58c9a81f103a38283dfd69749c0d1886dc9dfde5f633ec4b2a8f57f939c38f05

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28-04-2024 21:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

58c9a81f103a38283dfd69749c0d1886dc9dfde5f633ec4b2a8f57f939c38f05.exe
Size

447KB
MD5

6c174ad268701e2f55a6f94cddd36c66
SHA1

0fd8066ac8df6df126edc04fa8af26164267b303
SHA256

58c9a81f103a38283dfd69749c0d1886dc9dfde5f633ec4b2a8f57f939c38f05
SHA512

e27700946caa3cbefe1186df35556dbf7d62cf1d0bd3a017ffe5748eee462a2b1b4cca35b169ff225e5e59ecba06edc60084db495c9bc27a680a44b422b96e12
SSDEEP

12288:QT6SZhP46SCTbSwgS1IaPRJbDh4i0vm4OsKN5sTuGZ0:QThhP46SCTbSwgS1IaPRJbDh4i0vm4OJ

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2524	cmd.exe

Executes dropped EXE 64 IoCs

pid	Process
2640	wnul.exe
2428	wvcitx.exe
2716	wspg.exe
2584	wqqu.exe
2192	wlof.exe
708	wicev.exe
2560	wlkpafq.exe
2236	wnwlx.exe
2552	wpxjv.exe
2568	wsqig.exe
1380	weiwy.exe
2704	woclrj.exe
344	wbtcmex.exe
2772	wwupmbd.exe
1424	wmxmdp.exe
1280	wgxyx.exe
3064	welwfi.exe
1540	wpoxeep.exe
892	wjfegj.exe
2648	wxjax.exe
2596	wnbmikr.exe
1276	wfakxumaw.exe
1700	wcsa.exe
1420	wagyf.exe
452	wxine.exe
292	wauhcbx.exe
1628	wbhdaosiv.exe
356	wcsyxemd.exe
2948	wahjwfa.exe
2564	wpqgbr.exe
1864	weismest.exe
2316	wpaif.exe
560	wnnhmw.exe
404	wtvog.exe
2296	woxio.exe
1172	wglkemadu.exe
108	wrdyxi.exe
2688	whgvovhvq.exe
2896	wejknsmng.exe
1600	wodbogcux.exe
1864	wbjhb.exe
2344	wbhnfrfwx.exe
2288	whyiwt.exe
1176	wsqx.exe
1984	wrrn.exe
2496	wkgpgsmx.exe
2372	wdw.exe
2476	wsmcel.exe
1512	wnclgpcxr.exe
1264	wxglgmw.exe
1916	wqidprw.exe
1736	wgapyfjt.exe
972	wachijmv.exe
2288	wsfyqon.exe
1968	wnhryvo.exe
276	whjjiap.exe
2496	wvmgyo.exe
2880	wjpojfkpn.exe
1676	wisbhc.exe
1196	wwuxyqmr.exe
2420	wpian.exe
1644	wbpfb.exe
2164	wusxj.exe
1660	wnfaxdktd.exe

Loads dropped DLL 64 IoCs

pid	Process
1952	58c9a81f103a38283dfd69749c0d1886dc9dfde5f633ec4b2a8f57f939c38f05.exe
1952	58c9a81f103a38283dfd69749c0d1886dc9dfde5f633ec4b2a8f57f939c38f05.exe
1952	58c9a81f103a38283dfd69749c0d1886dc9dfde5f633ec4b2a8f57f939c38f05.exe
1952	58c9a81f103a38283dfd69749c0d1886dc9dfde5f633ec4b2a8f57f939c38f05.exe
2640	wnul.exe
2640	wnul.exe
2640	wnul.exe
2640	wnul.exe
2428	wvcitx.exe
2428	wvcitx.exe
2428	wvcitx.exe
2428	wvcitx.exe
2716	wspg.exe
2716	wspg.exe
2716	wspg.exe
2716	wspg.exe
2584	wqqu.exe
2584	wqqu.exe
2584	wqqu.exe
2584	wqqu.exe
2192	wlof.exe
2192	wlof.exe
2192	wlof.exe
2192	wlof.exe
708	wicev.exe
708	wicev.exe
708	wicev.exe
708	wicev.exe
2560	wlkpafq.exe
2560	wlkpafq.exe
2560	wlkpafq.exe
2560	wlkpafq.exe
2236	wnwlx.exe
2236	wnwlx.exe
2236	wnwlx.exe
2236	wnwlx.exe
2552	wpxjv.exe
2552	wpxjv.exe
2552	wpxjv.exe
2552	wpxjv.exe
2568	wsqig.exe
2568	wsqig.exe
2568	wsqig.exe
2568	wsqig.exe
1380	weiwy.exe
1380	weiwy.exe
1380	weiwy.exe
1380	weiwy.exe
2704	woclrj.exe
2704	woclrj.exe
2704	woclrj.exe
2704	woclrj.exe
344	wbtcmex.exe
344	wbtcmex.exe
344	wbtcmex.exe
344	wbtcmex.exe
2772	wwupmbd.exe
2772	wwupmbd.exe
2772	wwupmbd.exe
2772	wwupmbd.exe
1424	wmxmdp.exe
1424	wmxmdp.exe
1424	wmxmdp.exe
1424	wmxmdp.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\wmxmdp.exe	wwupmbd.exe
File opened for modification	C:\Windows\SysWOW64\wsmcel.exe	wdw.exe
File opened for modification	C:\Windows\SysWOW64\wnclgpcxr.exe	wsmcel.exe
File created	C:\Windows\SysWOW64\wqidprw.exe	wxglgmw.exe
File created	C:\Windows\SysWOW64\wqqu.exe	wspg.exe
File created	C:\Windows\SysWOW64\welwfi.exe	wgxyx.exe
File opened for modification	C:\Windows\SysWOW64\wcsyxemd.exe	wbhdaosiv.exe
File opened for modification	C:\Windows\SysWOW64\wpqgbr.exe	wahjwfa.exe
File opened for modification	C:\Windows\SysWOW64\woclrj.exe	weiwy.exe
File opened for modification	C:\Windows\SysWOW64\wnjvga.exe	wxdtd.exe
File opened for modification	C:\Windows\SysWOW64\wmftkxa.exe	wnjvga.exe
File created	C:\Windows\SysWOW64\wlvxulnuw.exe	witnewf.exe
File created	C:\Windows\SysWOW64\wglkemadu.exe	woxio.exe
File created	C:\Windows\SysWOW64\wejknsmng.exe	whgvovhvq.exe
File opened for modification	C:\Windows\SysWOW64\wnhryvo.exe	wsfyqon.exe
File opened for modification	C:\Windows\SysWOW64\wlvxulnuw.exe	witnewf.exe
File opened for modification	C:\Windows\SysWOW64\wnwkmy.exe	wlvxulnuw.exe
File created	C:\Windows\SysWOW64\wprhrrrt.exe	wsptrvne.exe
File created	C:\Windows\SysWOW64\wmdyqrc.exe	wppdxnp.exe
File opened for modification	C:\Windows\SysWOW64\wsqig.exe	wpxjv.exe
File created	C:\Windows\SysWOW64\wbpfb.exe	wpian.exe
File created	C:\Windows\SysWOW64\wlof.exe	wqqu.exe
File opened for modification	C:\Windows\SysWOW64\wbhdaosiv.exe	wauhcbx.exe
File created	C:\Windows\SysWOW64\wodbogcux.exe	wejknsmng.exe
File opened for modification	C:\Windows\SysWOW64\wkgpgsmx.exe	wrrn.exe
File opened for modification	C:\Windows\SysWOW64\wfhwgmj.exe	wdtcixony.exe
File opened for modification	C:\Windows\SysWOW64\wisbhc.exe	wjpojfkpn.exe
File opened for modification	C:\Windows\SysWOW64\wppdxnp.exe	wmftkxa.exe
File created	C:\Windows\SysWOW64\wnclgpcxr.exe	wsmcel.exe
File created	C:\Windows\SysWOW64\weismest.exe	wpqgbr.exe
File opened for modification	C:\Windows\SysWOW64\wdtcixony.exe	wwtvaq.exe
File opened for modification	C:\Windows\SysWOW64\wagyf.exe	wcsa.exe
File created	C:\Windows\SysWOW64\wyllik.exe	wfjsbf.exe
File opened for modification	C:\Windows\SysWOW64\wtvog.exe	wnnhmw.exe
File opened for modification	C:\Windows\SysWOW64\wsksue.exe	wuuobhx.exe
File created	C:\Windows\SysWOW64\wuxosslab.exe	wsksue.exe
File opened for modification	C:\Windows\SysWOW64\wywen.exe	wwjjph.exe
File opened for modification	C:\Windows\SysWOW64\wwpveahsy.exe	wpakv.exe
File created	C:\Windows\SysWOW64\wlkpafq.exe	wicev.exe
File opened for modification	C:\Windows\SysWOW64\wrdyxi.exe	wglkemadu.exe
File opened for modification	C:\Windows\SysWOW64\wejknsmng.exe	whgvovhvq.exe
File opened for modification	C:\Windows\SysWOW64\wqqu.exe	wspg.exe
File created	C:\Windows\SysWOW64\wjfegj.exe	wpoxeep.exe
File created	C:\Windows\SysWOW64\woxio.exe	wtvog.exe
File created	C:\Windows\SysWOW64\wkgpgsmx.exe	wrrn.exe
File opened for modification	C:\Windows\SysWOW64\wfjsbf.exe	wprhrrrt.exe
File created	C:\Windows\SysWOW64\whyiwt.exe	wbhnfrfwx.exe
File created	C:\Windows\SysWOW64\wwpveahsy.exe	wpakv.exe
File created	C:\Windows\SysWOW64\wfhwgmj.exe	wdtcixony.exe
File opened for modification	C:\Windows\SysWOW64\woxskhdf.exe	wmdyqrc.exe
File created	C:\Windows\SysWOW64\woclrj.exe	weiwy.exe
File created	C:\Windows\SysWOW64\wfjsbf.exe	wprhrrrt.exe
File opened for modification	C:\Windows\SysWOW64\wpian.exe	wwuxyqmr.exe
File created	C:\Windows\SysWOW64\wxdtd.exe	wecdui.exe
File opened for modification	C:\Windows\SysWOW64\wodbogcux.exe	wejknsmng.exe
File created	C:\Windows\SysWOW64\wdw.exe	wkgpgsmx.exe
File created	C:\Windows\SysWOW64\wmdnieb.exe	wjpub.exe
File created	C:\Windows\SysWOW64\wsqig.exe	wpxjv.exe
File created	C:\Windows\SysWOW64\whgvovhvq.exe	wrdyxi.exe
File created	C:\Windows\SysWOW64\wjpojfkpn.exe	wvmgyo.exe
File created	C:\Windows\SysWOW64\wpian.exe	wwuxyqmr.exe
File created	C:\Windows\SysWOW64\wixi.exe	wnfaxdktd.exe
File opened for modification	C:\Windows\SysWOW64\wixi.exe	wnfaxdktd.exe
File created	C:\Windows\SysWOW64\wpxjv.exe	wnwlx.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2568	2688	WerFault.exe	142
2308	972	WerFault.exe	189

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1952 wrote to memory of 2640	1952	58c9a81f103a38283dfd69749c0d1886dc9dfde5f633ec4b2a8f57f939c38f05.exe	28
PID 1952 wrote to memory of 2640	1952	58c9a81f103a38283dfd69749c0d1886dc9dfde5f633ec4b2a8f57f939c38f05.exe	28
PID 1952 wrote to memory of 2640	1952	58c9a81f103a38283dfd69749c0d1886dc9dfde5f633ec4b2a8f57f939c38f05.exe	28
PID 1952 wrote to memory of 2640	1952	58c9a81f103a38283dfd69749c0d1886dc9dfde5f633ec4b2a8f57f939c38f05.exe	28
PID 1952 wrote to memory of 2524	1952	58c9a81f103a38283dfd69749c0d1886dc9dfde5f633ec4b2a8f57f939c38f05.exe	29
PID 1952 wrote to memory of 2524	1952	58c9a81f103a38283dfd69749c0d1886dc9dfde5f633ec4b2a8f57f939c38f05.exe	29
PID 1952 wrote to memory of 2524	1952	58c9a81f103a38283dfd69749c0d1886dc9dfde5f633ec4b2a8f57f939c38f05.exe	29
PID 1952 wrote to memory of 2524	1952	58c9a81f103a38283dfd69749c0d1886dc9dfde5f633ec4b2a8f57f939c38f05.exe	29
PID 2640 wrote to memory of 2428	2640	wnul.exe	31
PID 2640 wrote to memory of 2428	2640	wnul.exe	31
PID 2640 wrote to memory of 2428	2640	wnul.exe	31
PID 2640 wrote to memory of 2428	2640	wnul.exe	31
PID 2640 wrote to memory of 2408	2640	wnul.exe	32
PID 2640 wrote to memory of 2408	2640	wnul.exe	32
PID 2640 wrote to memory of 2408	2640	wnul.exe	32
PID 2640 wrote to memory of 2408	2640	wnul.exe	32
PID 2428 wrote to memory of 2716	2428	wvcitx.exe	34
PID 2428 wrote to memory of 2716	2428	wvcitx.exe	34
PID 2428 wrote to memory of 2716	2428	wvcitx.exe	34
PID 2428 wrote to memory of 2716	2428	wvcitx.exe	34
PID 2428 wrote to memory of 2248	2428	wvcitx.exe	35
PID 2428 wrote to memory of 2248	2428	wvcitx.exe	35
PID 2428 wrote to memory of 2248	2428	wvcitx.exe	35
PID 2428 wrote to memory of 2248	2428	wvcitx.exe	35
PID 2716 wrote to memory of 2584	2716	wspg.exe	37
PID 2716 wrote to memory of 2584	2716	wspg.exe	37
PID 2716 wrote to memory of 2584	2716	wspg.exe	37
PID 2716 wrote to memory of 2584	2716	wspg.exe	37
PID 2716 wrote to memory of 1248	2716	wspg.exe	38
PID 2716 wrote to memory of 1248	2716	wspg.exe	38
PID 2716 wrote to memory of 1248	2716	wspg.exe	38
PID 2716 wrote to memory of 1248	2716	wspg.exe	38
PID 2584 wrote to memory of 2192	2584	wqqu.exe	40
PID 2584 wrote to memory of 2192	2584	wqqu.exe	40
PID 2584 wrote to memory of 2192	2584	wqqu.exe	40
PID 2584 wrote to memory of 2192	2584	wqqu.exe	40
PID 2584 wrote to memory of 2224	2584	wqqu.exe	41
PID 2584 wrote to memory of 2224	2584	wqqu.exe	41
PID 2584 wrote to memory of 2224	2584	wqqu.exe	41
PID 2584 wrote to memory of 2224	2584	wqqu.exe	41
PID 2192 wrote to memory of 708	2192	wlof.exe	43
PID 2192 wrote to memory of 708	2192	wlof.exe	43
PID 2192 wrote to memory of 708	2192	wlof.exe	43
PID 2192 wrote to memory of 708	2192	wlof.exe	43
PID 2192 wrote to memory of 2172	2192	wlof.exe	44
PID 2192 wrote to memory of 2172	2192	wlof.exe	44
PID 2192 wrote to memory of 2172	2192	wlof.exe	44
PID 2192 wrote to memory of 2172	2192	wlof.exe	44
PID 708 wrote to memory of 2560	708	wicev.exe	46
PID 708 wrote to memory of 2560	708	wicev.exe	46
PID 708 wrote to memory of 2560	708	wicev.exe	46
PID 708 wrote to memory of 2560	708	wicev.exe	46
PID 708 wrote to memory of 780	708	wicev.exe	47
PID 708 wrote to memory of 780	708	wicev.exe	47
PID 708 wrote to memory of 780	708	wicev.exe	47
PID 708 wrote to memory of 780	708	wicev.exe	47
PID 2560 wrote to memory of 2236	2560	wlkpafq.exe	49
PID 2560 wrote to memory of 2236	2560	wlkpafq.exe	49
PID 2560 wrote to memory of 2236	2560	wlkpafq.exe	49
PID 2560 wrote to memory of 2236	2560	wlkpafq.exe	49
PID 2560 wrote to memory of 276	2560	wlkpafq.exe	50
PID 2560 wrote to memory of 276	2560	wlkpafq.exe	50
PID 2560 wrote to memory of 276	2560	wlkpafq.exe	50
PID 2560 wrote to memory of 276	2560	wlkpafq.exe	50

C:\Users\Admin\AppData\Local\Temp\58c9a81f103a38283dfd69749c0d1886dc9dfde5f633ec4b2a8f57f939c38f05.exe
"C:\Users\Admin\AppData\Local\Temp\58c9a81f103a38283dfd69749c0d1886dc9dfde5f633ec4b2a8f57f939c38f05.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1952
- C:\Windows\SysWOW64\wnul.exe
  "C:\Windows\system32\wnul.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2640
- - C:\Windows\SysWOW64\wvcitx.exe
    "C:\Windows\system32\wvcitx.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2428
  - - C:\Windows\SysWOW64\wspg.exe
      "C:\Windows\system32\wspg.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:2716
    - - C:\Windows\SysWOW64\wqqu.exe
        
        "C:\Windows\system32\wqqu.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2584
      - C:\Windows\SysWOW64\wlof.exe
        
        "C:\Windows\system32\wlof.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2192
        
        C:\Windows\SysWOW64\wicev.exe
        
        "C:\Windows\system32\wicev.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:708
        
        C:\Windows\SysWOW64\wlkpafq.exe
        
        "C:\Windows\system32\wlkpafq.exe"
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2560
        
        C:\Windows\SysWOW64\wnwlx.exe
        
        "C:\Windows\system32\wnwlx.exe"
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:2236
        
        C:\Windows\SysWOW64\wpxjv.exe
        
        "C:\Windows\system32\wpxjv.exe"
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:2552
        
        C:\Windows\SysWOW64\wsqig.exe
        
        "C:\Windows\system32\wsqig.exe"
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2568
        
        C:\Windows\SysWOW64\weiwy.exe
        
        "C:\Windows\system32\weiwy.exe"
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:1380
        
        C:\Windows\SysWOW64\woclrj.exe
        
        "C:\Windows\system32\woclrj.exe"
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2704
        
        C:\Windows\SysWOW64\wbtcmex.exe
        
        "C:\Windows\system32\wbtcmex.exe"
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:344
        
        C:\Windows\SysWOW64\wwupmbd.exe
        
        "C:\Windows\system32\wwupmbd.exe"
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:2772
        
        C:\Windows\SysWOW64\wmxmdp.exe
        
        "C:\Windows\system32\wmxmdp.exe"
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1424
        
        C:\Windows\SysWOW64\wgxyx.exe
        
        "C:\Windows\system32\wgxyx.exe"
        17⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1280
        
        C:\Windows\SysWOW64\welwfi.exe
        
        "C:\Windows\system32\welwfi.exe"
        18⤵
        Executes dropped EXE
        
        PID:3064
        
        C:\Windows\SysWOW64\wpoxeep.exe
        
        "C:\Windows\system32\wpoxeep.exe"
        19⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1540
        
        C:\Windows\SysWOW64\wjfegj.exe
        
        "C:\Windows\system32\wjfegj.exe"
        20⤵
        Executes dropped EXE
        
        PID:892
        
        C:\Windows\SysWOW64\wxjax.exe
        
        "C:\Windows\system32\wxjax.exe"
        21⤵
        Executes dropped EXE
        
        PID:2648
        
        C:\Windows\SysWOW64\wnbmikr.exe
        
        "C:\Windows\system32\wnbmikr.exe"
        22⤵
        Executes dropped EXE
        
        PID:2596
        
        C:\Windows\SysWOW64\wfakxumaw.exe
        
        "C:\Windows\system32\wfakxumaw.exe"
        23⤵
        Executes dropped EXE
        
        PID:1276
        
        C:\Windows\SysWOW64\wcsa.exe
        
        "C:\Windows\system32\wcsa.exe"
        24⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1700
        
        C:\Windows\SysWOW64\wagyf.exe
        
        "C:\Windows\system32\wagyf.exe"
        25⤵
        Executes dropped EXE
        
        PID:1420
        
        C:\Windows\SysWOW64\wxine.exe
        
        "C:\Windows\system32\wxine.exe"
        26⤵
        Executes dropped EXE
        
        PID:452
        
        C:\Windows\SysWOW64\wauhcbx.exe
        
        "C:\Windows\system32\wauhcbx.exe"
        27⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:292
        
        C:\Windows\SysWOW64\wbhdaosiv.exe
        
        "C:\Windows\system32\wbhdaosiv.exe"
        28⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1628
        
        C:\Windows\SysWOW64\wcsyxemd.exe
        
        "C:\Windows\system32\wcsyxemd.exe"
        29⤵
        Executes dropped EXE
        
        PID:356
        
        C:\Windows\SysWOW64\wahjwfa.exe
        
        "C:\Windows\system32\wahjwfa.exe"
        30⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2948
        
        C:\Windows\SysWOW64\wpqgbr.exe
        
        "C:\Windows\system32\wpqgbr.exe"
        31⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2564
        
        C:\Windows\SysWOW64\weismest.exe
        
        "C:\Windows\system32\weismest.exe"
        32⤵
        Executes dropped EXE
        
        PID:1864
        
        C:\Windows\SysWOW64\wpaif.exe
        
        "C:\Windows\system32\wpaif.exe"
        33⤵
        Executes dropped EXE
        
        PID:2316
        
        C:\Windows\SysWOW64\wnnhmw.exe
        
        "C:\Windows\system32\wnnhmw.exe"
        34⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:560
        
        C:\Windows\SysWOW64\wtvog.exe
        
        "C:\Windows\system32\wtvog.exe"
        35⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:404
        
        C:\Windows\SysWOW64\woxio.exe
        
        "C:\Windows\system32\woxio.exe"
        36⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2296
        
        C:\Windows\SysWOW64\wglkemadu.exe
        
        "C:\Windows\system32\wglkemadu.exe"
        37⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1172
        
        C:\Windows\SysWOW64\wrdyxi.exe
        
        "C:\Windows\system32\wrdyxi.exe"
        38⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:108
        
        C:\Windows\SysWOW64\whgvovhvq.exe
        
        "C:\Windows\system32\whgvovhvq.exe"
        39⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2688
        
        C:\Windows\SysWOW64\wejknsmng.exe
        
        "C:\Windows\system32\wejknsmng.exe"
        40⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2896
        
        C:\Windows\SysWOW64\wodbogcux.exe
        
        "C:\Windows\system32\wodbogcux.exe"
        41⤵
        Executes dropped EXE
        
        PID:1600
        
        C:\Windows\SysWOW64\wbjhb.exe
        
        "C:\Windows\system32\wbjhb.exe"
        42⤵
        Executes dropped EXE
        
        PID:1864
        
        C:\Windows\SysWOW64\wbhnfrfwx.exe
        
        "C:\Windows\system32\wbhnfrfwx.exe"
        43⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2344
        
        C:\Windows\SysWOW64\whyiwt.exe
        
        "C:\Windows\system32\whyiwt.exe"
        44⤵
        Executes dropped EXE
        
        PID:2288
        
        C:\Windows\SysWOW64\wsqx.exe
        
        "C:\Windows\system32\wsqx.exe"
        45⤵
        Executes dropped EXE
        
        PID:1176
        
        C:\Windows\SysWOW64\wrrn.exe
        
        "C:\Windows\system32\wrrn.exe"
        46⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1984
        
        C:\Windows\SysWOW64\wkgpgsmx.exe
        
        "C:\Windows\system32\wkgpgsmx.exe"
        47⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2496
        
        C:\Windows\SysWOW64\wdw.exe
        
        "C:\Windows\system32\wdw.exe"
        48⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2372
        
        C:\Windows\SysWOW64\wsmcel.exe
        
        "C:\Windows\system32\wsmcel.exe"
        49⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2476
        
        C:\Windows\SysWOW64\wnclgpcxr.exe
        
        "C:\Windows\system32\wnclgpcxr.exe"
        50⤵
        Executes dropped EXE
        
        PID:1512
        
        C:\Windows\SysWOW64\wxglgmw.exe
        
        "C:\Windows\system32\wxglgmw.exe"
        51⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1264
        
        C:\Windows\SysWOW64\wqidprw.exe
        
        "C:\Windows\system32\wqidprw.exe"
        52⤵
        Executes dropped EXE
        
        PID:1916
        
        C:\Windows\SysWOW64\wgapyfjt.exe
        
        "C:\Windows\system32\wgapyfjt.exe"
        53⤵
        Executes dropped EXE
        
        PID:1736
        
        C:\Windows\SysWOW64\wachijmv.exe
        
        "C:\Windows\system32\wachijmv.exe"
        54⤵
        Executes dropped EXE
        
        PID:972
        
        C:\Windows\SysWOW64\wsfyqon.exe
        
        "C:\Windows\system32\wsfyqon.exe"
        55⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2288
        
        C:\Windows\SysWOW64\wnhryvo.exe
        
        "C:\Windows\system32\wnhryvo.exe"
        56⤵
        Executes dropped EXE
        
        PID:1968
        
        C:\Windows\SysWOW64\whjjiap.exe
        
        "C:\Windows\system32\whjjiap.exe"
        57⤵
        Executes dropped EXE
        
        PID:276
        
        C:\Windows\SysWOW64\wvmgyo.exe
        
        "C:\Windows\system32\wvmgyo.exe"
        58⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2496
        
        C:\Windows\SysWOW64\wjpojfkpn.exe
        
        "C:\Windows\system32\wjpojfkpn.exe"
        59⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2880
        
        C:\Windows\SysWOW64\wisbhc.exe
        
        "C:\Windows\system32\wisbhc.exe"
        60⤵
        Executes dropped EXE
        
        PID:1676
        
        C:\Windows\SysWOW64\wwuxyqmr.exe
        
        "C:\Windows\system32\wwuxyqmr.exe"
        61⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1196
        
        C:\Windows\SysWOW64\wpian.exe
        
        "C:\Windows\system32\wpian.exe"
        62⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2420
        
        C:\Windows\SysWOW64\wbpfb.exe
        
        "C:\Windows\system32\wbpfb.exe"
        63⤵
        Executes dropped EXE
        
        PID:1644
        
        C:\Windows\SysWOW64\wusxj.exe
        
        "C:\Windows\system32\wusxj.exe"
        64⤵
        Executes dropped EXE
        
        PID:2164
        
        C:\Windows\SysWOW64\wnfaxdktd.exe
        
        "C:\Windows\system32\wnfaxdktd.exe"
        65⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1660
        
        C:\Windows\SysWOW64\wixi.exe
        
        "C:\Windows\system32\wixi.exe"
        66⤵
        
        PID:2020
        
        C:\Windows\SysWOW64\witnewf.exe
        
        "C:\Windows\system32\witnewf.exe"
        67⤵
        Drops file in System32 directory
        
        PID:2484
        
        C:\Windows\SysWOW64\wlvxulnuw.exe
        
        "C:\Windows\system32\wlvxulnuw.exe"
        68⤵
        Drops file in System32 directory
        
        PID:1592
        
        C:\Windows\SysWOW64\wnwkmy.exe
        
        "C:\Windows\system32\wnwkmy.exe"
        69⤵
        
        PID:2044
        
        C:\Windows\SysWOW64\wpjejoqu.exe
        
        "C:\Windows\system32\wpjejoqu.exe"
        70⤵
        
        PID:2460
        
        C:\Windows\SysWOW64\wuffevys.exe
        
        "C:\Windows\system32\wuffevys.exe"
        71⤵
        
        PID:1904
        
        C:\Windows\SysWOW64\wtwjxrr.exe
        
        "C:\Windows\system32\wtwjxrr.exe"
        72⤵
        
        PID:1128
        
        C:\Windows\SysWOW64\wuuobhx.exe
        
        "C:\Windows\system32\wuuobhx.exe"
        73⤵
        Drops file in System32 directory
        
        PID:404
        
        C:\Windows\SysWOW64\wsksue.exe
        
        "C:\Windows\system32\wsksue.exe"
        74⤵
        Drops file in System32 directory
        
        PID:1060
        
        C:\Windows\SysWOW64\wuxosslab.exe
        
        "C:\Windows\system32\wuxosslab.exe"
        75⤵
        
        PID:2936
        
        C:\Windows\SysWOW64\wwjjph.exe
        
        "C:\Windows\system32\wwjjph.exe"
        76⤵
        Drops file in System32 directory
        
        PID:1624
        
        C:\Windows\SysWOW64\wywen.exe
        
        "C:\Windows\system32\wywen.exe"
        77⤵
        
        PID:2372
        
        C:\Windows\SysWOW64\wwxsn.exe
        
        "C:\Windows\system32\wwxsn.exe"
        78⤵
        
        PID:2584
        
        C:\Windows\SysWOW64\wpakv.exe
        
        "C:\Windows\system32\wpakv.exe"
        79⤵
        Drops file in System32 directory
        
        PID:608
        
        C:\Windows\SysWOW64\wwpveahsy.exe
        
        "C:\Windows\system32\wwpveahsy.exe"
        80⤵
        
        PID:1264
        
        C:\Windows\SysWOW64\wymbiplc.exe
        
        "C:\Windows\system32\wymbiplc.exe"
        81⤵
        
        PID:2804
        
        C:\Windows\SysWOW64\wsptrvne.exe
        
        "C:\Windows\system32\wsptrvne.exe"
        82⤵
        Drops file in System32 directory
        
        PID:928
        
        C:\Windows\SysWOW64\wprhrrrt.exe
        
        "C:\Windows\system32\wprhrrrt.exe"
        83⤵
        Drops file in System32 directory
        
        PID:2816
        
        C:\Windows\SysWOW64\wfjsbf.exe
        
        "C:\Windows\system32\wfjsbf.exe"
        84⤵
        Drops file in System32 directory
        
        PID:2424
        
        C:\Windows\SysWOW64\wyllik.exe
        
        "C:\Windows\system32\wyllik.exe"
        85⤵
        
        PID:2076
        
        C:\Windows\SysWOW64\wryoyp.exe
        
        "C:\Windows\system32\wryoyp.exe"
        86⤵
        
        PID:2440
        
        C:\Windows\SysWOW64\wdqdrnc.exe
        
        "C:\Windows\system32\wdqdrnc.exe"
        87⤵
        
        PID:2436
        
        C:\Windows\SysWOW64\wwtvaq.exe
        
        "C:\Windows\system32\wwtvaq.exe"
        88⤵
        Drops file in System32 directory
        
        PID:1600
        
        C:\Windows\SysWOW64\wdtcixony.exe
        
        "C:\Windows\system32\wdtcixony.exe"
        89⤵
        Drops file in System32 directory
        
        PID:604
        
        C:\Windows\SysWOW64\wfhwgmj.exe
        
        "C:\Windows\system32\wfhwgmj.exe"
        90⤵
        
        PID:2204
        
        C:\Windows\SysWOW64\wjpub.exe
        
        "C:\Windows\system32\wjpub.exe"
        91⤵
        Drops file in System32 directory
        
        PID:784
        
        C:\Windows\SysWOW64\wmdnieb.exe
        
        "C:\Windows\system32\wmdnieb.exe"
        92⤵
        
        PID:1908
        
        C:\Windows\SysWOW64\whfeqj.exe
        
        "C:\Windows\system32\whfeqj.exe"
        93⤵
        
        PID:1984
        
        C:\Windows\SysWOW64\wecdui.exe
        
        "C:\Windows\system32\wecdui.exe"
        94⤵
        Drops file in System32 directory
        
        PID:2380
        
        C:\Windows\SysWOW64\wxdtd.exe
        
        "C:\Windows\system32\wxdtd.exe"
        95⤵
        Drops file in System32 directory
        
        PID:2872
        
        C:\Windows\SysWOW64\wnjvga.exe
        
        "C:\Windows\system32\wnjvga.exe"
        96⤵
        Drops file in System32 directory
        
        PID:1604
        
        C:\Windows\SysWOW64\wmftkxa.exe
        
        "C:\Windows\system32\wmftkxa.exe"
        97⤵
        Drops file in System32 directory
        
        PID:2592
        
        C:\Windows\SysWOW64\wppdxnp.exe
        
        "C:\Windows\system32\wppdxnp.exe"
        98⤵
        Drops file in System32 directory
        
        PID:2044
        
        C:\Windows\SysWOW64\wmdyqrc.exe
        
        "C:\Windows\system32\wmdyqrc.exe"
        99⤵
        Drops file in System32 directory
        
        PID:1420
        
        C:\Windows\SysWOW64\woxskhdf.exe
        
        "C:\Windows\system32\woxskhdf.exe"
        100⤵
        
        PID:1792
        
        C:\Windows\SysWOW64\wowwbf.exe
        
        "C:\Windows\system32\wowwbf.exe"
        101⤵
        
        PID:3020
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\woxskhdf.exe"
        101⤵
        
        PID:1128
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmdyqrc.exe"
        100⤵
        
        PID:2932
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wppdxnp.exe"
        99⤵
        
        PID:1796
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmftkxa.exe"
        98⤵
        
        PID:2888
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnjvga.exe"
        97⤵
        
        PID:2100
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxdtd.exe"
        96⤵
        
        PID:2216
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wecdui.exe"
        95⤵
        
        PID:2936
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whfeqj.exe"
        94⤵
        
        PID:2328
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmdnieb.exe"
        93⤵
        
        PID:404
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjpub.exe"
        92⤵
        
        PID:1736
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfhwgmj.exe"
        91⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdtcixony.exe"
        90⤵
        
        PID:668
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwtvaq.exe"
        89⤵
        
        PID:336
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdqdrnc.exe"
        88⤵
        
        PID:2716
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wryoyp.exe"
        87⤵
        
        PID:2956
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wyllik.exe"
        86⤵
        
        PID:1124
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfjsbf.exe"
        85⤵
        
        PID:2788
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wprhrrrt.exe"
        84⤵
        
        PID:2008
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wsptrvne.exe"
        83⤵
        
        PID:3068
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wymbiplc.exe"
        82⤵
        
        PID:1132
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwpveahsy.exe"
        81⤵
        
        PID:1792
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpakv.exe"
        80⤵
        
        PID:2188
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwxsn.exe"
        79⤵
        
        PID:2892
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wywen.exe"
        78⤵
        
        PID:1572
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwjjph.exe"
        77⤵
        
        PID:2540
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wuxosslab.exe"
        76⤵
        
        PID:2416
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wsksue.exe"
        75⤵
        
        PID:1172
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wuuobhx.exe"
        74⤵
        
        PID:1280
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtwjxrr.exe"
        73⤵
        
        PID:2200
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wuffevys.exe"
        72⤵
        
        PID:1480
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpjejoqu.exe"
        71⤵
        
        PID:1568
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnwkmy.exe"
        70⤵
        
        PID:2704
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlvxulnuw.exe"
        69⤵
        
        PID:1560
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\witnewf.exe"
        68⤵
        
        PID:2464
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wixi.exe"
        67⤵
        
        PID:1528
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnfaxdktd.exe"
        66⤵
        
        PID:3028
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wusxj.exe"
        65⤵
        
        PID:1176
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbpfb.exe"
        64⤵
        
        PID:932
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpian.exe"
        63⤵
        
        PID:3020
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwuxyqmr.exe"
        62⤵
        
        PID:1788
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wisbhc.exe"
        61⤵
        
        PID:1620
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjpojfkpn.exe"
        60⤵
        
        PID:1600
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvmgyo.exe"
        59⤵
        
        PID:900
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whjjiap.exe"
        58⤵
        
        PID:2232
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnhryvo.exe"
        57⤵
        
        PID:2624
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wsfyqon.exe"
        56⤵
        
        PID:2516
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wachijmv.exe"
        55⤵
        
        PID:2768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 972 -s 852
        55⤵
        Program crash
        
        PID:2308
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgapyfjt.exe"
        54⤵
        
        PID:2164
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqidprw.exe"
        53⤵
        
        PID:2772
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxglgmw.exe"
        52⤵
        
        PID:336
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnclgpcxr.exe"
        51⤵
        
        PID:600
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wsmcel.exe"
        50⤵
        
        PID:1372
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdw.exe"
        49⤵
        
        PID:1696
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkgpgsmx.exe"
        48⤵
        
        PID:2128
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrrn.exe"
        47⤵
        
        PID:2328
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wsqx.exe"
        46⤵
        
        PID:1516
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whyiwt.exe"
        45⤵
        
        PID:404
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbhnfrfwx.exe"
        44⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbjhb.exe"
        43⤵
        
        PID:2052
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wodbogcux.exe"
        42⤵
        
        PID:2760
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wejknsmng.exe"
        41⤵
        
        PID:2596
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whgvovhvq.exe"
        40⤵
        
        PID:2500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 840
        40⤵
        Program crash
        
        PID:2568
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrdyxi.exe"
        39⤵
        
        PID:2576
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wglkemadu.exe"
        38⤵
        
        PID:1532
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\woxio.exe"
        37⤵
        
        PID:1280
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtvog.exe"
        36⤵
        
        PID:1504
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnnhmw.exe"
        35⤵
        
        PID:1108
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpaif.exe"
        34⤵
        
        PID:1688
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\weismest.exe"
        33⤵
        
        PID:1568
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpqgbr.exe"
        32⤵
        
        PID:2320
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wahjwfa.exe"
        31⤵
        
        PID:2412
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wcsyxemd.exe"
        30⤵
        
        PID:2880
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbhdaosiv.exe"
        29⤵
        
        PID:1880
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wauhcbx.exe"
        28⤵
        
        PID:2780
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxine.exe"
        27⤵
        
        PID:928
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wagyf.exe"
        26⤵
        
        PID:2976
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wcsa.exe"
        25⤵
        
        PID:964
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfakxumaw.exe"
        24⤵
        
        PID:2080
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnbmikr.exe"
        23⤵
        
        PID:1240
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxjax.exe"
        22⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjfegj.exe"
        21⤵
        
        PID:2592
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpoxeep.exe"
        20⤵
        
        PID:2364
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\welwfi.exe"
        19⤵
        
        PID:2992
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgxyx.exe"
        18⤵
        
        PID:968
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmxmdp.exe"
        17⤵
        
        PID:832
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwupmbd.exe"
        16⤵
        
        PID:912
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbtcmex.exe"
        15⤵
        
        PID:1420
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\woclrj.exe"
        14⤵
        
        PID:1700
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\weiwy.exe"
        13⤵
        
        PID:644
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wsqig.exe"
        12⤵
        
        PID:2588
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpxjv.exe"
        11⤵
        
        PID:2900
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnwlx.exe"
        10⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlkpafq.exe"
        9⤵
        
        PID:276
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wicev.exe"
        8⤵
        
        PID:780
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlof.exe"
        7⤵
        
        PID:2172
      - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqqu.exe"
        6⤵
        
        PID:2224
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wspg.exe"
        5⤵
        
        PID:1248
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvcitx.exe"
      4⤵
      PID:2248
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnul.exe"
    3⤵
    PID:2408
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c del "C:\Users\Admin\AppData\Local\Temp\58c9a81f103a38283dfd69749c0d1886dc9dfde5f633ec4b2a8f57f939c38f05.exe"
  2⤵
  - Deletes itself
  PID:2524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\VTJSEMQ1.txt

Filesize
99B

MD5
a7c6dbf89bc8832d92fac77d5ca3b220

SHA1
c537c6949bc64d15730c4cd2e1f3c8770c3e3c93

SHA256
62d8298bee629fb47b5a17afca3b8fff36b668205bbe29fb6d3cda20df623d89

SHA512
cd35767a425f3bd5239175a3e6eb8bdc453b751ea329b94404e1ff3a129f1338d53c93fe1b75c0ba43615ac920be0fd350970ed1bac289520736319586484df4

Download Submit
C:\Windows\SysWOW64\wnul.exe

Filesize
447KB

MD5
e74ce4ac55bf0f0ec127c963891e9ee5

SHA1
c66da38bb81e2104cde53f4500c1f4db67da0d10

SHA256
651c437d89023d1efdd08f3c5cee92b1d01a794be3239cb40a84d30a963a5c1d

SHA512
e32bd09c4d7236751ff282ac8a7fb964d44b4f2d5e766eeca3b2a25aa4ad236e214f006a7ccbfed357f7e4982c9e120d03a053a1408c93adee2ea35af9282f9b

Download Submit
\Windows\SysWOW64\weiwy.exe

Filesize
447KB

MD5
a9c2ca05aa31fa11abd36089bebb976f

SHA1
1e51f674bd678cccf425f3188d100e2b07e12041

SHA256
d510b34713130bd7eed512dc671087c4123089a220fd2a1ece738c21ddfd2e65

SHA512
d172c9d9b6897fe7271b7f7acd01cd03e3948f3a695df8f336163ef47ab801bc68d31558f01d4526344dda517291006f3dd103a1432042f2b0f0f56cfb4cd66e

Download Submit
\Windows\SysWOW64\wicev.exe

Filesize
447KB

MD5
c337bbde347d19c3f3e67ee485b77ec5

SHA1
a52bd7ad66f7f9f6cec114052309d8c056c41dd0

SHA256
25cecd8525a4cfcc86d4e483716246bb18a24c54349e9469d22834cab4d48507

SHA512
fd7c6d62d0d4f2824e565651afc1e16868bfa5a28c5085ca22625c0874c70005bdadb1c9b12f66a38faa64214eeba165d1c3973b93cde90e988661531fd0b02e

Download Submit
\Windows\SysWOW64\wlkpafq.exe

Filesize
447KB

MD5
478e9a95c437409eafb8feb89777e262

SHA1
82c469c956c942d3c6db2617411462c4938617be

SHA256
beb7a386b7dd21612237817e2e9ffc86663da52eb8db1eceb395ce62ee9c75c8

SHA512
e13ff39e3f73ab8b26be133258c6aa7bede6c980a785641c977c492979f85d31853f7c223df0d088bd97a2c4eef4220b770cf8b1cff94bca4e511fb47d52f408

Download Submit
\Windows\SysWOW64\wlof.exe

Filesize
447KB

MD5
4b07ec9baab56490a9bb4fb27ceedf58

SHA1
22837209d26f607a075d92a33d2f52e3ad725184

SHA256
8dcbf9201f7db4df1f71da66feeea5f6ff0bd73408daa3425028e03febd8ad4a

SHA512
59c3b39531f240d3d66d834964a97af59832c11c4fc1109c88c086e48f9320c8d82f2ec9cfd0d20cd6e7bbcb953a2aab5f7a81babcd9d94ece8e713479dbb521

Download Submit
\Windows\SysWOW64\wnwlx.exe

Filesize
447KB

MD5
b9c60c7083f8d86b428257d83eead229

SHA1
c860bf407d7680b5fcea3f16082dbd4fdbf7d1a2

SHA256
d5bf3247f312143a840540a6d436d8135c69770b0602049246e6a9d03456f998

SHA512
a435260ff4fd8910a3eab5d8af9ab6a89ed440364eac54aed3b4fd5f6d60c33520b8b4573b7ddb1495cf91f0d414167e85a39556ac62307228afc8d007b1019c

Download Submit
\Windows\SysWOW64\wpxjv.exe

Filesize
447KB

MD5
e685603933f74a96fdfdb5e57d790c9e

SHA1
a723d90eb3413df64ff4991fc50d159079ff22cf

SHA256
f335c1bd3ec9eed98abd7d379f9b8881271d10f868957a32ceab96fca02ca872

SHA512
838fc61644626d5a6827ae2ef37831cbef7852e135ea26e51a3dcc0cff3040baa504129886005f6eb55b8ec3d267bb13b77e51e0f5d74a749db59ab7238f3f56

Download Submit
\Windows\SysWOW64\wqqu.exe

Filesize
447KB

MD5
15fde34e64dad711335902af437adbc4

SHA1
785e57129ff2a6f57f02db26e3ade2d3c92cf85e

SHA256
64edd7f244b5dd7d0bee74ac9cc7583b495d8ff2c37d0d8f6f2adf176b830ff5

SHA512
37a7d70d701d24be6afa58dcdd093ef1278ebcc47d6c0c04fd0805cb79635921594ae1dd8c4b6d30ea2ed690adb30f4e4be767021aab9d0c1ccfe8388159a845

Download Submit
\Windows\SysWOW64\wspg.exe

Filesize
447KB

MD5
fece2c84ae8aed70602b29b2d05e7f5e

SHA1
a832e513c300c9f914b6a0b144ffc0efc37dae80

SHA256
0a10454717a98394f744fce7c027b05b9f93d6b4ce1f36f10be5d47cc149f098

SHA512
db99de7254bc5e771d334de0fb8299db376c19dbf9a2d646f0f7422c05f52832e14cda2e9f3c4ce0e8e1c4a92c8ee6cde336a898785c7ca60050215b70d98d9b

Download Submit
\Windows\SysWOW64\wsqig.exe

Filesize
447KB

MD5
d720b8e63ebba2abf1b287a68eea3692

SHA1
e8c7fb7d5338e8d8621dc915f70dcaa1d0419ab6

SHA256
8c477da9535e62d7816935197a7515aa6980f0354c04b68c306fc8421a42e118

SHA512
f5977de1f6fdcabb4820a6a3985c5b943b13dcd339b440e3c4757b058759530ba533c342cae3fbe7a727459543942184a3c48aa0e5ce4bbe4527c03e893b7685

Download Submit
\Windows\SysWOW64\wvcitx.exe

Filesize
447KB

MD5
3f1b846b4292294ce6548d970f315bb3

SHA1
cdfd7066302c09ffd62dbdef1ce48ca6b23746bf

SHA256
168115ddc0a63237c364dc7a24f05839640a5c1eb059c030d797bcf8ec2c04df

SHA512
5da54340938076ab3606319b01441d9e8f8eb1364c8b5c5341d04e23b6f520a2acbf457e24d750114ba8d8a9c53a51ece74848e5d7e3adb60a2d8d444483d797

Download Submit
memory/344-260-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/344-273-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/708-144-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/708-126-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/892-363-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/892-348-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/892-356-0x00000000035B0000-0x00000000035CA000-memory.dmp

Filesize
104KB

Download
memory/892-357-0x00000000035B0000-0x00000000035CA000-memory.dmp

Filesize
104KB

Download
memory/1276-406-0x00000000024F0000-0x000000000250A000-memory.dmp

Filesize
104KB

Download
memory/1276-394-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1276-410-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1276-409-0x0000000002500000-0x000000000251A000-memory.dmp

Filesize
104KB

Download
memory/1276-408-0x0000000002500000-0x000000000251A000-memory.dmp

Filesize
104KB

Download
memory/1276-407-0x00000000024F0000-0x000000000250A000-memory.dmp

Filesize
104KB

Download
memory/1280-315-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1280-303-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1380-232-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1380-243-0x0000000003EE0000-0x0000000003EFA000-memory.dmp

Filesize
104KB

Download
memory/1380-245-0x0000000004020000-0x000000000403A000-memory.dmp

Filesize
104KB

Download
memory/1380-246-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1424-301-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1424-300-0x0000000000AF0000-0x0000000000B0A000-memory.dmp

Filesize
104KB

Download
memory/1540-349-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1540-347-0x0000000003F80000-0x0000000003F9A000-memory.dmp

Filesize
104KB

Download
memory/1540-346-0x0000000003F80000-0x0000000003F9A000-memory.dmp

Filesize
104KB

Download
memory/1540-345-0x0000000003F80000-0x0000000003F9A000-memory.dmp

Filesize
104KB

Download
memory/1540-333-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1700-423-0x0000000003E00000-0x0000000003E1A000-memory.dmp

Filesize
104KB

Download
memory/1700-424-0x0000000003E00000-0x0000000003E1A000-memory.dmp

Filesize
104KB

Download
memory/1700-422-0x0000000003E00000-0x0000000003E1A000-memory.dmp

Filesize
104KB

Download
memory/1700-425-0x0000000003E00000-0x0000000003E1A000-memory.dmp

Filesize
104KB

Download
memory/1952-18-0x0000000004030000-0x000000000404A000-memory.dmp

Filesize
104KB

Download
memory/1952-19-0x0000000004030000-0x000000000404A000-memory.dmp

Filesize
104KB

Download
memory/1952-7-0x0000000004030000-0x000000000404A000-memory.dmp

Filesize
104KB

Download
memory/1952-0-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1952-22-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2192-123-0x00000000033F0000-0x000000000340A000-memory.dmp

Filesize
104KB

Download
memory/2192-106-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2192-127-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2236-187-0x0000000002210000-0x000000000222A000-memory.dmp

Filesize
104KB

Download
memory/2236-168-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2236-180-0x0000000002200000-0x000000000221A000-memory.dmp

Filesize
104KB

Download
memory/2236-178-0x0000000002200000-0x000000000221A000-memory.dmp

Filesize
104KB

Download
memory/2236-190-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2236-188-0x0000000002210000-0x000000000222A000-memory.dmp

Filesize
104KB

Download
memory/2428-62-0x0000000003740000-0x000000000375A000-memory.dmp

Filesize
104KB

Download
memory/2428-61-0x0000000003740000-0x000000000375A000-memory.dmp

Filesize
104KB

Download
memory/2428-43-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2428-59-0x0000000003740000-0x000000000375A000-memory.dmp

Filesize
104KB

Download
memory/2428-60-0x0000000003740000-0x000000000375A000-memory.dmp

Filesize
104KB

Download
memory/2428-64-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2552-212-0x0000000002220000-0x000000000223A000-memory.dmp

Filesize
104KB

Download
memory/2552-211-0x0000000002220000-0x000000000223A000-memory.dmp

Filesize
104KB

Download
memory/2552-191-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2552-208-0x0000000002220000-0x000000000223A000-memory.dmp

Filesize
104KB

Download
memory/2552-214-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2552-210-0x0000000002220000-0x000000000223A000-memory.dmp

Filesize
104KB

Download
memory/2560-165-0x0000000002440000-0x000000000245A000-memory.dmp

Filesize
104KB

Download
memory/2560-146-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2560-164-0x0000000002440000-0x000000000245A000-memory.dmp

Filesize
104KB

Download
memory/2560-166-0x0000000002440000-0x000000000245A000-memory.dmp

Filesize
104KB

Download
memory/2560-167-0x0000000002440000-0x000000000245A000-memory.dmp

Filesize
104KB

Download
memory/2560-169-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2568-229-0x0000000002200000-0x000000000221A000-memory.dmp

Filesize
104KB

Download
memory/2568-302-0x00000000023D0000-0x00000000023EA000-memory.dmp

Filesize
104KB

Download
memory/2568-230-0x00000000023D0000-0x00000000023EA000-memory.dmp

Filesize
104KB

Download
memory/2568-231-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2584-105-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2596-393-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2596-380-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2640-21-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2640-41-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2648-378-0x00000000035D0000-0x00000000035EA000-memory.dmp

Filesize
104KB

Download
memory/2648-377-0x00000000035D0000-0x00000000035EA000-memory.dmp

Filesize
104KB

Download
memory/2648-381-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2648-364-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2648-379-0x00000000035E0000-0x00000000035FA000-memory.dmp

Filesize
104KB

Download
memory/2704-259-0x0000000003620000-0x000000000363A000-memory.dmp

Filesize
104KB

Download
memory/2704-258-0x0000000003620000-0x000000000363A000-memory.dmp

Filesize
104KB

Download
memory/2704-261-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2716-86-0x0000000003500000-0x000000000351A000-memory.dmp

Filesize
104KB

Download
memory/2716-84-0x0000000000B70000-0x0000000000B8A000-memory.dmp

Filesize
104KB

Download
memory/2716-83-0x0000000000B70000-0x0000000000B8A000-memory.dmp

Filesize
104KB

Download
memory/2716-88-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2716-66-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2716-85-0x0000000003500000-0x000000000351A000-memory.dmp

Filesize
104KB

Download
memory/2772-286-0x0000000003E30000-0x0000000003E4A000-memory.dmp

Filesize
104KB

Download
memory/2772-288-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2772-287-0x0000000003E30000-0x0000000003E4A000-memory.dmp

Filesize
104KB

Download
memory/2772-274-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/3064-332-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/3064-316-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/3064-331-0x0000000003520000-0x000000000353A000-memory.dmp

Filesize
104KB

Download
memory/3064-330-0x0000000003520000-0x000000000353A000-memory.dmp

Filesize
104KB

Download
memory/3064-329-0x0000000003520000-0x000000000353A000-memory.dmp

Filesize
104KB

Download
memory/3064-328-0x0000000003520000-0x000000000353A000-memory.dmp

Filesize
104KB

Download