f7995cfdef2e3233fcc33a4beb14ba8d8a3b03371ec374ca94159abaf7fa7fef

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
15/05/2024, 17:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

091213e24bafc8bfbe4558f92bc5dd20_NeikiAnalytics.exe
Size

92KB
MD5

091213e24bafc8bfbe4558f92bc5dd20
SHA1

4ab3800913ec093e6ed59b02e2478c1069c36949
SHA256

f7995cfdef2e3233fcc33a4beb14ba8d8a3b03371ec374ca94159abaf7fa7fef
SHA512

d7d34368b1953d5db22dc95ee1bb54d5c6f2dd1d812cc21b9f5a0fe7419f2e9209c2f477d4fdf33c5c9866bfda0e00aef1fab8753071a20b41f80073c8113f64
SSDEEP

768:wrGLctww30POw9mKv2oMumjeEgzHI/fCREC3rHvDUXM+GpcS63uHzbQsWGhM1xH7:xch3vwSbax3rHV6+HwsWGhG5JiBzQmVY

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2688	cmd.exe

Executes dropped EXE 64 IoCs

pid	Process
2944	wgvnny.exe
2692	wuyuw.exe
2084	wmg.exe
1608	wxbtuc.exe
2972	wsrxgk.exe
1064	wndomqie.exe
2792	whvtx.exe
552	wmtt.exe
2904	wbmc.exe
2028	wmqyich.exe
2244	wgjd.exe
808	wwqciyw.exe
1676	wwunr.exe
2376	wtw.exe
1412	wwahcp.exe
1668	weckux.exe
112	wkdomh.exe
2984	wjga.exe
1872	wii.exe
2996	wgam.exe
2868	wfexsf.exe
2328	whffs.exe
2344	woijlg.exe
1112	wyfehinx.exe
1712	whhiy.exe
2100	wfjsjqd.exe
2072	waqonxi.exe
2900	wged.exe
2080	wng.exe
1756	wusueyll.exe
2508	weffta.exe
1716	wdifm.exe
1588	wikie.exe
2164	wtgebkk.exe
1156	wwwcub.exe
1660	wylsctywh.exe
380	wutnh.exe
692	wrhjwbrn.exe
1528	wujqyra.exe
2708	wpqmdyd.exe
2124	wrtteqk.exe
2240	wuuafi.exe
2116	wxjsma.exe
2064	wylbm.exe
1772	whmef.exe
2172	wnbsej.exe
1444	wms.exe
1160	wpt.exe
1536	wwwfai.exe
2220	wuyrj.exe
2660	wbleir.exe
2464	wjnibb.exe
2316	wlffu.exe
1776	wnsxcjka.exe
264	wrjuwag.exe
1876	wsldvq.exe
3036	wwokxh.exe
1988	wur.exe
1160	wfehw.exe
1376	wlquvt.exe
2664	wptcwjcgn.exe
340	wjaw.exe
1564	wvxryrrf.exe
2940	woqwjagy.exe

Loads dropped DLL 64 IoCs

pid	Process
1868	091213e24bafc8bfbe4558f92bc5dd20_NeikiAnalytics.exe
1868	091213e24bafc8bfbe4558f92bc5dd20_NeikiAnalytics.exe
1868	091213e24bafc8bfbe4558f92bc5dd20_NeikiAnalytics.exe
1868	091213e24bafc8bfbe4558f92bc5dd20_NeikiAnalytics.exe
2944	wgvnny.exe
2944	wgvnny.exe
2944	wgvnny.exe
2944	wgvnny.exe
2692	wuyuw.exe
2692	wuyuw.exe
2692	wuyuw.exe
2692	wuyuw.exe
2084	wmg.exe
2084	wmg.exe
2084	wmg.exe
2084	wmg.exe
1608	wxbtuc.exe
1608	wxbtuc.exe
1608	wxbtuc.exe
1608	wxbtuc.exe
2972	wsrxgk.exe
2972	wsrxgk.exe
2972	wsrxgk.exe
2972	wsrxgk.exe
1064	wndomqie.exe
1064	wndomqie.exe
1064	wndomqie.exe
1064	wndomqie.exe
2792	whvtx.exe
2792	whvtx.exe
2792	whvtx.exe
2792	whvtx.exe
552	wmtt.exe
552	wmtt.exe
552	wmtt.exe
552	wmtt.exe
2904	wbmc.exe
2904	wbmc.exe
2904	wbmc.exe
2904	wbmc.exe
2028	wmqyich.exe
2028	wmqyich.exe
2028	wmqyich.exe
2028	wmqyich.exe
2244	wgjd.exe
2244	wgjd.exe
2244	wgjd.exe
2244	wgjd.exe
808	wwqciyw.exe
808	wwqciyw.exe
808	wwqciyw.exe
808	wwqciyw.exe
1676	wwunr.exe
1676	wwunr.exe
1676	wwunr.exe
1676	wwunr.exe
2376	wtw.exe
2376	wtw.exe
2376	wtw.exe
2376	wtw.exe
1412	wwahcp.exe
1412	wwahcp.exe
1412	wwahcp.exe
1412	wwahcp.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\wndomqie.exe	wsrxgk.exe
File created	C:\Windows\SysWOW64\wdifm.exe	weffta.exe
File opened for modification	C:\Windows\SysWOW64\wjqaps.exe	whn.exe
File opened for modification	C:\Windows\SysWOW64\wotuvj.exe	wkdxbs.exe
File opened for modification	C:\Windows\SysWOW64\waqonxi.exe	wfjsjqd.exe
File opened for modification	C:\Windows\SysWOW64\wfexsf.exe	wgam.exe
File created	C:\Windows\SysWOW64\wbkfkfa.exe	wodbogcux.exe
File created	C:\Windows\SysWOW64\wnirvg.exe	wcpgtiq.exe
File created	C:\Windows\SysWOW64\wqsbjv.exe	wnirvg.exe
File opened for modification	C:\Windows\SysWOW64\wfu.exe	wkooqtv.exe
File created	C:\Windows\SysWOW64\wjvqap.exe	wodln.exe
File opened for modification	C:\Windows\SysWOW64\wrrml.exe	woodk.exe
File created	C:\Windows\SysWOW64\weckux.exe	wwahcp.exe
File opened for modification	C:\Windows\SysWOW64\wyfehinx.exe	woijlg.exe
File created	C:\Windows\SysWOW64\wnbsej.exe	whmef.exe
File created	C:\Windows\SysWOW64\wms.exe	wnbsej.exe
File created	C:\Windows\SysWOW64\wjyxxk.exe	whhaetr.exe
File opened for modification	C:\Windows\SysWOW64\wfrko.exe	weerfpbjk.exe
File opened for modification	C:\Windows\SysWOW64\wwmdekv.exe	wwjsuk.exe
File opened for modification	C:\Windows\SysWOW64\wosdesi.exe	wlbej.exe
File created	C:\Windows\SysWOW64\wvgqdcdl.exe	wosdesi.exe
File created	C:\Windows\SysWOW64\wpcorpvr.exe	wpjmor.exe
File created	C:\Windows\SysWOW64\wuuafi.exe	wrtteqk.exe
File created	C:\Windows\SysWOW64\wxjsma.exe	wuuafi.exe
File created	C:\Windows\SysWOW64\wolqa.exe	wltsfn.exe
File created	C:\Windows\SysWOW64\wnbcdj.exe	woxrtjb.exe
File created	C:\Windows\SysWOW64\wohkibob.exe	wngch.exe
File opened for modification	C:\Windows\SysWOW64\wkdomh.exe	weckux.exe
File opened for modification	C:\Windows\SysWOW64\wjga.exe	wkdomh.exe
File created	C:\Windows\SysWOW64\wlffu.exe	wjnibb.exe
File created	C:\Windows\SysWOW64\wnsxcjka.exe	wlffu.exe
File created	C:\Windows\SysWOW64\wjaw.exe	wptcwjcgn.exe
File opened for modification	C:\Windows\SysWOW64\wolqa.exe	wltsfn.exe
File opened for modification	C:\Windows\SysWOW64\woodk.exe	wmbmdi.exe
File opened for modification	C:\Windows\SysWOW64\wchvulpo.exe	wvgqdcdl.exe
File opened for modification	C:\Windows\SysWOW64\wnmgoki.exe	wbkgfks.exe
File created	C:\Windows\SysWOW64\wjbrbbj.exe	wcodcsn.exe
File created	C:\Windows\SysWOW64\wfokla.exe	wdlcjjk.exe
File created	C:\Windows\SysWOW64\wutnh.exe	wylsctywh.exe
File opened for modification	C:\Windows\SysWOW64\wvxryrrf.exe	wjaw.exe
File opened for modification	C:\Windows\SysWOW64\wlbej.exe	wbfknb.exe
File opened for modification	C:\Windows\SysWOW64\wlxlrrdxj.exe	wbjnfk.exe
File created	C:\Windows\SysWOW64\wnxdvh.exe	wkvvup.exe
File created	C:\Windows\SysWOW64\wmbmdi.exe	woyasjg.exe
File opened for modification	C:\Windows\SysWOW64\whneojkv.exe	wwmdekv.exe
File opened for modification	C:\Windows\SysWOW64\wbqsgs.exe	whneojkv.exe
File opened for modification	C:\Windows\SysWOW64\whmef.exe	wylbm.exe
File created	C:\Windows\SysWOW64\wwwfai.exe	wpt.exe
File opened for modification	C:\Windows\SysWOW64\woypn.exe	wpvfdtsg.exe
File created	C:\Windows\SysWOW64\wqdmfv.exe	wbkfkfa.exe
File created	C:\Windows\SysWOW64\wnjvga.exe	wqrud.exe
File opened for modification	C:\Windows\SysWOW64\wusueyll.exe	wng.exe
File created	C:\Windows\SysWOW64\wylbm.exe	wxjsma.exe
File created	C:\Windows\SysWOW64\wguxql.exe	wattxc.exe
File created	C:\Windows\SysWOW64\whneojkv.exe	wwmdekv.exe
File opened for modification	C:\Windows\SysWOW64\wqoap.exe	wnxdvh.exe
File opened for modification	C:\Windows\SysWOW64\wdlcjjk.exe	wajtjrd.exe
File created	C:\Windows\SysWOW64\wsrxgk.exe	wxbtuc.exe
File created	C:\Windows\SysWOW64\wrhjwbrn.exe	wutnh.exe
File opened for modification	C:\Windows\SysWOW64\wlquvt.exe	wfehw.exe
File opened for modification	C:\Windows\SysWOW64\wsldvq.exe	wrjuwag.exe
File opened for modification	C:\Windows\SysWOW64\wpt.exe	wms.exe
File opened for modification	C:\Windows\SysWOW64\wefbans.exe	wssrkmsm.exe
File created	C:\Windows\SysWOW64\wyfehinx.exe	woijlg.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 7 IoCs

pid	pid_target	Process	procid_target
2736	1756	WerFault.exe	115
2252	2064	WerFault.exe	158
2320	2108	WerFault.exe	234
2956	1032	WerFault.exe	272
1556	2676	WerFault.exe	288
1856	2172	WerFault.exe	431
2392	2892	WerFault.exe	462

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1868 wrote to memory of 2944	1868	091213e24bafc8bfbe4558f92bc5dd20_NeikiAnalytics.exe	28
PID 1868 wrote to memory of 2944	1868	091213e24bafc8bfbe4558f92bc5dd20_NeikiAnalytics.exe	28
PID 1868 wrote to memory of 2944	1868	091213e24bafc8bfbe4558f92bc5dd20_NeikiAnalytics.exe	28
PID 1868 wrote to memory of 2944	1868	091213e24bafc8bfbe4558f92bc5dd20_NeikiAnalytics.exe	28
PID 1868 wrote to memory of 2688	1868	091213e24bafc8bfbe4558f92bc5dd20_NeikiAnalytics.exe	29
PID 1868 wrote to memory of 2688	1868	091213e24bafc8bfbe4558f92bc5dd20_NeikiAnalytics.exe	29
PID 1868 wrote to memory of 2688	1868	091213e24bafc8bfbe4558f92bc5dd20_NeikiAnalytics.exe	29
PID 1868 wrote to memory of 2688	1868	091213e24bafc8bfbe4558f92bc5dd20_NeikiAnalytics.exe	29
PID 2944 wrote to memory of 2692	2944	wgvnny.exe	31
PID 2944 wrote to memory of 2692	2944	wgvnny.exe	31
PID 2944 wrote to memory of 2692	2944	wgvnny.exe	31
PID 2944 wrote to memory of 2692	2944	wgvnny.exe	31
PID 2944 wrote to memory of 2852	2944	wgvnny.exe	32
PID 2944 wrote to memory of 2852	2944	wgvnny.exe	32
PID 2944 wrote to memory of 2852	2944	wgvnny.exe	32
PID 2944 wrote to memory of 2852	2944	wgvnny.exe	32
PID 2692 wrote to memory of 2084	2692	wuyuw.exe	34
PID 2692 wrote to memory of 2084	2692	wuyuw.exe	34
PID 2692 wrote to memory of 2084	2692	wuyuw.exe	34
PID 2692 wrote to memory of 2084	2692	wuyuw.exe	34
PID 2692 wrote to memory of 1788	2692	wuyuw.exe	35
PID 2692 wrote to memory of 1788	2692	wuyuw.exe	35
PID 2692 wrote to memory of 1788	2692	wuyuw.exe	35
PID 2692 wrote to memory of 1788	2692	wuyuw.exe	35
PID 2084 wrote to memory of 1608	2084	wmg.exe	37
PID 2084 wrote to memory of 1608	2084	wmg.exe	37
PID 2084 wrote to memory of 1608	2084	wmg.exe	37
PID 2084 wrote to memory of 1608	2084	wmg.exe	37
PID 2084 wrote to memory of 1552	2084	wmg.exe	38
PID 2084 wrote to memory of 1552	2084	wmg.exe	38
PID 2084 wrote to memory of 1552	2084	wmg.exe	38
PID 2084 wrote to memory of 1552	2084	wmg.exe	38
PID 1608 wrote to memory of 2972	1608	wxbtuc.exe	40
PID 1608 wrote to memory of 2972	1608	wxbtuc.exe	40
PID 1608 wrote to memory of 2972	1608	wxbtuc.exe	40
PID 1608 wrote to memory of 2972	1608	wxbtuc.exe	40
PID 1608 wrote to memory of 1932	1608	wxbtuc.exe	41
PID 1608 wrote to memory of 1932	1608	wxbtuc.exe	41
PID 1608 wrote to memory of 1932	1608	wxbtuc.exe	41
PID 1608 wrote to memory of 1932	1608	wxbtuc.exe	41
PID 2972 wrote to memory of 1064	2972	wsrxgk.exe	43
PID 2972 wrote to memory of 1064	2972	wsrxgk.exe	43
PID 2972 wrote to memory of 1064	2972	wsrxgk.exe	43
PID 2972 wrote to memory of 1064	2972	wsrxgk.exe	43
PID 2972 wrote to memory of 1092	2972	wsrxgk.exe	44
PID 2972 wrote to memory of 1092	2972	wsrxgk.exe	44
PID 2972 wrote to memory of 1092	2972	wsrxgk.exe	44
PID 2972 wrote to memory of 1092	2972	wsrxgk.exe	44
PID 1064 wrote to memory of 2792	1064	wndomqie.exe	46
PID 1064 wrote to memory of 2792	1064	wndomqie.exe	46
PID 1064 wrote to memory of 2792	1064	wndomqie.exe	46
PID 1064 wrote to memory of 2792	1064	wndomqie.exe	46
PID 1064 wrote to memory of 1328	1064	wndomqie.exe	47
PID 1064 wrote to memory of 1328	1064	wndomqie.exe	47
PID 1064 wrote to memory of 1328	1064	wndomqie.exe	47
PID 1064 wrote to memory of 1328	1064	wndomqie.exe	47
PID 2792 wrote to memory of 552	2792	whvtx.exe	49
PID 2792 wrote to memory of 552	2792	whvtx.exe	49
PID 2792 wrote to memory of 552	2792	whvtx.exe	49
PID 2792 wrote to memory of 552	2792	whvtx.exe	49
PID 2792 wrote to memory of 1052	2792	whvtx.exe	50
PID 2792 wrote to memory of 1052	2792	whvtx.exe	50
PID 2792 wrote to memory of 1052	2792	whvtx.exe	50
PID 2792 wrote to memory of 1052	2792	whvtx.exe	50

C:\Users\Admin\AppData\Local\Temp\091213e24bafc8bfbe4558f92bc5dd20_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\091213e24bafc8bfbe4558f92bc5dd20_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1868
- C:\Windows\SysWOW64\wgvnny.exe
  "C:\Windows\system32\wgvnny.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2944
- - C:\Windows\SysWOW64\wuyuw.exe
    "C:\Windows\system32\wuyuw.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2692
  - - C:\Windows\SysWOW64\wmg.exe
      "C:\Windows\system32\wmg.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:2084
    - - C:\Windows\SysWOW64\wxbtuc.exe
        
        "C:\Windows\system32\wxbtuc.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1608
      - C:\Windows\SysWOW64\wsrxgk.exe
        
        "C:\Windows\system32\wsrxgk.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2972
        
        C:\Windows\SysWOW64\wndomqie.exe
        
        "C:\Windows\system32\wndomqie.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1064
        
        C:\Windows\SysWOW64\whvtx.exe
        
        "C:\Windows\system32\whvtx.exe"
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2792
        
        C:\Windows\SysWOW64\wmtt.exe
        
        "C:\Windows\system32\wmtt.exe"
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:552
        
        C:\Windows\SysWOW64\wbmc.exe
        
        "C:\Windows\system32\wbmc.exe"
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2904
        
        C:\Windows\SysWOW64\wmqyich.exe
        
        "C:\Windows\system32\wmqyich.exe"
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2028
        
        C:\Windows\SysWOW64\wgjd.exe
        
        "C:\Windows\system32\wgjd.exe"
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2244
        
        C:\Windows\SysWOW64\wwqciyw.exe
        
        "C:\Windows\system32\wwqciyw.exe"
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:808
        
        C:\Windows\SysWOW64\wwunr.exe
        
        "C:\Windows\system32\wwunr.exe"
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1676
        
        C:\Windows\SysWOW64\wtw.exe
        
        "C:\Windows\system32\wtw.exe"
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2376
        
        C:\Windows\SysWOW64\wwahcp.exe
        
        "C:\Windows\system32\wwahcp.exe"
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:1412
        
        C:\Windows\SysWOW64\weckux.exe
        
        "C:\Windows\system32\weckux.exe"
        17⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1668
        
        C:\Windows\SysWOW64\wkdomh.exe
        
        "C:\Windows\system32\wkdomh.exe"
        18⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:112
        
        C:\Windows\SysWOW64\wjga.exe
        
        "C:\Windows\system32\wjga.exe"
        19⤵
        Executes dropped EXE
        
        PID:2984
        
        C:\Windows\SysWOW64\wii.exe
        
        "C:\Windows\system32\wii.exe"
        20⤵
        Executes dropped EXE
        
        PID:1872
        
        C:\Windows\SysWOW64\wgam.exe
        
        "C:\Windows\system32\wgam.exe"
        21⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2996
        
        C:\Windows\SysWOW64\wfexsf.exe
        
        "C:\Windows\system32\wfexsf.exe"
        22⤵
        Executes dropped EXE
        
        PID:2868
        
        C:\Windows\SysWOW64\whffs.exe
        
        "C:\Windows\system32\whffs.exe"
        23⤵
        Executes dropped EXE
        
        PID:2328
        
        C:\Windows\SysWOW64\woijlg.exe
        
        "C:\Windows\system32\woijlg.exe"
        24⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2344
        
        C:\Windows\SysWOW64\wyfehinx.exe
        
        "C:\Windows\system32\wyfehinx.exe"
        25⤵
        Executes dropped EXE
        
        PID:1112
        
        C:\Windows\SysWOW64\whhiy.exe
        
        "C:\Windows\system32\whhiy.exe"
        26⤵
        Executes dropped EXE
        
        PID:1712
        
        C:\Windows\SysWOW64\wfjsjqd.exe
        
        "C:\Windows\system32\wfjsjqd.exe"
        27⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2100
        
        C:\Windows\SysWOW64\waqonxi.exe
        
        "C:\Windows\system32\waqonxi.exe"
        28⤵
        Executes dropped EXE
        
        PID:2072
        
        C:\Windows\SysWOW64\wged.exe
        
        "C:\Windows\system32\wged.exe"
        29⤵
        Executes dropped EXE
        
        PID:2900
        
        C:\Windows\SysWOW64\wng.exe
        
        "C:\Windows\system32\wng.exe"
        30⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2080
        
        C:\Windows\SysWOW64\wusueyll.exe
        
        "C:\Windows\system32\wusueyll.exe"
        31⤵
        Executes dropped EXE
        
        PID:1756
        
        C:\Windows\SysWOW64\weffta.exe
        
        "C:\Windows\system32\weffta.exe"
        32⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2508
        
        C:\Windows\SysWOW64\wdifm.exe
        
        "C:\Windows\system32\wdifm.exe"
        33⤵
        Executes dropped EXE
        
        PID:1716
        
        C:\Windows\SysWOW64\wikie.exe
        
        "C:\Windows\system32\wikie.exe"
        34⤵
        Executes dropped EXE
        
        PID:1588
        
        C:\Windows\SysWOW64\wtgebkk.exe
        
        "C:\Windows\system32\wtgebkk.exe"
        35⤵
        Executes dropped EXE
        
        PID:2164
        
        C:\Windows\SysWOW64\wwwcub.exe
        
        "C:\Windows\system32\wwwcub.exe"
        36⤵
        Executes dropped EXE
        
        PID:1156
        
        C:\Windows\SysWOW64\wylsctywh.exe
        
        "C:\Windows\system32\wylsctywh.exe"
        37⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1660
        
        C:\Windows\SysWOW64\wutnh.exe
        
        "C:\Windows\system32\wutnh.exe"
        38⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:380
        
        C:\Windows\SysWOW64\wrhjwbrn.exe
        
        "C:\Windows\system32\wrhjwbrn.exe"
        39⤵
        Executes dropped EXE
        
        PID:692
        
        C:\Windows\SysWOW64\wujqyra.exe
        
        "C:\Windows\system32\wujqyra.exe"
        40⤵
        Executes dropped EXE
        
        PID:1528
        
        C:\Windows\SysWOW64\wpqmdyd.exe
        
        "C:\Windows\system32\wpqmdyd.exe"
        41⤵
        Executes dropped EXE
        
        PID:2708
        
        C:\Windows\SysWOW64\wrtteqk.exe
        
        "C:\Windows\system32\wrtteqk.exe"
        42⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2124
        
        C:\Windows\SysWOW64\wuuafi.exe
        
        "C:\Windows\system32\wuuafi.exe"
        43⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2240
        
        C:\Windows\SysWOW64\wxjsma.exe
        
        "C:\Windows\system32\wxjsma.exe"
        44⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2116
        
        C:\Windows\SysWOW64\wylbm.exe
        
        "C:\Windows\system32\wylbm.exe"
        45⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2064
        
        C:\Windows\SysWOW64\whmef.exe
        
        "C:\Windows\system32\whmef.exe"
        46⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1772
        
        C:\Windows\SysWOW64\wnbsej.exe
        
        "C:\Windows\system32\wnbsej.exe"
        47⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2172
        
        C:\Windows\SysWOW64\wms.exe
        
        "C:\Windows\system32\wms.exe"
        48⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1444
        
        C:\Windows\SysWOW64\wpt.exe
        
        "C:\Windows\system32\wpt.exe"
        49⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1160
        
        C:\Windows\SysWOW64\wwwfai.exe
        
        "C:\Windows\system32\wwwfai.exe"
        50⤵
        Executes dropped EXE
        
        PID:1536
        
        C:\Windows\SysWOW64\wuyrj.exe
        
        "C:\Windows\system32\wuyrj.exe"
        51⤵
        Executes dropped EXE
        
        PID:2220
        
        C:\Windows\SysWOW64\wbleir.exe
        
        "C:\Windows\system32\wbleir.exe"
        52⤵
        Executes dropped EXE
        
        PID:2660
        
        C:\Windows\SysWOW64\wjnibb.exe
        
        "C:\Windows\system32\wjnibb.exe"
        53⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2464
        
        C:\Windows\SysWOW64\wlffu.exe
        
        "C:\Windows\system32\wlffu.exe"
        54⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2316
        
        C:\Windows\SysWOW64\wnsxcjka.exe
        
        "C:\Windows\system32\wnsxcjka.exe"
        55⤵
        Executes dropped EXE
        
        PID:1776
        
        C:\Windows\SysWOW64\wrjuwag.exe
        
        "C:\Windows\system32\wrjuwag.exe"
        56⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:264
        
        C:\Windows\SysWOW64\wsldvq.exe
        
        "C:\Windows\system32\wsldvq.exe"
        57⤵
        Executes dropped EXE
        
        PID:1876
        
        C:\Windows\SysWOW64\wwokxh.exe
        
        "C:\Windows\system32\wwokxh.exe"
        58⤵
        Executes dropped EXE
        
        PID:3036
        
        C:\Windows\SysWOW64\wur.exe
        
        "C:\Windows\system32\wur.exe"
        59⤵
        Executes dropped EXE
        
        PID:1988
        
        C:\Windows\SysWOW64\wfehw.exe
        
        "C:\Windows\system32\wfehw.exe"
        60⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1160
        
        C:\Windows\SysWOW64\wlquvt.exe
        
        "C:\Windows\system32\wlquvt.exe"
        61⤵
        Executes dropped EXE
        
        PID:1376
        
        C:\Windows\SysWOW64\wptcwjcgn.exe
        
        "C:\Windows\system32\wptcwjcgn.exe"
        62⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2664
        
        C:\Windows\SysWOW64\wjaw.exe
        
        "C:\Windows\system32\wjaw.exe"
        63⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:340
        
        C:\Windows\SysWOW64\wvxryrrf.exe
        
        "C:\Windows\system32\wvxryrrf.exe"
        64⤵
        Executes dropped EXE
        
        PID:1564
        
        C:\Windows\SysWOW64\woqwjagy.exe
        
        "C:\Windows\system32\woqwjagy.exe"
        65⤵
        Executes dropped EXE
        
        PID:2940
        
        C:\Windows\SysWOW64\wewocc.exe
        
        "C:\Windows\system32\wewocc.exe"
        66⤵
        
        PID:1104
        
        C:\Windows\SysWOW64\wmueet.exe
        
        "C:\Windows\system32\wmueet.exe"
        67⤵
        
        PID:1876
        
        C:\Windows\SysWOW64\wshrcdf.exe
        
        "C:\Windows\system32\wshrcdf.exe"
        68⤵
        
        PID:2680
        
        C:\Windows\SysWOW64\wfouybcd.exe
        
        "C:\Windows\system32\wfouybcd.exe"
        69⤵
        
        PID:2108
        
        C:\Windows\SysWOW64\wedhnj.exe
        
        "C:\Windows\system32\wedhnj.exe"
        70⤵
        
        PID:2548
        
        C:\Windows\SysWOW64\wxhvetc.exe
        
        "C:\Windows\system32\wxhvetc.exe"
        71⤵
        
        PID:2616
        
        C:\Windows\SysWOW64\wcpgtiq.exe
        
        "C:\Windows\system32\wcpgtiq.exe"
        72⤵
        Drops file in System32 directory
        
        PID:1672
        
        C:\Windows\SysWOW64\wnirvg.exe
        
        "C:\Windows\system32\wnirvg.exe"
        73⤵
        Drops file in System32 directory
        
        PID:1112
        
        C:\Windows\SysWOW64\wqsbjv.exe
        
        "C:\Windows\system32\wqsbjv.exe"
        74⤵
        
        PID:264
        
        C:\Windows\SysWOW64\wglkemadu.exe
        
        "C:\Windows\system32\wglkemadu.exe"
        75⤵
        
        PID:2588
        
        C:\Windows\SysWOW64\wxtj.exe
        
        "C:\Windows\system32\wxtj.exe"
        76⤵
        
        PID:692
        
        C:\Windows\SysWOW64\woosrve.exe
        
        "C:\Windows\system32\woosrve.exe"
        77⤵
        
        PID:2284
        
        C:\Windows\SysWOW64\wbvtntal.exe
        
        "C:\Windows\system32\wbvtntal.exe"
        78⤵
        
        PID:848
        
        C:\Windows\SysWOW64\wroe.exe
        
        "C:\Windows\system32\wroe.exe"
        79⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\wexgei.exe
        
        "C:\Windows\system32\wexgei.exe"
        80⤵
        
        PID:872
        
        C:\Windows\SysWOW64\wodbogcux.exe
        
        "C:\Windows\system32\wodbogcux.exe"
        81⤵
        Drops file in System32 directory
        
        PID:1032
        
        C:\Windows\SysWOW64\wbkfkfa.exe
        
        "C:\Windows\system32\wbkfkfa.exe"
        82⤵
        Drops file in System32 directory
        
        PID:1504
        
        C:\Windows\SysWOW64\wqdmfv.exe
        
        "C:\Windows\system32\wqdmfv.exe"
        83⤵
        
        PID:792
        
        C:\Windows\SysWOW64\wxpcegh.exe
        
        "C:\Windows\system32\wxpcegh.exe"
        84⤵
        
        PID:2636
        
        C:\Windows\SysWOW64\wesfvort.exe
        
        "C:\Windows\system32\wesfvort.exe"
        85⤵
        
        PID:2944
        
        C:\Windows\SysWOW64\wmtinxdu.exe
        
        "C:\Windows\system32\wmtinxdu.exe"
        86⤵
        
        PID:2676
        
        C:\Windows\SysWOW64\wsgwmgale.exe
        
        "C:\Windows\system32\wsgwmgale.exe"
        87⤵
        
        PID:2532
        
        C:\Windows\SysWOW64\wvjfowh.exe
        
        "C:\Windows\system32\wvjfowh.exe"
        88⤵
        
        PID:972
        
        C:\Windows\SysWOW64\wubgqvyit.exe
        
        "C:\Windows\system32\wubgqvyit.exe"
        89⤵
        
        PID:2020
        
        C:\Windows\SysWOW64\wcnupg.exe
        
        "C:\Windows\system32\wcnupg.exe"
        90⤵
        
        PID:3012
        
        C:\Windows\SysWOW64\wipxio.exe
        
        "C:\Windows\system32\wipxio.exe"
        91⤵
        
        PID:1692
        
        C:\Windows\SysWOW64\wkrghh.exe
        
        "C:\Windows\system32\wkrghh.exe"
        92⤵
        
        PID:1536
        
        C:\Windows\SysWOW64\wntmjxvbe.exe
        
        "C:\Windows\system32\wntmjxvbe.exe"
        93⤵
        
        PID:1320
        
        C:\Windows\SysWOW64\wlm.exe
        
        "C:\Windows\system32\wlm.exe"
        94⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\wpovmo.exe
        
        "C:\Windows\system32\wpovmo.exe"
        95⤵
        
        PID:892
        
        C:\Windows\SysWOW64\wirlfvv.exe
        
        "C:\Windows\system32\wirlfvv.exe"
        96⤵
        
        PID:2376
        
        C:\Windows\SysWOW64\wltsfn.exe
        
        "C:\Windows\system32\wltsfn.exe"
        97⤵
        Drops file in System32 directory
        
        PID:772
        
        C:\Windows\SysWOW64\wolqa.exe
        
        "C:\Windows\system32\wolqa.exe"
        98⤵
        
        PID:2824
        
        C:\Windows\SysWOW64\wqyigvrrl.exe
        
        "C:\Windows\system32\wqyigvrrl.exe"
        99⤵
        
        PID:1876
        
        C:\Windows\SysWOW64\wqpjju.exe
        
        "C:\Windows\system32\wqpjju.exe"
        100⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\wssrkmsm.exe
        
        "C:\Windows\system32\wssrkmsm.exe"
        101⤵
        Drops file in System32 directory
        
        PID:1592
        
        C:\Windows\SysWOW64\wefbans.exe
        
        "C:\Windows\system32\wefbans.exe"
        102⤵
        
        PID:2716
        
        C:\Windows\SysWOW64\whwmbaq.exe
        
        "C:\Windows\system32\whwmbaq.exe"
        103⤵
        
        PID:2516
        
        C:\Windows\SysWOW64\woxrtjb.exe
        
        "C:\Windows\system32\woxrtjb.exe"
        104⤵
        Drops file in System32 directory
        
        PID:1788
        
        C:\Windows\SysWOW64\wnbcdj.exe
        
        "C:\Windows\system32\wnbcdj.exe"
        105⤵
        
        PID:264
        
        C:\Windows\SysWOW64\wudgvs.exe
        
        "C:\Windows\system32\wudgvs.exe"
        106⤵
        
        PID:1652
        
        C:\Windows\SysWOW64\wbfknb.exe
        
        "C:\Windows\system32\wbfknb.exe"
        107⤵
        Drops file in System32 directory
        
        PID:2592
        
        C:\Windows\SysWOW64\wlbej.exe
        
        "C:\Windows\system32\wlbej.exe"
        108⤵
        Drops file in System32 directory
        
        PID:2552
        
        C:\Windows\SysWOW64\wosdesi.exe
        
        "C:\Windows\system32\wosdesi.exe"
        109⤵
        Drops file in System32 directory
        
        PID:2728
        
        C:\Windows\SysWOW64\wvgqdcdl.exe
        
        "C:\Windows\system32\wvgqdcdl.exe"
        110⤵
        Drops file in System32 directory
        
        PID:1592
        
        C:\Windows\SysWOW64\wchvulpo.exe
        
        "C:\Windows\system32\wchvulpo.exe"
        111⤵
        
        PID:1856
        
        C:\Windows\SysWOW64\wbkgfks.exe
        
        "C:\Windows\system32\wbkgfks.exe"
        112⤵
        Drops file in System32 directory
        
        PID:2840
        
        C:\Windows\SysWOW64\wnmgoki.exe
        
        "C:\Windows\system32\wnmgoki.exe"
        113⤵
        
        PID:1788
        
        C:\Windows\SysWOW64\wlorxk.exe
        
        "C:\Windows\system32\wlorxk.exe"
        114⤵
        
        PID:2644
        
        C:\Windows\SysWOW64\wrqvos.exe
        
        "C:\Windows\system32\wrqvos.exe"
        115⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\wqthytab.exe
        
        "C:\Windows\system32\wqthytab.exe"
        116⤵
        
        PID:692
        
        C:\Windows\SysWOW64\wxvkqcld.exe
        
        "C:\Windows\system32\wxvkqcld.exe"
        117⤵
        
        PID:408
        
        C:\Windows\SysWOW64\wewpjlwf.exe
        
        "C:\Windows\system32\wewpjlwf.exe"
        118⤵
        
        PID:1280
        
        C:\Windows\SysWOW64\whkgrdoh.exe
        
        "C:\Windows\system32\whkgrdoh.exe"
        119⤵
        
        PID:760
        
        C:\Windows\SysWOW64\wkooqtv.exe
        
        "C:\Windows\system32\wkooqtv.exe"
        120⤵
        Drops file in System32 directory
        
        PID:664
        
        C:\Windows\SysWOW64\wfu.exe
        
        "C:\Windows\system32\wfu.exe"
        121⤵
        
        PID:2000
        
        C:\Windows\SysWOW64\whhaetr.exe
        
        "C:\Windows\system32\whhaetr.exe"
        122⤵
        Drops file in System32 directory
        
        PID:1404
        
        C:\Windows\SysWOW64\wjyxxk.exe
        
        "C:\Windows\system32\wjyxxk.exe"
        123⤵
        
        PID:1416
        
        C:\Windows\SysWOW64\wmmpfc.exe
        
        "C:\Windows\system32\wmmpfc.exe"
        124⤵
        
        PID:3020
        
        C:\Windows\SysWOW64\wler.exe
        
        "C:\Windows\system32\wler.exe"
        125⤵
        
        PID:2584
        
        C:\Windows\SysWOW64\wkhcrbegy.exe
        
        "C:\Windows\system32\wkhcrbegy.exe"
        126⤵
        
        PID:684
        
        C:\Windows\SysWOW64\wpuqqk.exe
        
        "C:\Windows\system32\wpuqqk.exe"
        127⤵
        
        PID:708
        
        C:\Windows\SysWOW64\wxvuisl.exe
        
        "C:\Windows\system32\wxvuisl.exe"
        128⤵
        
        PID:2400
        
        C:\Windows\SysWOW64\wyacjk.exe
        
        "C:\Windows\system32\wyacjk.exe"
        129⤵
        
        PID:2216
        
        C:\Windows\SysWOW64\wxcotkvj.exe
        
        "C:\Windows\system32\wxcotkvj.exe"
        130⤵
        
        PID:2780
        
        C:\Windows\SysWOW64\whn.exe
        
        "C:\Windows\system32\whn.exe"
        131⤵
        Drops file in System32 directory
        
        PID:848
        
        C:\Windows\SysWOW64\wjqaps.exe
        
        "C:\Windows\system32\wjqaps.exe"
        132⤵
        
        PID:1896
        
        C:\Windows\SysWOW64\wtmumuuy.exe
        
        "C:\Windows\system32\wtmumuuy.exe"
        133⤵
        
        PID:2172
        
        C:\Windows\SysWOW64\wjbprtox.exe
        
        "C:\Windows\system32\wjbprtox.exe"
        134⤵
        
        PID:1280
        
        C:\Windows\SysWOW64\wbjnfk.exe
        
        "C:\Windows\system32\wbjnfk.exe"
        135⤵
        Drops file in System32 directory
        
        PID:1256
        
        C:\Windows\SysWOW64\wlxlrrdxj.exe
        
        "C:\Windows\system32\wlxlrrdxj.exe"
        136⤵
        
        PID:3012
        
        C:\Windows\SysWOW64\wjlkap.exe
        
        "C:\Windows\system32\wjlkap.exe"
        137⤵
        
        PID:1040
        
        C:\Windows\SysWOW64\wrigwv.exe
        
        "C:\Windows\system32\wrigwv.exe"
        138⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\wycvjegb.exe
        
        "C:\Windows\system32\wycvjegb.exe"
        139⤵
        
        PID:2672
        
        C:\Windows\SysWOW64\wpvfdtsg.exe
        
        "C:\Windows\system32\wpvfdtsg.exe"
        140⤵
        Drops file in System32 directory
        
        PID:1528
        
        C:\Windows\SysWOW64\woypn.exe
        
        "C:\Windows\system32\woypn.exe"
        141⤵
        
        PID:1240
        
        C:\Windows\SysWOW64\wfgoaivt.exe
        
        "C:\Windows\system32\wfgoaivt.exe"
        142⤵
        
        PID:1644
        
        C:\Windows\SysWOW64\wykds.exe
        
        "C:\Windows\system32\wykds.exe"
        143⤵
        
        PID:2892
        
        C:\Windows\SysWOW64\wodln.exe
        
        "C:\Windows\system32\wodln.exe"
        144⤵
        Drops file in System32 directory
        
        PID:2088
        
        C:\Windows\SysWOW64\wjvqap.exe
        
        "C:\Windows\system32\wjvqap.exe"
        145⤵
        
        PID:2208
        
        C:\Windows\SysWOW64\whsntyi.exe
        
        "C:\Windows\system32\whsntyi.exe"
        146⤵
        
        PID:848
        
        C:\Windows\SysWOW64\wkvvup.exe
        
        "C:\Windows\system32\wkvvup.exe"
        147⤵
        Drops file in System32 directory
        
        PID:1560
        
        C:\Windows\SysWOW64\wnxdvh.exe
        
        "C:\Windows\system32\wnxdvh.exe"
        148⤵
        Drops file in System32 directory
        
        PID:1156
        
        C:\Windows\SysWOW64\wqoap.exe
        
        "C:\Windows\system32\wqoap.exe"
        149⤵
        
        PID:2620
        
        C:\Windows\SysWOW64\wvcnnhoiy.exe
        
        "C:\Windows\system32\wvcnnhoiy.exe"
        150⤵
        
        PID:2888
        
        C:\Windows\SysWOW64\weerfpbjk.exe
        
        "C:\Windows\system32\weerfpbjk.exe"
        151⤵
        Drops file in System32 directory
        
        PID:1320
        
        C:\Windows\SysWOW64\wfrko.exe
        
        "C:\Windows\system32\wfrko.exe"
        152⤵
        
        PID:2216
        
        C:\Windows\SysWOW64\wrrkwig.exe
        
        "C:\Windows\system32\wrrkwig.exe"
        153⤵
        
        PID:1432
        
        C:\Windows\SysWOW64\wxfyurd.exe
        
        "C:\Windows\system32\wxfyurd.exe"
        154⤵
        
        PID:2536
        
        C:\Windows\SysWOW64\wfhdnbp.exe
        
        "C:\Windows\system32\wfhdnbp.exe"
        155⤵
        
        PID:2960
        
        C:\Windows\SysWOW64\wixahqltv.exe
        
        "C:\Windows\system32\wixahqltv.exe"
        156⤵
        
        PID:1928
        
        C:\Windows\SysWOW64\wlbiiitgp.exe
        
        "C:\Windows\system32\wlbiiitgp.exe"
        157⤵
        
        PID:2336
        
        C:\Windows\SysWOW64\woeoiyas.exe
        
        "C:\Windows\system32\woeoiyas.exe"
        158⤵
        
        PID:876
        
        C:\Windows\SysWOW64\wxakgbl.exe
        
        "C:\Windows\system32\wxakgbl.exe"
        159⤵
        
        PID:2560
        
        C:\Windows\SysWOW64\wxslibevp.exe
        
        "C:\Windows\system32\wxslibevp.exe"
        160⤵
        
        PID:1672
        
        C:\Windows\SysWOW64\weupbjox.exe
        
        "C:\Windows\system32\weupbjox.exe"
        161⤵
        
        PID:1232
        
        C:\Windows\SysWOW64\wlicy.exe
        
        "C:\Windows\system32\wlicy.exe"
        162⤵
        
        PID:2308
        
        C:\Windows\SysWOW64\woyasjg.exe
        
        "C:\Windows\system32\woyasjg.exe"
        163⤵
        Drops file in System32 directory
        
        PID:2936
        
        C:\Windows\SysWOW64\wmbmdi.exe
        
        "C:\Windows\system32\wmbmdi.exe"
        164⤵
        Drops file in System32 directory
        
        PID:1644
        
        C:\Windows\SysWOW64\woodk.exe
        
        "C:\Windows\system32\woodk.exe"
        165⤵
        Drops file in System32 directory
        
        PID:2628
        
        C:\Windows\SysWOW64\wrrml.exe
        
        "C:\Windows\system32\wrrml.exe"
        166⤵
        
        PID:3024
        
        C:\Windows\SysWOW64\wpjmor.exe
        
        "C:\Windows\system32\wpjmor.exe"
        167⤵
        Drops file in System32 directory
        
        PID:340
        
        C:\Windows\SysWOW64\wpcorpvr.exe
        
        "C:\Windows\system32\wpcorpvr.exe"
        168⤵
        
        PID:2608
        
        C:\Windows\SysWOW64\wbnxhq.exe
        
        "C:\Windows\system32\wbnxhq.exe"
        169⤵
        
        PID:2256
        
        C:\Windows\SysWOW64\whamfbr.exe
        
        "C:\Windows\system32\whamfbr.exe"
        170⤵
        
        PID:540
        
        C:\Windows\SysWOW64\wkrkaqoly.exe
        
        "C:\Windows\system32\wkrkaqoly.exe"
        171⤵
        
        PID:792
        
        C:\Windows\SysWOW64\wngch.exe
        
        "C:\Windows\system32\wngch.exe"
        172⤵
        Drops file in System32 directory
        
        PID:948
        
        C:\Windows\SysWOW64\wohkibob.exe
        
        "C:\Windows\system32\wohkibob.exe"
        173⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\wattxc.exe
        
        "C:\Windows\system32\wattxc.exe"
        174⤵
        Drops file in System32 directory
        
        PID:2352
        
        C:\Windows\SysWOW64\wguxql.exe
        
        "C:\Windows\system32\wguxql.exe"
        175⤵
        
        PID:1720
        
        C:\Windows\SysWOW64\wcodcsn.exe
        
        "C:\Windows\system32\wcodcsn.exe"
        176⤵
        Drops file in System32 directory
        
        PID:324
        
        C:\Windows\SysWOW64\wjbrbbj.exe
        
        "C:\Windows\system32\wjbrbbj.exe"
        177⤵
        
        PID:2380
        
        C:\Windows\SysWOW64\wkdxbs.exe
        
        "C:\Windows\system32\wkdxbs.exe"
        178⤵
        Drops file in System32 directory
        
        PID:1620
        
        C:\Windows\SysWOW64\wotuvj.exe
        
        "C:\Windows\system32\wotuvj.exe"
        179⤵
        
        PID:1040
        
        C:\Windows\SysWOW64\wuhkus.exe
        
        "C:\Windows\system32\wuhkus.exe"
        180⤵
        
        PID:2440
        
        C:\Windows\SysWOW64\wwjsuk.exe
        
        "C:\Windows\system32\wwjsuk.exe"
        181⤵
        Drops file in System32 directory
        
        PID:1572
        
        C:\Windows\SysWOW64\wwmdekv.exe
        
        "C:\Windows\system32\wwmdekv.exe"
        182⤵
        Drops file in System32 directory
        
        PID:2148
        
        C:\Windows\SysWOW64\whneojkv.exe
        
        "C:\Windows\system32\whneojkv.exe"
        183⤵
        Drops file in System32 directory
        
        PID:2020
        
        C:\Windows\SysWOW64\wbqsgs.exe
        
        "C:\Windows\system32\wbqsgs.exe"
        184⤵
        
        PID:2680
        
        C:\Windows\SysWOW64\wajtjrd.exe
        
        "C:\Windows\system32\wajtjrd.exe"
        185⤵
        Drops file in System32 directory
        
        PID:2776
        
        C:\Windows\SysWOW64\wdlcjjk.exe
        
        "C:\Windows\system32\wdlcjjk.exe"
        186⤵
        Drops file in System32 directory
        
        PID:1424
        
        C:\Windows\SysWOW64\wfokla.exe
        
        "C:\Windows\system32\wfokla.exe"
        187⤵
        
        PID:2304
        
        C:\Windows\SysWOW64\wiprl.exe
        
        "C:\Windows\system32\wiprl.exe"
        188⤵
        
        PID:2656
        
        C:\Windows\SysWOW64\wqrud.exe
        
        "C:\Windows\system32\wqrud.exe"
        189⤵
        Drops file in System32 directory
        
        PID:1800
        
        C:\Windows\SysWOW64\wnjvga.exe
        
        "C:\Windows\system32\wnjvga.exe"
        190⤵
        
        PID:1056
        
        C:\Windows\SysWOW64\wyuhwbcss.exe
        
        "C:\Windows\system32\wyuhwbcss.exe"
        191⤵
        
        PID:684
        
        C:\Windows\SysWOW64\wcyowrke.exe
        
        "C:\Windows\system32\wcyowrke.exe"
        192⤵
        
        PID:3040
        
        C:\Windows\SysWOW64\wfbvxjs.exe
        
        "C:\Windows\system32\wfbvxjs.exe"
        193⤵
        
        PID:2944
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wcyowrke.exe"
        193⤵
        
        PID:1216
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wyuhwbcss.exe"
        192⤵
        
        PID:2680
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnjvga.exe"
        191⤵
        
        PID:2124
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqrud.exe"
        190⤵
        
        PID:2148
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wiprl.exe"
        189⤵
        
        PID:2916
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfokla.exe"
        188⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdlcjjk.exe"
        187⤵
        
        PID:2880
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wajtjrd.exe"
        186⤵
        
        PID:792
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbqsgs.exe"
        185⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whneojkv.exe"
        184⤵
        
        PID:2576
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwmdekv.exe"
        183⤵
        
        PID:2128
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwjsuk.exe"
        182⤵
        
        PID:2672
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wuhkus.exe"
        181⤵
        
        PID:824
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wotuvj.exe"
        180⤵
        
        PID:2628
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkdxbs.exe"
        179⤵
        
        PID:1928
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjbrbbj.exe"
        178⤵
        
        PID:2516
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wcodcsn.exe"
        177⤵
        
        PID:2468
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wguxql.exe"
        176⤵
        
        PID:1952
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wattxc.exe"
        175⤵
        
        PID:2684
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wohkibob.exe"
        174⤵
        
        PID:1740
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wngch.exe"
        173⤵
        
        PID:1652
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkrkaqoly.exe"
        172⤵
        
        PID:1516
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whamfbr.exe"
        171⤵
        
        PID:556
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbnxhq.exe"
        170⤵
        
        PID:2960
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpcorpvr.exe"
        169⤵
        
        PID:2032
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpjmor.exe"
        168⤵
        
        PID:1616
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrrml.exe"
        167⤵
        
        PID:2656
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\woodk.exe"
        166⤵
        
        PID:1416
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmbmdi.exe"
        165⤵
        
        PID:1404
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\woyasjg.exe"
        164⤵
        
        PID:556
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlicy.exe"
        163⤵
        
        PID:2960
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\weupbjox.exe"
        162⤵
        
        PID:2032
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxslibevp.exe"
        161⤵
        
        PID:1432
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxakgbl.exe"
        160⤵
        
        PID:332
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\woeoiyas.exe"
        159⤵
        
        PID:1652
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlbiiitgp.exe"
        158⤵
        
        PID:2588
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wixahqltv.exe"
        157⤵
        
        PID:1692
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfhdnbp.exe"
        156⤵
        
        PID:1444
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxfyurd.exe"
        155⤵
        
        PID:2948
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrrkwig.exe"
        154⤵
        
        PID:1376
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfrko.exe"
        153⤵
        
        PID:2344
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\weerfpbjk.exe"
        152⤵
        
        PID:2240
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvcnnhoiy.exe"
        151⤵
        
        PID:552
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqoap.exe"
        150⤵
        
        PID:2884
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnxdvh.exe"
        149⤵
        
        PID:540
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkvvup.exe"
        148⤵
        
        PID:2256
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whsntyi.exe"
        147⤵
        
        PID:1896
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjvqap.exe"
        146⤵
        
        PID:2916
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wodln.exe"
        145⤵
        
        PID:2704
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wykds.exe"
        144⤵
        
        PID:2420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 784
        144⤵
        Program crash
        
        PID:2392
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfgoaivt.exe"
        143⤵
        
        PID:2544
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\woypn.exe"
        142⤵
        
        PID:3040
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpvfdtsg.exe"
        141⤵
        
        PID:1972
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wycvjegb.exe"
        140⤵
        
        PID:2656
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrigwv.exe"
        139⤵
        
        PID:2616
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjlkap.exe"
        138⤵
        
        PID:1412
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlxlrrdxj.exe"
        137⤵
        
        PID:1632
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbjnfk.exe"
        136⤵
        
        PID:2376
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjbprtox.exe"
        135⤵
        
        PID:760
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtmumuuy.exe"
        134⤵
        
        PID:2596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 180
        134⤵
        Program crash
        
        PID:1856
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjqaps.exe"
        133⤵
        
        PID:2404
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whn.exe"
        132⤵
        
        PID:2536
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxcotkvj.exe"
        131⤵
        
        PID:1116
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wyacjk.exe"
        130⤵
        
        PID:1956
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxvuisl.exe"
        129⤵
        
        PID:2580
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpuqqk.exe"
        128⤵
        
        PID:2776
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkhcrbegy.exe"
        127⤵
        
        PID:1512
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wler.exe"
        126⤵
        
        PID:2148
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmmpfc.exe"
        125⤵
        
        PID:496
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjyxxk.exe"
        124⤵
        
        PID:1220
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whhaetr.exe"
        123⤵
        
        PID:2644
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfu.exe"
        122⤵
        
        PID:1788
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkooqtv.exe"
        121⤵
        
        PID:2840
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whkgrdoh.exe"
        120⤵
        
        PID:2740
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wewpjlwf.exe"
        119⤵
        
        PID:788
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxvkqcld.exe"
        118⤵
        
        PID:2716
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqthytab.exe"
        117⤵
        
        PID:1624
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrqvos.exe"
        116⤵
        
        PID:2560
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlorxk.exe"
        115⤵
        
        PID:2328
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnmgoki.exe"
        114⤵
        
        PID:2572
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbkgfks.exe"
        113⤵
        
        PID:2228
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wchvulpo.exe"
        112⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvgqdcdl.exe"
        111⤵
        
        PID:2640
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wosdesi.exe"
        110⤵
        
        PID:1252
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlbej.exe"
        109⤵
        
        PID:2212
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbfknb.exe"
        108⤵
        
        PID:2288
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wudgvs.exe"
        107⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnbcdj.exe"
        106⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\woxrtjb.exe"
        105⤵
        
        PID:2740
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whwmbaq.exe"
        104⤵
        
        PID:3032
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wefbans.exe"
        103⤵
        
        PID:680
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wssrkmsm.exe"
        102⤵
        
        PID:2208
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqpjju.exe"
        101⤵
        
        PID:1220
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqyigvrrl.exe"
        100⤵
        
        PID:3036
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wolqa.exe"
        99⤵
        
        PID:2780
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wltsfn.exe"
        98⤵
        
        PID:1952
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wirlfvv.exe"
        97⤵
        
        PID:1972
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpovmo.exe"
        96⤵
        
        PID:1232
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlm.exe"
        95⤵
        
        PID:1552
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wntmjxvbe.exe"
        94⤵
        
        PID:1280
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkrghh.exe"
        93⤵
        
        PID:2428
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wipxio.exe"
        92⤵
        
        PID:2672
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wcnupg.exe"
        91⤵
        
        PID:2480
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wubgqvyit.exe"
        90⤵
        
        PID:2884
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvjfowh.exe"
        89⤵
        
        PID:1992
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wsgwmgale.exe"
        88⤵
        
        PID:2000
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmtinxdu.exe"
        87⤵
        
        PID:1460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 180
        87⤵
        Program crash
        
        PID:1556
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wesfvort.exe"
        86⤵
        
        PID:2348
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxpcegh.exe"
        85⤵
        
        PID:2428
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqdmfv.exe"
        84⤵
        
        PID:112
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbkfkfa.exe"
        83⤵
        
        PID:2904
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wodbogcux.exe"
        82⤵
        
        PID:2788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 180
        82⤵
        Program crash
        
        PID:2956
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wexgei.exe"
        81⤵
        
        PID:1560
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wroe.exe"
        80⤵
        
        PID:1588
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbvtntal.exe"
        79⤵
        
        PID:1744
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\woosrve.exe"
        78⤵
        
        PID:1248
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxtj.exe"
        77⤵
        
        PID:1516
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wglkemadu.exe"
        76⤵
        
        PID:2632
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqsbjv.exe"
        75⤵
        
        PID:792
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnirvg.exe"
        74⤵
        
        PID:540
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wcpgtiq.exe"
        73⤵
        
        PID:1804
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxhvetc.exe"
        72⤵
        
        PID:1056
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wedhnj.exe"
        71⤵
        
        PID:1568
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfouybcd.exe"
        70⤵
        
        PID:2504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 180
        70⤵
        Program crash
        
        PID:2320
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wshrcdf.exe"
        69⤵
        
        PID:2564
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmueet.exe"
        68⤵
        
        PID:2984
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wewocc.exe"
        67⤵
        
        PID:2900
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\woqwjagy.exe"
        66⤵
        
        PID:1436
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvxryrrf.exe"
        65⤵
        
        PID:664
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjaw.exe"
        64⤵
        
        PID:484
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wptcwjcgn.exe"
        63⤵
        
        PID:2328
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlquvt.exe"
        62⤵
        
        PID:684
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfehw.exe"
        61⤵
        
        PID:2448
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wur.exe"
        60⤵
        
        PID:2544
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwokxh.exe"
        59⤵
        
        PID:2580
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wsldvq.exe"
        58⤵
        
        PID:2524
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrjuwag.exe"
        57⤵
        
        PID:1104
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnsxcjka.exe"
        56⤵
        
        PID:2620
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlffu.exe"
        55⤵
        
        PID:1740
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjnibb.exe"
        54⤵
        
        PID:2528
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbleir.exe"
        53⤵
        
        PID:1792
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wuyrj.exe"
        52⤵
        
        PID:2996
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwwfai.exe"
        51⤵
        
        PID:2944
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpt.exe"
        50⤵
        
        PID:2680
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wms.exe"
        49⤵
        
        PID:1632
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnbsej.exe"
        48⤵
        
        PID:2100
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whmef.exe"
        47⤵
        
        PID:1228
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wylbm.exe"
        46⤵
        
        PID:2264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 852
        46⤵
        Program crash
        
        PID:2252
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxjsma.exe"
        45⤵
        
        PID:2040
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wuuafi.exe"
        44⤵
        
        PID:1572
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrtteqk.exe"
        43⤵
        
        PID:2868
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpqmdyd.exe"
        42⤵
        
        PID:2856
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wujqyra.exe"
        41⤵
        
        PID:2656
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrhjwbrn.exe"
        40⤵
        
        PID:2312
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wutnh.exe"
        39⤵
        
        PID:1928
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wylsctywh.exe"
        38⤵
        
        PID:896
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwwcub.exe"
        37⤵
        
        PID:2404
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtgebkk.exe"
        36⤵
        
        PID:768
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wikie.exe"
        35⤵
        
        PID:2188
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdifm.exe"
        34⤵
        
        PID:1248
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\weffta.exe"
        33⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wusueyll.exe"
        32⤵
        
        PID:2848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 180
        32⤵
        Program crash
        
        PID:2736
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wng.exe"
        31⤵
        
        PID:2516
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wged.exe"
        30⤵
        
        PID:1652
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\waqonxi.exe"
        29⤵
        
        PID:2292
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfjsjqd.exe"
        28⤵
        
        PID:2276
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whhiy.exe"
        27⤵
        
        PID:348
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wyfehinx.exe"
        26⤵
        
        PID:2192
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\woijlg.exe"
        25⤵
        
        PID:2532
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whffs.exe"
        24⤵
        
        PID:344
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfexsf.exe"
        23⤵
        
        PID:1344
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgam.exe"
        22⤵
        
        PID:2476
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wii.exe"
        21⤵
        
        PID:2624
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjga.exe"
        20⤵
        
        PID:2636
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkdomh.exe"
        19⤵
        
        PID:2824
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\weckux.exe"
        18⤵
        
        PID:832
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwahcp.exe"
        17⤵
        
        PID:1600
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtw.exe"
        16⤵
        
        PID:892
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwunr.exe"
        15⤵
        
        PID:1244
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwqciyw.exe"
        14⤵
        
        PID:1784
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgjd.exe"
        13⤵
        
        PID:1788
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmqyich.exe"
        12⤵
        
        PID:1460
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbmc.exe"
        11⤵
        
        PID:2600
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmtt.exe"
        10⤵
        
        PID:2576
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whvtx.exe"
        9⤵
        
        PID:1052
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wndomqie.exe"
        8⤵
        
        PID:1328
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wsrxgk.exe"
        7⤵
        
        PID:1092
      - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxbtuc.exe"
        6⤵
        
        PID:1932
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmg.exe"
        5⤵
        
        PID:1552
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wuyuw.exe"
      4⤵
      PID:1788
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgvnny.exe"
    3⤵
    PID:2852
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c del "C:\Users\Admin\AppData\Local\Temp\091213e24bafc8bfbe4558f92bc5dd20_NeikiAnalytics.exe"
  2⤵
  - Deletes itself
  PID:2688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\4SU9U0TV.txt

Filesize
98B

MD5
08fd96ca11d55ded4c59231b635e26f6

SHA1
17e466ab712761137f58014393eb732e0cca154d

SHA256
5e010c2bfab737816c1c546033783e5be0f72dac3d8cb98db47c5b10a29f88b1

SHA512
778a8411aece989083d82be5213be9b10ce112817df018ee79f770db800e036d06e7f69299c783ac12a9414e418b1b56934d2de17fb2184bd4e6610083deca93

Download Submit
\Windows\SysWOW64\wbmc.exe

Filesize
92KB

MD5
265369ddb35eb6e26d57030fabfd50c6

SHA1
369cd09f5087cdcd47847d8883e82284a4c28dd3

SHA256
ddbc574745a35dc8fae0ba8ca0e8d2ef3727b08bad112e6816cb7e56b2abae35

SHA512
0580f51bbf347f08a407d3e9a5c2b038ac434bc8dea9e8855f218d048bab9c69e37e785646cd37a62e140fd1c1523c184ae3b98bdd6d83b8428817cd107218c6

Download Submit
\Windows\SysWOW64\wgjd.exe

Filesize
92KB

MD5
e6e6f6658e91a15a45a09e3c8efee5fb

SHA1
6b8263f2d7582fb75ba537e3c394b7eb57cf527d

SHA256
217f9c9a13fd89d78ab6d00b6ff106a2648ed63955258b364e2947c55659dd9f

SHA512
030093e1bb9d2efba642284defa71dc985a58748a483f1e198877c55ccff0c0fe77de84496cbfe76c129c29e53a2dba1cfd5e0dcc7e166fd37ab4f88db20ae25

Download Submit
\Windows\SysWOW64\wgvnny.exe

Filesize
92KB

MD5
17604f65cc797c09cc47b99b0c4ce0e1

SHA1
1cd0b218ea7935dea69dea9e47cd37ed4a782c1b

SHA256
7b40c1e189e370a11516fae7d457c5c4c616463d6d7cbd68c01e1361ec539c45

SHA512
59066cd005b4192d298a06632947e501cfc950a6c0f62db6d0e48ee618de6c6cfcd1da1dfa8ea321c5faa8ab7d179589408b2c9dea0ef77db20a94b54ab6af94

Download Submit
\Windows\SysWOW64\whvtx.exe

Filesize
92KB

MD5
e755e0f1e52756226e7441c3cfd07b2c

SHA1
43a6447f32e156afdf8d466f5693e3ff854b02fe

SHA256
c3690b02ad1749624ac7a959c9d960295a97eddf144855c7d0a4ab075d21965e

SHA512
4337068adce0625206b9fe8b2b3e0001d156d5fbc1714f9f026e8388eda440b6503ddeddb25106028c86c91dd5303806b44cfebe74ba0753b7e69dd84cd30817

Download Submit
\Windows\SysWOW64\wmg.exe

Filesize
92KB

MD5
104efa9689698823722963b059d717a9

SHA1
79daf704c7a010856d1123ceacbf29a87ffbadb9

SHA256
34ad0774c04fe24c010f5285a654f7c2edbc9c1b98a8501b06c28a1a84b37e55

SHA512
722f049299aeb25fbb05068244ced22ed96f1d8ef85c1a441176343b6b45261a463580e72bebe72c174355d3e4783f9f480efbfae503fbbd649bcdec5da79ef7

Download Submit
\Windows\SysWOW64\wmqyich.exe

Filesize
92KB

MD5
7bc949f32c8e8abc6e122fb230f4b01d

SHA1
5e995991dac4ff6d815f6a53c1650ed1057a0e7c

SHA256
4e8de1b4cac35a7d21b7f2aa7b8cb0580e5dae1aad9e37c983ceb58d66fbf0c7

SHA512
50eb7f4da90c30850b6bf87920908a5b009d37b69518b437ccc3498c962be8681b4f6d9589128077b3158e062a1e16e90b356811adeca10fc2775bcf3e768748

Download Submit
\Windows\SysWOW64\wmtt.exe

Filesize
92KB

MD5
1528b6c0ac542cb22d02dd9e69513037

SHA1
41dfe17f54dca900f108bf20ea350c6641ec5c3c

SHA256
9247190a94f30172be24f0bc6dc724b3de46b817e5d2b47baeeb2151cbcfb7e0

SHA512
2dd1960f4d974e57f4b701f971afc4d21fedee485a19f6adf7cabd30aee157bdc24559fa3b37dd22d46b1151955dd5370262f7e4bb99070e39d7f3e33a963ba7

Download Submit
\Windows\SysWOW64\wndomqie.exe

Filesize
92KB

MD5
35fdae2af71ac72554363668ab46d7e4

SHA1
e9706a57590b525c2000f192466a1ed9b47a427a

SHA256
9201a8d3f3dba69e7bc5ea415929f4066893f57dba8cd46a931be89da8687eb8

SHA512
bab458ceb181dfafb26fa1163504803e405db56120041f06f594187d1f1b510f5fe205a363cf2d0e5a55d71c915d248c61dbd88934f537d8faf4687df29f088f

Download Submit
\Windows\SysWOW64\wsrxgk.exe

Filesize
92KB

MD5
b9d71ca78d28cba3c1ffec42f69e63b1

SHA1
885d0421c8d506ea3807725a617720a9f44590a9

SHA256
856562ac28ccfd70e154b832f4cad0fc17e788e08756c1d25cfda05b72978225

SHA512
cad223706f3c0ee14e78bf596ba9290f8707d774defe006a13f9ad3c7cce2922d4da408ffeb2802eb47c6544d4c19b3e043056550de40b0771e0e2ce0cf4e3ed

Download Submit
\Windows\SysWOW64\wuyuw.exe

Filesize
92KB

MD5
6f7d92af24b6902e45f811275ec5ef08

SHA1
3ac3cd65be6a25dc2e79aa0adedbe4d27e75afae

SHA256
faa401c19f227afedd0ba4d511b3a02b29b9762bb69b399012ad5d4899cd28bc

SHA512
2bce6a7708264f871163289b24a0a689454f37efae90dce514b28408a77c97194ea6c76d64dd1014ed25636faf770e736931e9dab279105368002b5e84764aa5

Download Submit
\Windows\SysWOW64\wxbtuc.exe

Filesize
92KB

MD5
10f2c6bed55b15d0f9f2382830dd7f3a

SHA1
c5ce9aea603bc2a8dcddefcc24111b549d782339

SHA256
730fed204bed3255b81abd0108261857785d20ff04a986d4b8f121951cd60f00

SHA512
096ce20149f8298d77056ba53fe8ff235c5d4ae154c830a9647dfef8202186d75bb3c7a00395409d150a928831474f1769f9b6420e80156e3b8e0e4c623d4bfd

Download Submit
memory/112-342-0x0000000003550000-0x0000000003567000-memory.dmp

Filesize
92KB

Download
memory/112-340-0x0000000003540000-0x0000000003557000-memory.dmp

Filesize
92KB

Download
memory/112-341-0x0000000003550000-0x0000000003567000-memory.dmp

Filesize
92KB

Download
memory/112-343-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/112-327-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/552-197-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/552-192-0x00000000040D0000-0x00000000040E7000-memory.dmp

Filesize
92KB

Download
memory/552-193-0x0000000004130000-0x0000000004147000-memory.dmp

Filesize
92KB

Download
memory/552-194-0x0000000004130000-0x0000000004147000-memory.dmp

Filesize
92KB

Download
memory/552-174-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/808-266-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1064-131-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1064-149-0x0000000004040000-0x0000000004057000-memory.dmp

Filesize
92KB

Download
memory/1064-138-0x0000000004040000-0x0000000004057000-memory.dmp

Filesize
92KB

Download
memory/1064-153-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1412-310-0x00000000021A0000-0x00000000021B7000-memory.dmp

Filesize
92KB

Download
memory/1412-311-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1412-297-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1608-109-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1608-105-0x00000000036B0000-0x00000000036C7000-memory.dmp

Filesize
92KB

Download
memory/1608-87-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1608-99-0x00000000036B0000-0x00000000036C7000-memory.dmp

Filesize
92KB

Download
memory/1608-106-0x00000000036B0000-0x00000000036C7000-memory.dmp

Filesize
92KB

Download
memory/1668-326-0x0000000003EE0000-0x0000000003EF7000-memory.dmp

Filesize
92KB

Download
memory/1668-312-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1668-328-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1668-325-0x0000000003EE0000-0x0000000003EF7000-memory.dmp

Filesize
92KB

Download
memory/1668-324-0x0000000003EE0000-0x0000000003EF7000-memory.dmp

Filesize
92KB

Download
memory/1676-282-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1676-281-0x0000000003E40000-0x0000000003E57000-memory.dmp

Filesize
92KB

Download
memory/1676-280-0x0000000003E40000-0x0000000003E57000-memory.dmp

Filesize
92KB

Download
memory/1676-279-0x0000000003D10000-0x0000000003D27000-memory.dmp

Filesize
92KB

Download
memory/1676-267-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1868-20-0x0000000002380000-0x0000000002397000-memory.dmp

Filesize
92KB

Download
memory/1868-24-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1868-0-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1868-12-0x0000000002380000-0x0000000002397000-memory.dmp

Filesize
92KB

Download
memory/1868-6-0x0000000002380000-0x0000000002397000-memory.dmp

Filesize
92KB

Download
memory/1868-19-0x0000000002380000-0x0000000002397000-memory.dmp

Filesize
92KB

Download
memory/1872-357-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1872-370-0x0000000003CF0000-0x0000000003D07000-memory.dmp

Filesize
92KB

Download
memory/1872-372-0x0000000003CF0000-0x0000000003D07000-memory.dmp

Filesize
92KB

Download
memory/1872-371-0x0000000003CF0000-0x0000000003D07000-memory.dmp

Filesize
92KB

Download
memory/1872-369-0x0000000003CF0000-0x0000000003D07000-memory.dmp

Filesize
92KB

Download
memory/1872-373-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2028-235-0x0000000003EE0000-0x0000000003EF7000-memory.dmp

Filesize
92KB

Download
memory/2028-219-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2028-239-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2028-237-0x0000000003EE0000-0x0000000003EF7000-memory.dmp

Filesize
92KB

Download
memory/2028-236-0x0000000003EE0000-0x0000000003EF7000-memory.dmp

Filesize
92KB

Download
memory/2084-86-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2084-81-0x00000000032D0000-0x00000000032E7000-memory.dmp

Filesize
92KB

Download
memory/2084-63-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2084-82-0x00000000032D0000-0x00000000032E7000-memory.dmp

Filesize
92KB

Download
memory/2084-84-0x0000000003570000-0x0000000003587000-memory.dmp

Filesize
92KB

Download
memory/2084-83-0x0000000003570000-0x0000000003587000-memory.dmp

Filesize
92KB

Download
memory/2244-254-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2244-253-0x0000000003EE0000-0x0000000003EF7000-memory.dmp

Filesize
92KB

Download
memory/2244-248-0x0000000003EE0000-0x0000000003EF7000-memory.dmp

Filesize
92KB

Download
memory/2244-249-0x0000000003EE0000-0x0000000003EF7000-memory.dmp

Filesize
92KB

Download
memory/2244-238-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2376-294-0x0000000002310000-0x0000000002327000-memory.dmp

Filesize
92KB

Download
memory/2376-298-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2376-296-0x0000000002310000-0x0000000002327000-memory.dmp

Filesize
92KB

Download
memory/2376-295-0x0000000002310000-0x0000000002327000-memory.dmp

Filesize
92KB

Download
memory/2692-64-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2692-44-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2692-55-0x0000000003370000-0x0000000003387000-memory.dmp

Filesize
92KB

Download
memory/2792-175-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2792-151-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2792-169-0x0000000003BB0000-0x0000000003BC7000-memory.dmp

Filesize
92KB

Download
memory/2792-170-0x0000000003BB0000-0x0000000003BC7000-memory.dmp

Filesize
92KB

Download
memory/2792-171-0x0000000003BB0000-0x0000000003BC7000-memory.dmp

Filesize
92KB

Download
memory/2792-172-0x0000000003BB0000-0x0000000003BC7000-memory.dmp

Filesize
92KB

Download
memory/2868-390-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2868-403-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2868-402-0x00000000021C0000-0x00000000021D7000-memory.dmp

Filesize
92KB

Download
memory/2904-218-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2904-216-0x00000000022F0000-0x0000000002307000-memory.dmp

Filesize
92KB

Download
memory/2904-215-0x00000000022F0000-0x0000000002307000-memory.dmp

Filesize
92KB

Download
memory/2904-214-0x00000000022F0000-0x0000000002307000-memory.dmp

Filesize
92KB

Download
memory/2904-196-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2944-23-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2944-43-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2972-127-0x0000000003510000-0x0000000003527000-memory.dmp

Filesize
92KB

Download
memory/2972-126-0x0000000003510000-0x0000000003527000-memory.dmp

Filesize
92KB

Download
memory/2972-130-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2972-108-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2972-128-0x0000000003520000-0x0000000003537000-memory.dmp

Filesize
92KB

Download
memory/2984-356-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2984-355-0x0000000003260000-0x0000000003277000-memory.dmp

Filesize
92KB

Download
memory/2996-388-0x00000000036C0000-0x00000000036D7000-memory.dmp

Filesize
92KB

Download
memory/2996-387-0x00000000036C0000-0x00000000036D7000-memory.dmp

Filesize
92KB

Download
memory/2996-386-0x00000000034E0000-0x00000000034F7000-memory.dmp

Filesize
92KB

Download
memory/2996-385-0x00000000034E0000-0x00000000034F7000-memory.dmp

Filesize
92KB

Download
memory/2996-389-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download