32\whftud.exe"
        39⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2872
        
        C:\Windows\SysWOW64\whowku.exe
        
        "C:\Windows\system32\whowku.exe"
        40⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1384
        
        C:\Windows\SysWOW64\wjcm.exe
        
        "C:\Windows\system32\wjcm.exe"
        41⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2808
        
        C:\Windows\SysWOW64\wmxckhsx.exe
        
        "C:\Windows\system32\wmxckhsx.exe"
        42⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:4636
        
        C:\Windows\SysWOW64\wnbvfufwp.exe
        
        "C:\Windows\system32\wnbvfufwp.exe"
        43⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1892
        
        C:\Windows\SysWOW64\wevok.exe
        
        "C:\Windows\system32\wevok.exe"
        44⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3396
        
        C:\Windows\SysWOW64\wark.exe
        
        "C:\Windows\system32\wark.exe"
        45⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3336
        
        C:\Windows\SysWOW64\wmgf.exe
        
        "C:\Windows\system32\wmgf.exe"
        46⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4980
        
        C:\Windows\SysWOW64\wyl.exe
        
        "C:\Windows\system32\wyl.exe"
        47⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3912
        
        C:\Windows\SysWOW64\wpxm.exe
        
        "C:\Windows\system32\wpxm.exe"
        48⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1696
        
        C:\Windows\SysWOW64\wyfhgh.exe
        
        "C:\Windows\system32\wyfhgh.exe"
        49⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:4712
        
        C:\Windows\SysWOW64\wdtj.exe
        
        "C:\Windows\system32\wdtj.exe"
        50⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4316
        
        C:\Windows\SysWOW64\wgsgb.exe
        
        "C:\Windows\system32\wgsgb.exe"
        51⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4284
        
        C:\Windows\SysWOW64\wjmpnx.exe
        
        "C:\Windows\system32\wjmpnx.exe"
        52⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1692
        
        C:\Windows\SysWOW64\wodwtdp.exe
        
        "C:\Windows\system32\wodwtdp.exe"
        53⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:456
        
        C:\Windows\SysWOW64\woaocst.exe
        
        "C:\Windows\system32\woaocst.exe"
        54⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1828
        
        C:\Windows\SysWOW64\wsoq.exe
        
        "C:\Windows\system32\wsoq.exe"
        55⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1892
        
        C:\Windows\SysWOW64\wyuaay.exe
        
        "C:\Windows\system32\wyuaay.exe"
        56⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4496
        
        C:\Windows\SysWOW64\wyyuume.exe
        
        "C:\Windows\system32\wyyuume.exe"
        57⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3336
        
        C:\Windows\SysWOW64\wdcl.exe
        
        "C:\Windows\system32\wdcl.exe"
        58⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3788
        
        C:\Windows\SysWOW64\wpof.exe
        
        "C:\Windows\system32\wpof.exe"
        59⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3632
        
        C:\Windows\SysWOW64\wuchbl.exe
        
        "C:\Windows\system32\wuchbl.exe"
        60⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4988
        
        C:\Windows\SysWOW64\wuvrpxgii.exe
        
        "C:\Windows\system32\wuvrpxgii.exe"
        61⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2212
        
        C:\Windows\SysWOW64\wvhnxj.exe
        
        "C:\Windows\system32\wvhnxj.exe"
        62⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:5020
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wuvrpxgii.exe"
        62⤵
        
        PID:560
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wuchbl.exe"
        61⤵
        
        PID:4520
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpof.exe"
        60⤵
        
        PID:4360
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdcl.exe"
        59⤵
        
        PID:928
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wyyuume.exe"
        58⤵
        
        PID:4628
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wyuaay.exe"
        57⤵
        
        PID:4652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 116
        57⤵
        Program crash
        
        PID:3192
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wsoq.exe"
        56⤵
        
        PID:4064
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\woaocst.exe"
        55⤵
        
        PID:3532
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wodwtdp.exe"
        54⤵
        
        PID:4228
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjmpnx.exe"
        53⤵
        
        PID:3732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 1504
        53⤵
        Program crash
        
        PID:1724
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgsgb.exe"
        52⤵
        
        PID:3432
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdtj.exe"
        51⤵
        
        PID:892
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wyfhgh.exe"
        50⤵
        
        PID:1524
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpxm.exe"
        49⤵
        
        PID:328
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wyl.exe"
        48⤵
        
        PID:64
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmgf.exe"
        47⤵
        
        PID:4812
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wark.exe"
        46⤵
        
        PID:3068
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wevok.exe"
        45⤵
        
        PID:1248
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnbvfufwp.exe"
        44⤵
        
        PID:4836
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmxckhsx.exe"
        43⤵
        
        PID:3956
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjcm.exe"
        42⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whowku.exe"
        41⤵
        
        PID:1692
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whftud.exe"
        40⤵
        
        PID:4284
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmbky.exe"
        39⤵
        
        PID:4164
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwdiywp.exe"
        38⤵
        
        PID:4324
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjpqxihi.exe"
        37⤵
        
        PID:4776
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whps.exe"
        36⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wuja.exe"
        35⤵
        
        PID:1928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 116
        35⤵
        Program crash
        
        PID:4264
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wquaxbv.exe"
        34⤵
        
        PID:1060
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmhkvuul.exe"
        33⤵
        
        PID:5072
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnucug.exe"
        32⤵
        
        PID:2572
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wje.exe"
        31⤵
        
        PID:884
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wcmlvfnu.exe"
        30⤵
        
        PID:4760
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfaymiw.exe"
        29⤵
        
        PID:4164
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wsmgksp.exe"
        28⤵
        
        PID:2284
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpkoxo.exe"
        27⤵
        
        PID:4628
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whvdfpt.exe"
        26⤵
        
        PID:2504
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdgs.exe"
        25⤵
        
        PID:4472
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjdna.exe"
        24⤵
        
        PID:4784
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbhdjpxs.exe"
        23⤵
        
        PID:1964
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtoo.exe"
        22⤵
        
        PID:3364
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxkqaw.exe"
        21⤵
        
        PID:4284
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdefdxtuv.exe"
        20⤵
        
        PID:1760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 1480
        20⤵
        Program crash
        
        PID:1792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 1488
        20⤵
        Program crash
        
        PID:4448
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtyi.exe"
        19⤵
        
        PID:404
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqeejnv.exe"
        18⤵
        
        PID:4528
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wodgpdm.exe"
        17⤵
        
        PID:440
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtgla.exe"
        16⤵
        
        PID:4392
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmybuep.exe"
        15⤵
        
        PID:2904
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wsddffnv.exe"
        14⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whsdw.exe"
        13⤵
        
        PID:1928
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wufku.exe"
        12⤵
        
        PID:4528
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmynwyg.exe"
        11⤵
        
        PID:3800
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wulyest.exe"
        10⤵
        
        PID:2476
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wapbouti.exe"
        9⤵
        
        PID:4488
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjnuwkt.exe"
        8⤵
        
        PID:4308
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\woeqf.exe"
        7⤵
        
        PID:2028
      - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgyujqk.exe"
        6⤵
        
        PID:4656
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 560 -s 1340
        6⤵
        Program crash
        
        PID:2600
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 560 -s 1316
        6⤵
        Program crash
        
        PID:1820
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wftbmdx.exe"
        5⤵
        
        PID:1660
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wsuvfm.exe"
      4⤵
      PID:2280
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjdwy.exe"
    3⤵
    PID:3632
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 116
    3⤵
    - Program crash
    PID:2724
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 1108
    3⤵
    - Program crash
    PID:2176
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c del "C:\Users\Admin\AppData\Local\Temp\NEAS.63fa7b758dc071970fd813b1bb70b740.exe"
  2⤵
  PID:456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4540 -ip 4540
1⤵
PID:4936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 4540 -ip 4540
1⤵
PID:4932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 560 -ip 560
1⤵
PID:4940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 560 -ip 560
1⤵
PID:3952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4636 -ip 4636
1⤵
PID:848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 4636 -ip 4636
1⤵
PID:3876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 1144 -ip 1144
1⤵
PID:4064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 1692 -ip 1692
1⤵
PID:3340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 4496 -ip 4496
1⤵
PID:4724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\wapbouti.exe

Filesize
95KB

MD5
ae931032a519cd3c922b3e7c06973677

SHA1
1a27dca0a1a10c41ebb69dd4202b6a89a1fca016

SHA256
0014a18afa23950d2dfb670ed57cfd1d4be2f5cfdcb9272a81c3bc6c9ca69205

SHA512
f7b2632c731df190f4cc97476fb8ea15dbef04ed19ce705fca9ad28dd5a22c6ae48e94dd75d5166b2730e4719b8175b87383383f362c0345a0e06fbdc88dedbe

Download Submit
C:\Windows\SysWOW64\wapbouti.exe

Filesize
95KB

MD5
ae931032a519cd3c922b3e7c06973677

SHA1
1a27dca0a1a10c41ebb69dd4202b6a89a1fca016

SHA256
0014a18afa23950d2dfb670ed57cfd1d4be2f5cfdcb9272a81c3bc6c9ca69205

SHA512
f7b2632c731df190f4cc97476fb8ea15dbef04ed19ce705fca9ad28dd5a22c6ae48e94dd75d5166b2730e4719b8175b87383383f362c0345a0e06fbdc88dedbe

Download Submit
C:\Windows\SysWOW64\wbhdjpxs.exe

Filesize
96KB

MD5
cb471bab0357f3b21d9438b38e94857a

SHA1
661bd936ab2b26f692f486d49c990f5634678c24

SHA256
f2174b9975569c1cabf97ce6ea5d82a7857399b46d485f4c873ae4f448349b7d

SHA512
e801c4e7940f8d72cdd356bd86cbfa690bb5c5418dd72fd6ad2293e8285b853c785780a7d20e5cc516038488c399fe06ab5071b7f22dcd9cfe9fcbf4f7cb33e1

Download Submit
C:\Windows\SysWOW64\wbhdjpxs.exe

Filesize
96KB

MD5
cb471bab0357f3b21d9438b38e94857a

SHA1
661bd936ab2b26f692f486d49c990f5634678c24

SHA256
f2174b9975569c1cabf97ce6ea5d82a7857399b46d485f4c873ae4f448349b7d

SHA512
e801c4e7940f8d72cdd356bd86cbfa690bb5c5418dd72fd6ad2293e8285b853c785780a7d20e5cc516038488c399fe06ab5071b7f22dcd9cfe9fcbf4f7cb33e1

Download Submit
C:\Windows\SysWOW64\wcmlvfnu.exe

Filesize
96KB

MD5
2e902fe1a5330634af25bc82f000044f

SHA1
09ef1236740431c52f7651917f7da3e35b358b34

SHA256
f260538b0f818cad367727dfea1dd4d0e0d592ad48b5258745f1803344f64595

SHA512
95e2f59ed46329b7af3e2ae846043ab9de081aff896195e31ca2472a4b887713a96edde096678d2a1dc9aa008a1f47f0c8c1c54678f02bc7a7832e71dbb27633

Download Submit
C:\Windows\SysWOW64\wcmlvfnu.exe

Filesize
96KB

MD5
2e902fe1a5330634af25bc82f000044f

SHA1
09ef1236740431c52f7651917f7da3e35b358b34

SHA256
f260538b0f818cad367727dfea1dd4d0e0d592ad48b5258745f1803344f64595

SHA512
95e2f59ed46329b7af3e2ae846043ab9de081aff896195e31ca2472a4b887713a96edde096678d2a1dc9aa008a1f47f0c8c1c54678f02bc7a7832e71dbb27633

Download Submit
C:\Windows\SysWOW64\wdefdxtuv.exe

Filesize
95KB

MD5
94d088d8d77ca774d21d2dcf0d10f335

SHA1
fc2ce1f2153c4dfc0d0d106d204faf0dd74a3a93

SHA256
0b4d1efbadae2408c16e7f151f340f56734e1bf0247e785206b43cfd9a63c84a

SHA512
b5b36dc22f442b4d9706ca5dfab41a5c2efa40bb6add0c25fe5f1e6e07d9878f7ddb516bd30ad9a28cba0304ddcb5535fdb23dfb40155ec1585781b67228619c

Download Submit
C:\Windows\SysWOW64\wdefdxtuv.exe

Filesize
95KB

MD5
94d088d8d77ca774d21d2dcf0d10f335

SHA1
fc2ce1f2153c4dfc0d0d106d204faf0dd74a3a93

SHA256
0b4d1efbadae2408c16e7f151f340f56734e1bf0247e785206b43cfd9a63c84a

SHA512
b5b36dc22f442b4d9706ca5dfab41a5c2efa40bb6add0c25fe5f1e6e07d9878f7ddb516bd30ad9a28cba0304ddcb5535fdb23dfb40155ec1585781b67228619c

Download Submit
C:\Windows\SysWOW64\wdgs.exe

Filesize
96KB

MD5
83f811bfd0c8cdc42173f27a74b3956e

SHA1
d8a8d9b3839f5a853c27ac69214756d6a93836c7

SHA256
b14a74df3327bd6cfa2938485170924dd6b9adf778b85639a2a1e0bf26f80dd8

SHA512
4d2eae740f2b84f303493de0860fc5357e796ab0f9ed5d18c6dceb5c294bce4ea789651091931ecf6d59965bb43d2b457205f8e2a4862dccc88c0bc29c22f52e

Download Submit
C:\Windows\SysWOW64\wdgs.exe

Filesize
96KB

MD5
83f811bfd0c8cdc42173f27a74b3956e

SHA1
d8a8d9b3839f5a853c27ac69214756d6a93836c7

SHA256
b14a74df3327bd6cfa2938485170924dd6b9adf778b85639a2a1e0bf26f80dd8

SHA512
4d2eae740f2b84f303493de0860fc5357e796ab0f9ed5d18c6dceb5c294bce4ea789651091931ecf6d59965bb43d2b457205f8e2a4862dccc88c0bc29c22f52e

Download Submit
C:\Windows\SysWOW64\wfaymiw.exe

Filesize
96KB

MD5
2d056b6fdd116ffe6ad068a579999667

SHA1
c4c6324d84b7d0e0a4d7fb649b6d55b0129ed04b

SHA256
f99bf5d35e30992a0b600966aa588e9695b0fec3a6ff424ecaf8e5375b92f071

SHA512
83c0e9e705f948f974c4f525f4683e42cab894c0ba74bc54a3d8d5c5968a561519a5a37ea41ee1b19032752ea5ecc7c9757c1ff9833c7d403c98b638473181de

Download Submit
C:\Windows\SysWOW64\wfaymiw.exe

Filesize
96KB

MD5
2d056b6fdd116ffe6ad068a579999667

SHA1
c4c6324d84b7d0e0a4d7fb649b6d55b0129ed04b

SHA256
f99bf5d35e30992a0b600966aa588e9695b0fec3a6ff424ecaf8e5375b92f071

SHA512
83c0e9e705f948f974c4f525f4683e42cab894c0ba74bc54a3d8d5c5968a561519a5a37ea41ee1b19032752ea5ecc7c9757c1ff9833c7d403c98b638473181de

Download Submit
C:\Windows\SysWOW64\wftbmdx.exe

Filesize
95KB

MD5
aabdd09c0a876a98db7e56214a83620f

SHA1
f5d3f097eceb96cd65ca547bb4f241c956176cbb

SHA256
4bd8eaf67b1e0de821ac1e879d847daeaf875210d4d987067c47c00eb78978c6

SHA512
1fda55b2eed7d2316d52845cdf5867f9c6bfd774de0455517ef5980f584c0b13057827ff4d10af91828605b5902d794f3a4b5d51d977d9c881d97faae8a1133c

Download Submit
C:\Windows\SysWOW64\wftbmdx.exe

Filesize
95KB

MD5
aabdd09c0a876a98db7e56214a83620f

SHA1
f5d3f097eceb96cd65ca547bb4f241c956176cbb

SHA256
4bd8eaf67b1e0de821ac1e879d847daeaf875210d4d987067c47c00eb78978c6

SHA512
1fda55b2eed7d2316d52845cdf5867f9c6bfd774de0455517ef5980f584c0b13057827ff4d10af91828605b5902d794f3a4b5d51d977d9c881d97faae8a1133c

Download Submit
C:\Windows\SysWOW64\wgyujqk.exe

Filesize
95KB

MD5
f26f8523bed5c0ed9b26f03fad63c677

SHA1
74ae42a134bc507f934ea1bca9920e7063a3fa25

SHA256
28e560df3863ed71dc2b5e7b5ac15539f723b0cb6d809ff2037a21e67c0350b3

SHA512
38b9b78735bada394ce346062f107d0913cb50a87ccb1e0022e11b489eff8c00c28f04cd7c15429cb496244700dab92ee1ea78bf0d55ea4ecd9b6cd27fc49edb

Download Submit
C:\Windows\SysWOW64\wgyujqk.exe

Filesize
95KB

MD5
f26f8523bed5c0ed9b26f03fad63c677

SHA1
74ae42a134bc507f934ea1bca9920e7063a3fa25

SHA256
28e560df3863ed71dc2b5e7b5ac15539f723b0cb6d809ff2037a21e67c0350b3

SHA512
38b9b78735bada394ce346062f107d0913cb50a87ccb1e0022e11b489eff8c00c28f04cd7c15429cb496244700dab92ee1ea78bf0d55ea4ecd9b6cd27fc49edb

Download Submit
C:\Windows\SysWOW64\whsdw.exe

Filesize
95KB

MD5
65d370d6d7f15ec23c3e4e4b460e5d44

SHA1
dc91827bba6516042398bb3b52c9e10dcc0bd989

SHA256
43607beef4248a23efe5fca3b47b878d174292e270d7d10e7627eb0f51d5ce7d

SHA512
42f74f1a93c5269ace4414491e172662989fa807924c0cfa4a0d7562fea4c870a500aa40266eebc3b6e79f2f873a302c86b248b9728498ded96280aefd1a8574

Download Submit
C:\Windows\SysWOW64\whsdw.exe

Filesize
95KB

MD5
65d370d6d7f15ec23c3e4e4b460e5d44

SHA1
dc91827bba6516042398bb3b52c9e10dcc0bd989

SHA256
43607beef4248a23efe5fca3b47b878d174292e270d7d10e7627eb0f51d5ce7d

SHA512
42f74f1a93c5269ace4414491e172662989fa807924c0cfa4a0d7562fea4c870a500aa40266eebc3b6e79f2f873a302c86b248b9728498ded96280aefd1a8574

Download Submit
C:\Windows\SysWOW64\whvdfpt.exe

Filesize
96KB

MD5
0aa0140c633e76b28f651c468c325ffa

SHA1
09d25b2c1becbf93295d9f797cf0b4c7b15cd269

SHA256
4b4132f86a8cfff476be57638891919210eb29ad92be3645e5bef866dbdb2996

SHA512
46f2e6119aeb6ae32eb06c1257aba7847a4259da03a26699627c9316c2146daf8e280df21da6d2c7a4b1729b7f9cd80129480dae341ec0798936439e6b66a5e4

Download Submit
C:\Windows\SysWOW64\whvdfpt.exe

Filesize
96KB

MD5
0aa0140c633e76b28f651c468c325ffa

SHA1
09d25b2c1becbf93295d9f797cf0b4c7b15cd269

SHA256
4b4132f86a8cfff476be57638891919210eb29ad92be3645e5bef866dbdb2996

SHA512
46f2e6119aeb6ae32eb06c1257aba7847a4259da03a26699627c9316c2146daf8e280df21da6d2c7a4b1729b7f9cd80129480dae341ec0798936439e6b66a5e4

Download Submit
C:\Windows\SysWOW64\wjdna.exe

Filesize
96KB

MD5
8230f6dcbf45c99c2209cdce8c90d6f0

SHA1
d77598d156116459994cdb4422f590ad655b7952

SHA256
9e463b86875a1fd383f6ec1c2566adf0e86c776fcfa5a301735ceeabc0c3458d

SHA512
fb2f563596d4acfb173935734de4fa49d785c2699ec8580b98b6ed6d3723f2786d2e2bcdd8876da7144ffd705708ea110848093f0b22827438160390bce16d1f

Download Submit
C:\Windows\SysWOW64\wjdna.exe

Filesize
96KB

MD5
8230f6dcbf45c99c2209cdce8c90d6f0

SHA1
d77598d156116459994cdb4422f590ad655b7952

SHA256
9e463b86875a1fd383f6ec1c2566adf0e86c776fcfa5a301735ceeabc0c3458d

SHA512
fb2f563596d4acfb173935734de4fa49d785c2699ec8580b98b6ed6d3723f2786d2e2bcdd8876da7144ffd705708ea110848093f0b22827438160390bce16d1f

Download Submit
C:\Windows\SysWOW64\wjdwy.exe

Filesize
95KB

MD5
6da9bf11af19871229175cef2c18155f

SHA1
a23e8dc98ff1729a3bd7a32f7bcbbb57d6702af6

SHA256
a2222dd8bce361bd57a24746ae7c0ce839549dd8805233d72e0484447350a22b

SHA512
2b641cbcee87ecc828f3bfac60320fca80cbab97ea99a8b4bd58ae7f9f4eb005a7a497c506410b7fa5b027809ae9840838e6e4a82dc5b66c847b81474a70e8f8

Download Submit
C:\Windows\SysWOW64\wjdwy.exe

Filesize
95KB

MD5
6da9bf11af19871229175cef2c18155f

SHA1
a23e8dc98ff1729a3bd7a32f7bcbbb57d6702af6

SHA256
a2222dd8bce361bd57a24746ae7c0ce839549dd8805233d72e0484447350a22b

SHA512
2b641cbcee87ecc828f3bfac60320fca80cbab97ea99a8b4bd58ae7f9f4eb005a7a497c506410b7fa5b027809ae9840838e6e4a82dc5b66c847b81474a70e8f8

Download Submit
C:\Windows\SysWOW64\wjdwy.exe

Filesize
95KB

MD5
6da9bf11af19871229175cef2c18155f

SHA1
a23e8dc98ff1729a3bd7a32f7bcbbb57d6702af6

SHA256
a2222dd8bce361bd57a24746ae7c0ce839549dd8805233d72e0484447350a22b

SHA512
2b641cbcee87ecc828f3bfac60320fca80cbab97ea99a8b4bd58ae7f9f4eb005a7a497c506410b7fa5b027809ae9840838e6e4a82dc5b66c847b81474a70e8f8

Download Submit
C:\Windows\SysWOW64\wje.exe

Filesize
96KB

MD5
ae28222611f0780e54ef6a1bfed97d44

SHA1
1d8245856441ced9757d0bd03548e7bddb21108d

SHA256
e6725b4eeb59bbaaba3adecefc9e8dc0d2ac0d396f241e22238080e43aea0d52

SHA512
82143426472bbfbe9cbc58545142da5866134fc5de92a51648f4fea52e0609927865c28bd60b3f6261430e9714f49f34a147f50110dea34dbaa1018af938723b

Download Submit
C:\Windows\SysWOW64\wje.exe

Filesize
96KB

MD5
ae28222611f0780e54ef6a1bfed97d44

SHA1
1d8245856441ced9757d0bd03548e7bddb21108d

SHA256
e6725b4eeb59bbaaba3adecefc9e8dc0d2ac0d396f241e22238080e43aea0d52

SHA512
82143426472bbfbe9cbc58545142da5866134fc5de92a51648f4fea52e0609927865c28bd60b3f6261430e9714f49f34a147f50110dea34dbaa1018af938723b

Download Submit
C:\Windows\SysWOW64\wjnuwkt.exe

Filesize
95KB

MD5
a88b6bb8dfe2afa6b9294fbf2b56fb9a

SHA1
7a5b00d3ac4df298bc7658bd021339d71fc51ad9

SHA256
31957acd18e7d830c7612c65c3821432a574d67df4169ddc9d86087057cdaafc

SHA512
0c4215c2d6ce476ef6b3eed425ea5ec9bdb705e6510ab8efcf64d838ef52720202b6671d48cfaea40381dda347b297f0386ed6a89a52113888831ba860f38471

Download Submit
C:\Windows\SysWOW64\wjnuwkt.exe

Filesize
95KB

MD5
a88b6bb8dfe2afa6b9294fbf2b56fb9a

SHA1
7a5b00d3ac4df298bc7658bd021339d71fc51ad9

SHA256
31957acd18e7d830c7612c65c3821432a574d67df4169ddc9d86087057cdaafc

SHA512
0c4215c2d6ce476ef6b3eed425ea5ec9bdb705e6510ab8efcf64d838ef52720202b6671d48cfaea40381dda347b297f0386ed6a89a52113888831ba860f38471

Download Submit
C:\Windows\SysWOW64\wmhkvuul.exe

Filesize
96KB

MD5
30be9a9d5950dce8d4b6d2ca963c8da1

SHA1
4d7c74b18d0272b2040f2c3a69f3316aedb267ac

SHA256
19b35e97159f8f77b0521f81d107cfb5cc2859e9a0fbff3e27695e2be1f14bd4

SHA512
23340a103d2991cb22ffe4030399900e9fd390c6fbeea7a61df07a00f16d410e4d791ba27f89b14531e898422824636af521476ebec1b020e62d567ea4e105a6

Download Submit
C:\Windows\SysWOW64\wmhkvuul.exe

Filesize
96KB

MD5
30be9a9d5950dce8d4b6d2ca963c8da1

SHA1
4d7c74b18d0272b2040f2c3a69f3316aedb267ac

SHA256
19b35e97159f8f77b0521f81d107cfb5cc2859e9a0fbff3e27695e2be1f14bd4

SHA512
23340a103d2991cb22ffe4030399900e9fd390c6fbeea7a61df07a00f16d410e4d791ba27f89b14531e898422824636af521476ebec1b020e62d567ea4e105a6

Download Submit
C:\Windows\SysWOW64\wmybuep.exe

Filesize
95KB

MD5
c8bbd0de9dd09469544c91254bc42726

SHA1
72f379a6b9024d06c40d27ad7c42db57658b62e4

SHA256
3d4078fdba629525e732ed84b3d8c3ef4c5b410530ae39877a29af99e80f4b83

SHA512
a02c3f1e3cc5d40991501415495bdb4be4734be79cc205ef3fd9164e8bb386d7bbd3f76525539237ba6736a07ba45ecaadb40c1113391c644846aabd734ec30e

Download Submit
C:\Windows\SysWOW64\wmybuep.exe

Filesize
95KB

MD5
c8bbd0de9dd09469544c91254bc42726

SHA1
72f379a6b9024d06c40d27ad7c42db57658b62e4

SHA256
3d4078fdba629525e732ed84b3d8c3ef4c5b410530ae39877a29af99e80f4b83

SHA512
a02c3f1e3cc5d40991501415495bdb4be4734be79cc205ef3fd9164e8bb386d7bbd3f76525539237ba6736a07ba45ecaadb40c1113391c644846aabd734ec30e

Download Submit
C:\Windows\SysWOW64\wmynwyg.exe

Filesize
95KB

MD5
1d4a4b65bca189055bf5190761b62b0c

SHA1
0507ec6d60d6baa5569c6d154241672424c2b8e7

SHA256
1ac8c9b95ff91f5881be28296e347cc5fbb17416294012ef6065e9d3d57d2a43

SHA512
21f2fca49fbfa64225524c007d6599850cab52b305444221ffb4fd17488fbb67b78d07ce52e760b30ae8c9a896a7c0323f4f50aa773d92caf487f982ace1cddf

Download Submit
C:\Windows\SysWOW64\wmynwyg.exe

Filesize
95KB

MD5
1d4a4b65bca189055bf5190761b62b0c

SHA1
0507ec6d60d6baa5569c6d154241672424c2b8e7

SHA256
1ac8c9b95ff91f5881be28296e347cc5fbb17416294012ef6065e9d3d57d2a43

SHA512
21f2fca49fbfa64225524c007d6599850cab52b305444221ffb4fd17488fbb67b78d07ce52e760b30ae8c9a896a7c0323f4f50aa773d92caf487f982ace1cddf

Download Submit
C:\Windows\SysWOW64\wnucug.exe

Filesize
96KB

MD5
68d47f7b664c36feddc59cdf9220f692

SHA1
29aeee0fea86d82dc8fbf8ac297e5a18f6b16846

SHA256
1add2ed53a81d63b23eaae68d7a95094420d1c400d7e7b47db635512263e11e1

SHA512
e704cdb6646e67d687c6483199298bcfb7c65f1e163249cb0223dd865f54a3d97600fa54177f0ac52b26983fdb0f6b0f57acc80eaf0344a3e282e39c657a4f3a

Download Submit
C:\Windows\SysWOW64\wnucug.exe

Filesize
96KB

MD5
68d47f7b664c36feddc59cdf9220f692

SHA1
29aeee0fea86d82dc8fbf8ac297e5a18f6b16846

SHA256
1add2ed53a81d63b23eaae68d7a95094420d1c400d7e7b47db635512263e11e1

SHA512
e704cdb6646e67d687c6483199298bcfb7c65f1e163249cb0223dd865f54a3d97600fa54177f0ac52b26983fdb0f6b0f57acc80eaf0344a3e282e39c657a4f3a

Download Submit
C:\Windows\SysWOW64\wodgpdm.exe

Filesize
95KB

MD5
660796ce62340ff2be892cf97f56b966

SHA1
85179efa01377ab07fc3066654168d3e4479cc10

SHA256
0c6d62060dd082c6741ff745e3cbdd077f8a6e2eaa7b83e1b4a6bce846b0b3d1

SHA512
eb11e36f83a18bbde1af6b7c0c20a26f226aa9e8c61f55acfe9c9f86dc6597b15981ccdcd4dd04c4aefaf4e167d3fda0be97249922efa0032decca2963510512

Download Submit
C:\Windows\SysWOW64\wodgpdm.exe

Filesize
95KB

MD5
660796ce62340ff2be892cf97f56b966

SHA1
85179efa01377ab07fc3066654168d3e4479cc10

SHA256
0c6d62060dd082c6741ff745e3cbdd077f8a6e2eaa7b83e1b4a6bce846b0b3d1

SHA512
eb11e36f83a18bbde1af6b7c0c20a26f226aa9e8c61f55acfe9c9f86dc6597b15981ccdcd4dd04c4aefaf4e167d3fda0be97249922efa0032decca2963510512

Download Submit
C:\Windows\SysWOW64\woeqf.exe

Filesize
95KB

MD5
65d3ea5c4a9e3b0f015b64838cd3140a

SHA1
a83ebb5b4239af2648fdef83d80809ea616ffdfe

SHA256
37560296083143e98ded86d13cdb8cffe608a25802c1b83ebfe8b05e64777ee7

SHA512
6c7f68dfb4b5e9b977e76eb7e94c964e249a09c5ec7dd0e0a8d8f31106ae18a1236ba5346de7ced8a15ba8c3e579dd3e358ab9fdec1dc88c3cf496525fabd069

Download Submit
C:\Windows\SysWOW64\woeqf.exe

Filesize
95KB

MD5
65d3ea5c4a9e3b0f015b64838cd3140a

SHA1
a83ebb5b4239af2648fdef83d80809ea616ffdfe

SHA256
37560296083143e98ded86d13cdb8cffe608a25802c1b83ebfe8b05e64777ee7

SHA512
6c7f68dfb4b5e9b977e76eb7e94c964e249a09c5ec7dd0e0a8d8f31106ae18a1236ba5346de7ced8a15ba8c3e579dd3e358ab9fdec1dc88c3cf496525fabd069

Download Submit
C:\Windows\SysWOW64\wpkoxo.exe

Filesize
96KB

MD5
f2dcf5013a48b41bc26347c7125b494c

SHA1
2ca2e75b25d4d242afd2fa4fd89a6b3d7ceb49f9

SHA256
010974562a0a685ca6a5dd44b70bcaa1da814c423f1ac628a14d86d4a04b97b8

SHA512
a0e17d8fc203e62dd52a271cec614f8e8ba4e9a26f3b10e3ad67302ade3a3d7550635ddb3532542013bb5f55d72c357d5bfd2f931f1d3a7b4660563eafe54199

Download Submit
C:\Windows\SysWOW64\wpkoxo.exe

Filesize
96KB

MD5
f2dcf5013a48b41bc26347c7125b494c

SHA1
2ca2e75b25d4d242afd2fa4fd89a6b3d7ceb49f9

SHA256
010974562a0a685ca6a5dd44b70bcaa1da814c423f1ac628a14d86d4a04b97b8

SHA512
a0e17d8fc203e62dd52a271cec614f8e8ba4e9a26f3b10e3ad67302ade3a3d7550635ddb3532542013bb5f55d72c357d5bfd2f931f1d3a7b4660563eafe54199

Download Submit
C:\Windows\SysWOW64\wqeejnv.exe

Filesize
95KB

MD5
a34fa1dc758f6841743763d81c7fd0a8

SHA1
f34dd69f9bd62f7c45e8f048aaa0a4cf4c9f4605

SHA256
d10b9e56808c7d4dd44811645525808d0c78bac58cbc7dac376e935446981a37

SHA512
0dec4d6b31761757d890c52a71d91d86de6265a9a88bc0bd22b8e415a6f5ae29b7b03728775094e394c527ec6f5d71c99543b3ed475a20540716718ea4dfe5a9

Download Submit
C:\Windows\SysWOW64\wqeejnv.exe

Filesize
95KB

MD5
a34fa1dc758f6841743763d81c7fd0a8

SHA1
f34dd69f9bd62f7c45e8f048aaa0a4cf4c9f4605

SHA256
d10b9e56808c7d4dd44811645525808d0c78bac58cbc7dac376e935446981a37

SHA512
0dec4d6b31761757d890c52a71d91d86de6265a9a88bc0bd22b8e415a6f5ae29b7b03728775094e394c527ec6f5d71c99543b3ed475a20540716718ea4dfe5a9

Download Submit
C:\Windows\SysWOW64\wquaxbv.exe

Filesize
96KB

MD5
02491b0af4c9c1ca32b88aa8996a360c

SHA1
a81b1b2dbbc71b71a3af77d6a537fe059148982f

SHA256
7c6e36224b39bb58a7fd7dd80c2cfb0228ae78cb4f18ad4010bcfba81f55d827

SHA512
468b1f16be89f9f9ea9cd4bcfa61557272a34fb4eb4a1c4f6e88fd3a1c20105792a6c5e71a773310e71b6908e068c88fce51e8714fd8339604fa2924a08df10b

Download Submit
C:\Windows\SysWOW64\wquaxbv.exe

Filesize
96KB

MD5
02491b0af4c9c1ca32b88aa8996a360c

SHA1
a81b1b2dbbc71b71a3af77d6a537fe059148982f

SHA256
7c6e36224b39bb58a7fd7dd80c2cfb0228ae78cb4f18ad4010bcfba81f55d827

SHA512
468b1f16be89f9f9ea9cd4bcfa61557272a34fb4eb4a1c4f6e88fd3a1c20105792a6c5e71a773310e71b6908e068c88fce51e8714fd8339604fa2924a08df10b

Download Submit
C:\Windows\SysWOW64\wsddffnv.exe

Filesize
95KB

MD5
90f9ef690f1888a2f9c9ec3ae5104a7e

SHA1
ababe1dc17019d168def69b8dbf848902655109a

SHA256
e4a4da7e69ecbb31a249b8328059bfc9aaa1e6b234aba0e47f94ff278fa6b768

SHA512
382d001a9ec6306b379d2b0a8ad2639cfc5e2ad22f6cf9ff936d1b45fcbb0edfcf5a184ccd0ae8aa54edeb4b298620fd5425e3c8c3ace64e4039c50e1da18664

Download Submit
C:\Windows\SysWOW64\wsddffnv.exe

Filesize
95KB

MD5
90f9ef690f1888a2f9c9ec3ae5104a7e

SHA1
ababe1dc17019d168def69b8dbf848902655109a

SHA256
e4a4da7e69ecbb31a249b8328059bfc9aaa1e6b234aba0e47f94ff278fa6b768

SHA512
382d001a9ec6306b379d2b0a8ad2639cfc5e2ad22f6cf9ff936d1b45fcbb0edfcf5a184ccd0ae8aa54edeb4b298620fd5425e3c8c3ace64e4039c50e1da18664

Download Submit
C:\Windows\SysWOW64\wsmgksp.exe

Filesize
96KB

MD5
3f09b21a2923f8ae978abc2777258532

SHA1
9ec5e2a37d26bf362cfa900d4236d06d1510e87b

SHA256
366530f68a5701fa8bcfd409e33e65bff11f7871c7b4a5a0891b4edf73150014

SHA512
0f6743dffe1e9b7359a67745c5b1e6b6b70c8918101fb3c94f4805efc52e3f60d38ee7bcf32923a09c0bf8c4585a1827567e35d059451f076a914896727a8451

Download Submit
C:\Windows\SysWOW64\wsmgksp.exe

Filesize
96KB

MD5
3f09b21a2923f8ae978abc2777258532

SHA1
9ec5e2a37d26bf362cfa900d4236d06d1510e87b

SHA256
366530f68a5701fa8bcfd409e33e65bff11f7871c7b4a5a0891b4edf73150014

SHA512
0f6743dffe1e9b7359a67745c5b1e6b6b70c8918101fb3c94f4805efc52e3f60d38ee7bcf32923a09c0bf8c4585a1827567e35d059451f076a914896727a8451

Download Submit
C:\Windows\SysWOW64\wsuvfm.exe

Filesize
95KB

MD5
bdf12832e4ce66eadd54871abeab4331

SHA1
f14b50961e856cd87caead447ca71fc75a4d4d78

SHA256
099487f303b9420a0b988233af6e0983f6ace016ad0bc3e1042edac2bf8d7544

SHA512
4782b11542513b7fbac5498a6dfb8c81f039bcb150ee6995393e2aab5a7402d21560da039503ce1fa88e49fb2278196322a9750cbe54e5a700c96d1f84b34540

Download Submit
C:\Windows\SysWOW64\wsuvfm.exe

Filesize
95KB

MD5
bdf12832e4ce66eadd54871abeab4331

SHA1
f14b50961e856cd87caead447ca71fc75a4d4d78

SHA256
099487f303b9420a0b988233af6e0983f6ace016ad0bc3e1042edac2bf8d7544

SHA512
4782b11542513b7fbac5498a6dfb8c81f039bcb150ee6995393e2aab5a7402d21560da039503ce1fa88e49fb2278196322a9750cbe54e5a700c96d1f84b34540

Download Submit
C:\Windows\SysWOW64\wtgla.exe

Filesize
95KB

MD5
d04996933da35f20875e0b54ab04d437

SHA1
0b22be537e704f7818ab27e86385de0b50fc6750

SHA256
8e42826c56a6cae00e8297b0adfc9d83cba4e7b9398b2cb9177101c6f458be28

SHA512
e754e40f0b3cfb034035952548f0a050c8e5d6a2e39da556b20c13ef7380f9a61b362981d693779f8e424542f052b2d663c66e361c5f14148b92fc7e69e3c8fc

Download Submit
C:\Windows\SysWOW64\wtgla.exe

Filesize
95KB

MD5
d04996933da35f20875e0b54ab04d437

SHA1
0b22be537e704f7818ab27e86385de0b50fc6750

SHA256
8e42826c56a6cae00e8297b0adfc9d83cba4e7b9398b2cb9177101c6f458be28

SHA512
e754e40f0b3cfb034035952548f0a050c8e5d6a2e39da556b20c13ef7380f9a61b362981d693779f8e424542f052b2d663c66e361c5f14148b92fc7e69e3c8fc

Download Submit
C:\Windows\SysWOW64\wtoo.exe

Filesize
96KB

MD5
8a39dd348a94b8872c51f186017d1ac1

SHA1
df7b2292a0f8cacd0e379643d13b16fb4616f718

SHA256
c554b0e9b4932b892f71fb58493638e9e1a7261133bf2bd058be13a3f4afe65f

SHA512
fadfd9c1dd1aec6e6584ea1ea8c9d5576f5ad05b286fd26a26694e04839a571e6774133828d134846df4bee42792769264e3015fb0351dc0604a25bb07f84c55

Download Submit
C:\Windows\SysWOW64\wtoo.exe

Filesize
96KB

MD5
8a39dd348a94b8872c51f186017d1ac1

SHA1
df7b2292a0f8cacd0e379643d13b16fb4616f718

SHA256
c554b0e9b4932b892f71fb58493638e9e1a7261133bf2bd058be13a3f4afe65f

SHA512
fadfd9c1dd1aec6e6584ea1ea8c9d5576f5ad05b286fd26a26694e04839a571e6774133828d134846df4bee42792769264e3015fb0351dc0604a25bb07f84c55

Download Submit
C:\Windows\SysWOW64\wtyi.exe

Filesize
95KB

MD5
80a1c7e4edbc33b7055095edc46040e1

SHA1
d8b1f9d91a0d0d3d05d9895ff9cd2f6b22cc790f

SHA256
0ce903987be258d02561ca7b203c4c1fcb43debc77a6b9ce3f37a6b2a359b91f

SHA512
4de77e6cf914ff9f118e7e6cecd1545bb1471d1b3e1ca2713f9a4033f2c1d833f3d7cc1ae011dfc7c3d1cc693d24c51118d1d8ca6c01f252288cf8c378b50f99

Download Submit
C:\Windows\SysWOW64\wtyi.exe

Filesize
95KB

MD5
80a1c7e4edbc33b7055095edc46040e1

SHA1
d8b1f9d91a0d0d3d05d9895ff9cd2f6b22cc790f

SHA256
0ce903987be258d02561ca7b203c4c1fcb43debc77a6b9ce3f37a6b2a359b91f

SHA512
4de77e6cf914ff9f118e7e6cecd1545bb1471d1b3e1ca2713f9a4033f2c1d833f3d7cc1ae011dfc7c3d1cc693d24c51118d1d8ca6c01f252288cf8c378b50f99

Download Submit
C:\Windows\SysWOW64\wufku.exe

Filesize
95KB

MD5
2f5697eb5432a78fcccf6879f50de0a5

SHA1
b63b993279c75467ea5c516d9cb62f02a68a4d28

SHA256
e692db1fa581d8550624e522c1a2e7dfc0ca19eb68fedd2037708c164db25410

SHA512
67e03d755655842c8af9c766e6e99a80538932b171bd0f65a740e4f775979f05bc425ed9f1008189ff2af8b9b97ee6ae39ce9a5f77f4e7b5a37c5e6d7bbdb12f

Download Submit
C:\Windows\SysWOW64\wufku.exe

Filesize
95KB

MD5
2f5697eb5432a78fcccf6879f50de0a5

SHA1
b63b993279c75467ea5c516d9cb62f02a68a4d28

SHA256
e692db1fa581d8550624e522c1a2e7dfc0ca19eb68fedd2037708c164db25410

SHA512
67e03d755655842c8af9c766e6e99a80538932b171bd0f65a740e4f775979f05bc425ed9f1008189ff2af8b9b97ee6ae39ce9a5f77f4e7b5a37c5e6d7bbdb12f

Download Submit
C:\Windows\SysWOW64\wulyest.exe

Filesize
95KB

MD5
5b14277d82fda2efaa9ec9a871a79eca

SHA1
34d196fe6be0d47be0932b28422a12514842d77d

SHA256
45e1094bd777357790ce327c0fa782c2286ac100e50a1068cbd5135c5f4a7ec2

SHA512
002c8721e13d543e66b0b1e27dc61e378758f4ca73bc65099be2bb582e48584433404518604bd71c67c229ef680083b467d4016861c18a8b26bb13979d7e84f3

Download Submit
C:\Windows\SysWOW64\wulyest.exe

Filesize
95KB

MD5
5b14277d82fda2efaa9ec9a871a79eca

SHA1
34d196fe6be0d47be0932b28422a12514842d77d

SHA256
45e1094bd777357790ce327c0fa782c2286ac100e50a1068cbd5135c5f4a7ec2

SHA512
002c8721e13d543e66b0b1e27dc61e378758f4ca73bc65099be2bb582e48584433404518604bd71c67c229ef680083b467d4016861c18a8b26bb13979d7e84f3

Download Submit
C:\Windows\SysWOW64\wxkqaw.exe

Filesize
96KB

MD5
5acce764716a4ec373c67de3fe3fc800

SHA1
338503acbec8bb0f21819abd1e42e8298bbfb583

SHA256
2e74be22c6bc75b044cef0483e2625ade2951a5ada08b5a691e01e2953fb1671

SHA512
992a9798844f7fda5f71f353353978871355cba1c06984989eaced37b42031cabd9f3b67dc9fe5e8fb9a36217c2e1776af450917068210c7f0aa48efae8704fc

Download Submit
C:\Windows\SysWOW64\wxkqaw.exe

Filesize
96KB

MD5
5acce764716a4ec373c67de3fe3fc800

SHA1
338503acbec8bb0f21819abd1e42e8298bbfb583

SHA256
2e74be22c6bc75b044cef0483e2625ade2951a5ada08b5a691e01e2953fb1671

SHA512
992a9798844f7fda5f71f353353978871355cba1c06984989eaced37b42031cabd9f3b67dc9fe5e8fb9a36217c2e1776af450917068210c7f0aa48efae8704fc

Download Submit
memory/228-364-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/400-274-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/456-492-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/560-53-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/848-284-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1144-340-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1156-153-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1272-244-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1384-388-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1420-348-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1424-214-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1436-73-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1692-484-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1696-452-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1828-500-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1852-202-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1856-143-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1864-133-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1892-508-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1892-412-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1960-183-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2044-0-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2044-11-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2044-1-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2212-559-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2348-264-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2372-254-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2808-396-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2852-314-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2872-380-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3336-527-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3336-428-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3336-332-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3340-93-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3364-83-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3396-420-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3444-103-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3632-543-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3788-535-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3856-356-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3864-42-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3912-444-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3952-294-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3996-163-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4164-63-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4240-123-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4284-476-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4316-468-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4336-32-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4496-519-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4504-224-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4520-372-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4540-22-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4636-304-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4636-404-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4636-204-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4704-234-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4712-460-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4968-324-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4980-436-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4988-551-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/5072-113-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/5108-173-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download