4e269c558ad900af1020823c7cb0b15d326898893b3f96d19dfe74ba205a028a

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
20/05/2024, 04:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a789d85112422769a4e5bfd578aeb490_NeikiAnalytics.exe
Size

82KB
MD5

a789d85112422769a4e5bfd578aeb490
SHA1

64df321279801aca306c432a8a38ebc553a78378
SHA256

4e269c558ad900af1020823c7cb0b15d326898893b3f96d19dfe74ba205a028a
SHA512

f70bd351fb551897fb67a84e5fb686e69e4f3dbbe61c74d7b48dfd656b69334b2140fe3a9ac9ab30aa668fd92398315266e4d530abbdbfcf8dba30b9bdcb5ae7
SSDEEP

1536:azUQz74LIvK/+Czax4IHVdmRvW1BDVwrVXwP:qUQz74TmFnmRvW1gXwP

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 64 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wypiy.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wmbqwmw.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wgp.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wvtg.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wwqppkyq.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wgwmfbrfr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wkmbkkn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	woaytlhc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wlt.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wfkebk.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	a789d85112422769a4e5bfd578aeb490_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wkeeuok.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wgyq.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wgboblp.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wkfmaqvai.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	weorx.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wmayg.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wxxsns.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wlxryoal.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wvwst.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wndj.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wemymc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wmxbp.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wxnxnu.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wnqwrgnx.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wsaw.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wsieckna.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wlgbfme.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wywis.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wxoymh.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	waanktokc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wmxdlmgx.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	walmh.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	whauc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wyicsbv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wxwy.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wweqg.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wbyv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wjx.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wbfr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wjfoj.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wngjw.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wnqsl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wiwhebyn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wcnv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wnqmiir.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wssfkqco.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wdc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wjipx.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wgsigo.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	whrla.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wdxbfxul.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wemam.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wujsg.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	weikfkp.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wxiyrk.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wrlrpj.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	whyila.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wngcdu.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wdwhfj.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wsamm.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wygqju.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	wqb.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	weck.exe

Executes dropped EXE 64 IoCs

pid	Process
3336	wkmbkkn.exe
3236	wfktlnn.exe
2488	wbfr.exe
2000	wkfmaqvai.exe
3992	wnydn.exe
2468	wypiy.exe
3536	wjfoj.exe
3032	wdwhfj.exe
3584	weck.exe
732	wfwewu.exe
4584	wtlf.exe
4104	wuuroe.exe
1504	wngjw.exe
2580	wcnv.exe
1972	wvtg.exe
1896	wsamm.exe
1588	weorx.exe
3700	wmbqwmw.exe
2616	whrla.exe
3796	wjwnvdd.exe
2888	wxwy.exe
4580	wvnpqu.exe
3308	wwfctkicp.exe
4684	wqlmh.exe
1500	wnqsl.exe
1884	whxday.exe
644	wkeeuok.exe
2612	wxoymh.exe
3576	whppfid.exe
552	wweqg.exe
3532	wglimxh.exe
4844	wjrkhosbc.exe
1596	wyjjtx.exe
4724	wbyv.exe
4756	wyqmjo.exe
4184	wnqwrgnx.exe
4736	whgrv.exe
4432	wmxbp.exe
4364	wgyq.exe
2800	wgboblp.exe
2152	wkgqyb.exe
4336	wlvdbrxn.exe
3328	wvwst.exe
216	wtexys.exe
2580	wyf.exe
4516	wju.exe
3540	wmayg.exe
2224	wnqmiir.exe
2456	wssfkqco.exe
3152	wdhjuqgb.exe
3804	wdc.exe
3596	wndj.exe
1104	wjipx.exe
216	wmnrub.exe
4508	waanktokc.exe
3308	woaytlhc.exe
4360	wmxdlmgx.exe
4692	wsaw.exe
964	wogc.exe
5032	wygqju.exe
1672	wxnxnu.exe
3328	wmnjxmoq.exe
216	wdxbfxul.exe
1136	wcdij.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\wogc.exe	wsaw.exe
File created	C:\Windows\SysWOW64\wxiyrk.exe	wemymc.exe
File opened for modification	C:\Windows\SysWOW64\wjx.exe	wlgbfme.exe
File opened for modification	C:\Windows\SysWOW64\wvtg.exe	wcnv.exe
File opened for modification	C:\Windows\SysWOW64\wywis.exe	wrqkfr.exe
File opened for modification	C:\Windows\SysWOW64\weovqco.exe	wlt.exe
File created	C:\Windows\SysWOW64\wiwhebyn.exe	wyicsbv.exe
File created	C:\Windows\SysWOW64\wdwhfj.exe	wjfoj.exe
File opened for modification	C:\Windows\SysWOW64\wjfoj.exe	wypiy.exe
File opened for modification	C:\Windows\SysWOW64\whrla.exe	wmbqwmw.exe
File opened for modification	C:\Windows\SysWOW64\wmxbp.exe	whgrv.exe
File created	C:\Windows\SysWOW64\wnpl.exe	weovqco.exe
File created	C:\Windows\SysWOW64\wfktlnn.exe	wkmbkkn.exe
File created	C:\Windows\SysWOW64\wvnpqu.exe	wxwy.exe
File opened for modification	C:\Windows\SysWOW64\wwfctkicp.exe	wvnpqu.exe
File created	C:\Windows\SysWOW64\wjrkhosbc.exe	wglimxh.exe
File created	C:\Windows\SysWOW64\wnqmiir.exe	wmayg.exe
File opened for modification	C:\Windows\SysWOW64\wctuneh.exe	wwptsss.exe
File opened for modification	C:\Windows\SysWOW64\weck.exe	wdwhfj.exe
File created	C:\Windows\SysWOW64\wngjw.exe	wuuroe.exe
File opened for modification	C:\Windows\SysWOW64\wlvdbrxn.exe	wkgqyb.exe
File opened for modification	C:\Windows\SysWOW64\wnqmiir.exe	wmayg.exe
File opened for modification	C:\Windows\SysWOW64\wkfmaqvai.exe	wbfr.exe
File created	C:\Windows\SysWOW64\wcdum.exe	wsdftsqd.exe
File created	C:\Windows\SysWOW64\wcnv.exe	wngjw.exe
File opened for modification	C:\Windows\SysWOW64\wml.exe	wvbglwu.exe
File opened for modification	C:\Windows\SysWOW64\wyqmjo.exe	wbyv.exe
File created	C:\Windows\SysWOW64\wmnjxmoq.exe	wxnxnu.exe
File created	C:\Windows\SysWOW64\wxxsns.exe	wiwhebyn.exe
File created	C:\Windows\SysWOW64\wywis.exe	wrqkfr.exe
File opened for modification	C:\Windows\SysWOW64\wmbqwmw.exe	weorx.exe
File created	C:\Windows\SysWOW64\whauc.exe	walmh.exe
File created	C:\Windows\SysWOW64\wpn.exe	wjx.exe
File created	C:\Windows\SysWOW64\wpvedan.exe	wfqgrv.exe
File created	C:\Windows\SysWOW64\wglimxh.exe	wweqg.exe
File opened for modification	C:\Windows\SysWOW64\whppfid.exe	wxoymh.exe
File created	C:\Windows\SysWOW64\wyjjtx.exe	wjrkhosbc.exe
File opened for modification	C:\Windows\SysWOW64\wdc.exe	wdhjuqgb.exe
File opened for modification	C:\Windows\SysWOW64\wxnxnu.exe	wygqju.exe
File opened for modification	C:\Windows\SysWOW64\weikfkp.exe	wcdij.exe
File opened for modification	C:\Windows\SysWOW64\wqb.exe	whyila.exe
File created	C:\Windows\SysWOW64\weck.exe	wdwhfj.exe
File opened for modification	C:\Windows\SysWOW64\wxwy.exe	wjwnvdd.exe
File created	C:\Windows\SysWOW64\whrla.exe	wmbqwmw.exe
File opened for modification	C:\Windows\SysWOW64\wdhjuqgb.exe	wssfkqco.exe
File created	C:\Windows\SysWOW64\walmh.exe	wujsg.exe
File created	C:\Windows\SysWOW64\wkeeuok.exe	whxday.exe
File opened for modification	C:\Windows\SysWOW64\wfwewu.exe	weck.exe
File opened for modification	C:\Windows\SysWOW64\wwqppkyq.exe	wrqv.exe
File opened for modification	C:\Windows\SysWOW64\wyicsbv.exe	wwqppkyq.exe
File opened for modification	C:\Windows\SysWOW64\wcdum.exe	wsdftsqd.exe
File opened for modification	C:\Windows\SysWOW64\wypiy.exe	wnydn.exe
File created	C:\Windows\SysWOW64\wmayg.exe	wju.exe
File created	C:\Windows\SysWOW64\wfqgrv.exe	wxxsns.exe
File opened for modification	C:\Windows\SysWOW64\wgwmfbrfr.exe	wrlrpj.exe
File created	C:\Windows\SysWOW64\wmgfisq.exe	wywis.exe
File created	C:\Windows\SysWOW64\wtlf.exe	wfwewu.exe
File created	C:\Windows\SysWOW64\wvbglwu.exe	whauc.exe
File created	C:\Windows\SysWOW64\wrqv.exe	wdplgjv.exe
File opened for modification	C:\Windows\SysWOW64\wsdftsqd.exe	wlxryoal.exe
File created	C:\Windows\SysWOW64\wwfctkicp.exe	wvnpqu.exe
File created	C:\Windows\SysWOW64\wweqg.exe	whppfid.exe
File opened for modification	C:\Windows\SysWOW64\wxoymh.exe	wkeeuok.exe
File created	C:\Windows\SysWOW64\wtexys.exe	wvwst.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 10 IoCs

pid	pid_target	Process	procid_target
2408	3336	WerFault.exe	88
1228	2580	WerFault.exe	141
1832	4844	WerFault.exe	199
4760	4844	WerFault.exe	199
2920	4184	WerFault.exe	215
4756	3328	WerFault.exe	238
4936	4692	WerFault.exe	285
4408	2080	WerFault.exe	396
4496	2700	WerFault.exe	412
3876	4236	WerFault.exe	415

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 3336	1992	a789d85112422769a4e5bfd578aeb490_NeikiAnalytics.exe	88
PID 1992 wrote to memory of 3336	1992	a789d85112422769a4e5bfd578aeb490_NeikiAnalytics.exe	88
PID 1992 wrote to memory of 3336	1992	a789d85112422769a4e5bfd578aeb490_NeikiAnalytics.exe	88
PID 1992 wrote to memory of 2468	1992	a789d85112422769a4e5bfd578aeb490_NeikiAnalytics.exe	90
PID 1992 wrote to memory of 2468	1992	a789d85112422769a4e5bfd578aeb490_NeikiAnalytics.exe	90
PID 1992 wrote to memory of 2468	1992	a789d85112422769a4e5bfd578aeb490_NeikiAnalytics.exe	90
PID 3336 wrote to memory of 3236	3336	wkmbkkn.exe	93
PID 3336 wrote to memory of 3236	3336	wkmbkkn.exe	93
PID 3336 wrote to memory of 3236	3336	wkmbkkn.exe	93
PID 3336 wrote to memory of 3508	3336	wkmbkkn.exe	94
PID 3336 wrote to memory of 3508	3336	wkmbkkn.exe	94
PID 3336 wrote to memory of 3508	3336	wkmbkkn.exe	94
PID 3236 wrote to memory of 2488	3236	wfktlnn.exe	105
PID 3236 wrote to memory of 2488	3236	wfktlnn.exe	105
PID 3236 wrote to memory of 2488	3236	wfktlnn.exe	105
PID 3236 wrote to memory of 1100	3236	wfktlnn.exe	106
PID 3236 wrote to memory of 1100	3236	wfktlnn.exe	106
PID 3236 wrote to memory of 1100	3236	wfktlnn.exe	106
PID 2488 wrote to memory of 2000	2488	wbfr.exe	108
PID 2488 wrote to memory of 2000	2488	wbfr.exe	108
PID 2488 wrote to memory of 2000	2488	wbfr.exe	108
PID 2488 wrote to memory of 4720	2488	wbfr.exe	109
PID 2488 wrote to memory of 4720	2488	wbfr.exe	109
PID 2488 wrote to memory of 4720	2488	wbfr.exe	109
PID 2000 wrote to memory of 3992	2000	wkfmaqvai.exe	111
PID 2000 wrote to memory of 3992	2000	wkfmaqvai.exe	111
PID 2000 wrote to memory of 3992	2000	wkfmaqvai.exe	111
PID 2000 wrote to memory of 4076	2000	wkfmaqvai.exe	112
PID 2000 wrote to memory of 4076	2000	wkfmaqvai.exe	112
PID 2000 wrote to memory of 4076	2000	wkfmaqvai.exe	112
PID 3992 wrote to memory of 2468	3992	wnydn.exe	115
PID 3992 wrote to memory of 2468	3992	wnydn.exe	115
PID 3992 wrote to memory of 2468	3992	wnydn.exe	115
PID 3992 wrote to memory of 1196	3992	wnydn.exe	116
PID 3992 wrote to memory of 1196	3992	wnydn.exe	116
PID 3992 wrote to memory of 1196	3992	wnydn.exe	116
PID 2468 wrote to memory of 3536	2468	wypiy.exe	118
PID 2468 wrote to memory of 3536	2468	wypiy.exe	118
PID 2468 wrote to memory of 3536	2468	wypiy.exe	118
PID 2468 wrote to memory of 4600	2468	wypiy.exe	119
PID 2468 wrote to memory of 4600	2468	wypiy.exe	119
PID 2468 wrote to memory of 4600	2468	wypiy.exe	119
PID 3536 wrote to memory of 3032	3536	wjfoj.exe	121
PID 3536 wrote to memory of 3032	3536	wjfoj.exe	121
PID 3536 wrote to memory of 3032	3536	wjfoj.exe	121
PID 3536 wrote to memory of 1044	3536	wjfoj.exe	122
PID 3536 wrote to memory of 1044	3536	wjfoj.exe	122
PID 3536 wrote to memory of 1044	3536	wjfoj.exe	122
PID 3032 wrote to memory of 3584	3032	wdwhfj.exe	126
PID 3032 wrote to memory of 3584	3032	wdwhfj.exe	126
PID 3032 wrote to memory of 3584	3032	wdwhfj.exe	126
PID 3032 wrote to memory of 3020	3032	wdwhfj.exe	127
PID 3032 wrote to memory of 3020	3032	wdwhfj.exe	127
PID 3032 wrote to memory of 3020	3032	wdwhfj.exe	127
PID 3584 wrote to memory of 732	3584	weck.exe	129
PID 3584 wrote to memory of 732	3584	weck.exe	129
PID 3584 wrote to memory of 732	3584	weck.exe	129
PID 3584 wrote to memory of 2644	3584	weck.exe	130
PID 3584 wrote to memory of 2644	3584	weck.exe	130
PID 3584 wrote to memory of 2644	3584	weck.exe	130
PID 732 wrote to memory of 4584	732	wfwewu.exe	132
PID 732 wrote to memory of 4584	732	wfwewu.exe	132
PID 732 wrote to memory of 4584	732	wfwewu.exe	132
PID 732 wrote to memory of 3168	732	wfwewu.exe	133

C:\Users\Admin\AppData\Local\Temp\a789d85112422769a4e5bfd578aeb490_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\a789d85112422769a4e5bfd578aeb490_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Windows\SysWOW64\wkmbkkn.exe
  "C:\Windows\system32\wkmbkkn.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:3336
- - C:\Windows\SysWOW64\wfktlnn.exe
    "C:\Windows\system32\wfktlnn.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:3236
  - - C:\Windows\SysWOW64\wbfr.exe
      "C:\Windows\system32\wbfr.exe"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:2488
    - - C:\Windows\SysWOW64\wkfmaqvai.exe
        
        "C:\Windows\system32\wkfmaqvai.exe"
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2000
      - C:\Windows\SysWOW64\wnydn.exe
        
        "C:\Windows\system32\wnydn.exe"
        6⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:3992
        
        C:\Windows\SysWOW64\wypiy.exe
        
        "C:\Windows\system32\wypiy.exe"
        7⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2468
        
        C:\Windows\SysWOW64\wjfoj.exe
        
        "C:\Windows\system32\wjfoj.exe"
        8⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:3536
        
        C:\Windows\SysWOW64\wdwhfj.exe
        
        "C:\Windows\system32\wdwhfj.exe"
        9⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:3032
        
        C:\Windows\SysWOW64\weck.exe
        
        "C:\Windows\system32\weck.exe"
        10⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:3584
        
        C:\Windows\SysWOW64\wfwewu.exe
        
        "C:\Windows\system32\wfwewu.exe"
        11⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:732
        
        C:\Windows\SysWOW64\wtlf.exe
        
        "C:\Windows\system32\wtlf.exe"
        12⤵
        Executes dropped EXE
        
        PID:4584
        
        C:\Windows\SysWOW64\wuuroe.exe
        
        "C:\Windows\system32\wuuroe.exe"
        13⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4104
        
        C:\Windows\SysWOW64\wngjw.exe
        
        "C:\Windows\system32\wngjw.exe"
        14⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1504
        
        C:\Windows\SysWOW64\wcnv.exe
        
        "C:\Windows\system32\wcnv.exe"
        15⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2580
        
        C:\Windows\SysWOW64\wvtg.exe
        
        "C:\Windows\system32\wvtg.exe"
        16⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:1972
        
        C:\Windows\SysWOW64\wsamm.exe
        
        "C:\Windows\system32\wsamm.exe"
        17⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:1896
        
        C:\Windows\SysWOW64\weorx.exe
        
        "C:\Windows\system32\weorx.exe"
        18⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1588
        
        C:\Windows\SysWOW64\wmbqwmw.exe
        
        "C:\Windows\system32\wmbqwmw.exe"
        19⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3700
        
        C:\Windows\SysWOW64\whrla.exe
        
        "C:\Windows\system32\whrla.exe"
        20⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:2616
        
        C:\Windows\SysWOW64\wjwnvdd.exe
        
        "C:\Windows\system32\wjwnvdd.exe"
        21⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3796
        
        C:\Windows\SysWOW64\wxwy.exe
        
        "C:\Windows\system32\wxwy.exe"
        22⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2888
        
        C:\Windows\SysWOW64\wvnpqu.exe
        
        "C:\Windows\system32\wvnpqu.exe"
        23⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4580
        
        C:\Windows\SysWOW64\wwfctkicp.exe
        
        "C:\Windows\system32\wwfctkicp.exe"
        24⤵
        Executes dropped EXE
        
        PID:3308
        
        C:\Windows\SysWOW64\wqlmh.exe
        
        "C:\Windows\system32\wqlmh.exe"
        25⤵
        Executes dropped EXE
        
        PID:4684
        
        C:\Windows\SysWOW64\wnqsl.exe
        
        "C:\Windows\system32\wnqsl.exe"
        26⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:1500
        
        C:\Windows\SysWOW64\whxday.exe
        
        "C:\Windows\system32\whxday.exe"
        27⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1884
        
        C:\Windows\SysWOW64\wkeeuok.exe
        
        "C:\Windows\system32\wkeeuok.exe"
        28⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:644
        
        C:\Windows\SysWOW64\wxoymh.exe
        
        "C:\Windows\system32\wxoymh.exe"
        29⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2612
        
        C:\Windows\SysWOW64\whppfid.exe
        
        "C:\Windows\system32\whppfid.exe"
        30⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3576
        
        C:\Windows\SysWOW64\wweqg.exe
        
        "C:\Windows\system32\wweqg.exe"
        31⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:552
        
        C:\Windows\SysWOW64\wglimxh.exe
        
        "C:\Windows\system32\wglimxh.exe"
        32⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3532
        
        C:\Windows\SysWOW64\wjrkhosbc.exe
        
        "C:\Windows\system32\wjrkhosbc.exe"
        33⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4844
        
        C:\Windows\SysWOW64\wyjjtx.exe
        
        "C:\Windows\system32\wyjjtx.exe"
        34⤵
        Executes dropped EXE
        
        PID:1596
        
        C:\Windows\SysWOW64\wbyv.exe
        
        "C:\Windows\system32\wbyv.exe"
        35⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4724
        
        C:\Windows\SysWOW64\wyqmjo.exe
        
        "C:\Windows\system32\wyqmjo.exe"
        36⤵
        Executes dropped EXE
        
        PID:4756
        
        C:\Windows\SysWOW64\wnqwrgnx.exe
        
        "C:\Windows\system32\wnqwrgnx.exe"
        37⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:4184
        
        C:\Windows\SysWOW64\whgrv.exe
        
        "C:\Windows\system32\whgrv.exe"
        38⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4736
        
        C:\Windows\SysWOW64\wmxbp.exe
        
        "C:\Windows\system32\wmxbp.exe"
        39⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:4432
        
        C:\Windows\SysWOW64\wgyq.exe
        
        "C:\Windows\system32\wgyq.exe"
        40⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:4364
        
        C:\Windows\SysWOW64\wgboblp.exe
        
        "C:\Windows\system32\wgboblp.exe"
        41⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:2800
        
        C:\Windows\SysWOW64\wkgqyb.exe
        
        "C:\Windows\system32\wkgqyb.exe"
        42⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2152
        
        C:\Windows\SysWOW64\wlvdbrxn.exe
        
        "C:\Windows\system32\wlvdbrxn.exe"
        43⤵
        Executes dropped EXE
        
        PID:4336
        
        C:\Windows\SysWOW64\wvwst.exe
        
        "C:\Windows\system32\wvwst.exe"
        44⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3328
        
        C:\Windows\SysWOW64\wtexys.exe
        
        "C:\Windows\system32\wtexys.exe"
        45⤵
        Executes dropped EXE
        
        PID:216
        
        C:\Windows\SysWOW64\wyf.exe
        
        "C:\Windows\system32\wyf.exe"
        46⤵
        Executes dropped EXE
        
        PID:2580
        
        C:\Windows\SysWOW64\wju.exe
        
        "C:\Windows\system32\wju.exe"
        47⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4516
        
        C:\Windows\SysWOW64\wmayg.exe
        
        "C:\Windows\system32\wmayg.exe"
        48⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3540
        
        C:\Windows\SysWOW64\wnqmiir.exe
        
        "C:\Windows\system32\wnqmiir.exe"
        49⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:2224
        
        C:\Windows\SysWOW64\wssfkqco.exe
        
        "C:\Windows\system32\wssfkqco.exe"
        50⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2456
        
        C:\Windows\SysWOW64\wdhjuqgb.exe
        
        "C:\Windows\system32\wdhjuqgb.exe"
        51⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3152
        
        C:\Windows\SysWOW64\wdc.exe
        
        "C:\Windows\system32\wdc.exe"
        52⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:3804
        
        C:\Windows\SysWOW64\wndj.exe
        
        "C:\Windows\system32\wndj.exe"
        53⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:3596
        
        C:\Windows\SysWOW64\wjipx.exe
        
        "C:\Windows\system32\wjipx.exe"
        54⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:1104
        
        C:\Windows\SysWOW64\wmnrub.exe
        
        "C:\Windows\system32\wmnrub.exe"
        55⤵
        Executes dropped EXE
        
        PID:216
        
        C:\Windows\SysWOW64\waanktokc.exe
        
        "C:\Windows\system32\waanktokc.exe"
        56⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:4508
        
        C:\Windows\SysWOW64\woaytlhc.exe
        
        "C:\Windows\system32\woaytlhc.exe"
        57⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:3308
        
        C:\Windows\SysWOW64\wmxdlmgx.exe
        
        "C:\Windows\system32\wmxdlmgx.exe"
        58⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:4360
        
        C:\Windows\SysWOW64\wsaw.exe
        
        "C:\Windows\system32\wsaw.exe"
        59⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4692
        
        C:\Windows\SysWOW64\wogc.exe
        
        "C:\Windows\system32\wogc.exe"
        60⤵
        Executes dropped EXE
        
        PID:964
        
        C:\Windows\SysWOW64\wygqju.exe
        
        "C:\Windows\system32\wygqju.exe"
        61⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:5032
        
        C:\Windows\SysWOW64\wxnxnu.exe
        
        "C:\Windows\system32\wxnxnu.exe"
        62⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1672
        
        C:\Windows\SysWOW64\wmnjxmoq.exe
        
        "C:\Windows\system32\wmnjxmoq.exe"
        63⤵
        Executes dropped EXE
        
        PID:3328
        
        C:\Windows\SysWOW64\wdxbfxul.exe
        
        "C:\Windows\system32\wdxbfxul.exe"
        64⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:216
        
        C:\Windows\SysWOW64\wcdij.exe
        
        "C:\Windows\system32\wcdij.exe"
        65⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1136
        
        C:\Windows\SysWOW64\weikfkp.exe
        
        "C:\Windows\system32\weikfkp.exe"
        66⤵
        Checks computer location settings
        
        PID:2596
        
        C:\Windows\SysWOW64\wwptsss.exe
        
        "C:\Windows\system32\wwptsss.exe"
        67⤵
        Drops file in System32 directory
        
        PID:4584
        
        C:\Windows\SysWOW64\wctuneh.exe
        
        "C:\Windows\system32\wctuneh.exe"
        68⤵
        
        PID:1148
        
        C:\Windows\SysWOW64\wujsg.exe
        
        "C:\Windows\system32\wujsg.exe"
        69⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:3616
        
        C:\Windows\SysWOW64\walmh.exe
        
        "C:\Windows\system32\walmh.exe"
        70⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:964
        
        C:\Windows\SysWOW64\whauc.exe
        
        "C:\Windows\system32\whauc.exe"
        71⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:624
        
        C:\Windows\SysWOW64\wvbglwu.exe
        
        "C:\Windows\system32\wvbglwu.exe"
        72⤵
        Drops file in System32 directory
        
        PID:3080
        
        C:\Windows\SysWOW64\wml.exe
        
        "C:\Windows\system32\wml.exe"
        73⤵
        
        PID:1672
        
        C:\Windows\SysWOW64\wgsigo.exe
        
        "C:\Windows\system32\wgsigo.exe"
        74⤵
        Checks computer location settings
        
        PID:5108
        
        C:\Windows\SysWOW64\wemymc.exe
        
        "C:\Windows\system32\wemymc.exe"
        75⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:760
        
        C:\Windows\SysWOW64\wxiyrk.exe
        
        "C:\Windows\system32\wxiyrk.exe"
        76⤵
        Checks computer location settings
        
        PID:1312
        
        C:\Windows\SysWOW64\wemam.exe
        
        "C:\Windows\system32\wemam.exe"
        77⤵
        Checks computer location settings
        
        PID:4060
        
        C:\Windows\SysWOW64\wsieckna.exe
        
        "C:\Windows\system32\wsieckna.exe"
        78⤵
        Checks computer location settings
        
        PID:1104
        
        C:\Windows\SysWOW64\wlt.exe
        
        "C:\Windows\system32\wlt.exe"
        79⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:2976
        
        C:\Windows\SysWOW64\weovqco.exe
        
        "C:\Windows\system32\weovqco.exe"
        80⤵
        Drops file in System32 directory
        
        PID:4112
        
        C:\Windows\SysWOW64\wnpl.exe
        
        "C:\Windows\system32\wnpl.exe"
        81⤵
        
        PID:4044
        
        C:\Windows\SysWOW64\wgp.exe
        
        "C:\Windows\system32\wgp.exe"
        82⤵
        Checks computer location settings
        
        PID:732
        
        C:\Windows\SysWOW64\wngcdu.exe
        
        "C:\Windows\system32\wngcdu.exe"
        83⤵
        Checks computer location settings
        
        PID:812
        
        C:\Windows\SysWOW64\wjppbvj.exe
        
        "C:\Windows\system32\wjppbvj.exe"
        84⤵
        
        PID:4448
        
        C:\Windows\SysWOW64\wlgbfme.exe
        
        "C:\Windows\system32\wlgbfme.exe"
        85⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:4492
        
        C:\Windows\SysWOW64\wjx.exe
        
        "C:\Windows\system32\wjx.exe"
        86⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:5092
        
        C:\Windows\SysWOW64\wpn.exe
        
        "C:\Windows\system32\wpn.exe"
        87⤵
        
        PID:2968
        
        C:\Windows\SysWOW64\wfkebk.exe
        
        "C:\Windows\system32\wfkebk.exe"
        88⤵
        Checks computer location settings
        
        PID:2920
        
        C:\Windows\SysWOW64\wdplgjv.exe
        
        "C:\Windows\system32\wdplgjv.exe"
        89⤵
        Drops file in System32 directory
        
        PID:1680
        
        C:\Windows\SysWOW64\wrqv.exe
        
        "C:\Windows\system32\wrqv.exe"
        90⤵
        Drops file in System32 directory
        
        PID:2180
        
        C:\Windows\SysWOW64\wwqppkyq.exe
        
        "C:\Windows\system32\wwqppkyq.exe"
        91⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:776
        
        C:\Windows\SysWOW64\wyicsbv.exe
        
        "C:\Windows\system32\wyicsbv.exe"
        92⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:3528
        
        C:\Windows\SysWOW64\wiwhebyn.exe
        
        "C:\Windows\system32\wiwhebyn.exe"
        93⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:2080
        
        C:\Windows\SysWOW64\wxxsns.exe
        
        "C:\Windows\system32\wxxsns.exe"
        94⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:2488
        
        C:\Windows\SysWOW64\wfqgrv.exe
        
        "C:\Windows\system32\wfqgrv.exe"
        95⤵
        Drops file in System32 directory
        
        PID:964
        
        C:\Windows\SysWOW64\wpvedan.exe
        
        "C:\Windows\system32\wpvedan.exe"
        96⤵
        
        PID:1508
        
        C:\Windows\SysWOW64\wluhubn.exe
        
        "C:\Windows\system32\wluhubn.exe"
        97⤵
        
        PID:2700
        
        C:\Windows\SysWOW64\wrlrpj.exe
        
        "C:\Windows\system32\wrlrpj.exe"
        98⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:4236
        
        C:\Windows\SysWOW64\wgwmfbrfr.exe
        
        "C:\Windows\system32\wgwmfbrfr.exe"
        99⤵
        Checks computer location settings
        
        PID:1104
        
        C:\Windows\SysWOW64\wlxryoal.exe
        
        "C:\Windows\system32\wlxryoal.exe"
        100⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:4508
        
        C:\Windows\SysWOW64\wsdftsqd.exe
        
        "C:\Windows\system32\wsdftsqd.exe"
        101⤵
        Drops file in System32 directory
        
        PID:2140
        
        C:\Windows\SysWOW64\wcdum.exe
        
        "C:\Windows\system32\wcdum.exe"
        102⤵
        
        PID:2852
        
        C:\Windows\SysWOW64\waiyqr.exe
        
        "C:\Windows\system32\waiyqr.exe"
        103⤵
        
        PID:3740
        
        C:\Windows\SysWOW64\whyila.exe
        
        "C:\Windows\system32\whyila.exe"
        104⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:2396
        
        C:\Windows\SysWOW64\wqb.exe
        
        "C:\Windows\system32\wqb.exe"
        105⤵
        Checks computer location settings
        
        PID:4268
        
        C:\Windows\SysWOW64\wrqkfr.exe
        
        "C:\Windows\system32\wrqkfr.exe"
        106⤵
        Drops file in System32 directory
        
        PID:2156
        
        C:\Windows\SysWOW64\wywis.exe
        
        "C:\Windows\system32\wywis.exe"
        107⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:3292
        
        C:\Windows\SysWOW64\wmgfisq.exe
        
        "C:\Windows\system32\wmgfisq.exe"
        108⤵
        
        PID:548
        
        C:\Windows\SysWOW64\wcgqr.exe
        
        "C:\Windows\system32\wcgqr.exe"
        109⤵
        
        PID:2360
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmgfisq.exe"
        109⤵
        
        PID:2512
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wywis.exe"
        108⤵
        
        PID:4440
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrqkfr.exe"
        107⤵
        
        PID:636
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqb.exe"
        106⤵
        
        PID:3776
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whyila.exe"
        105⤵
        
        PID:3032
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\waiyqr.exe"
        104⤵
        
        PID:3956
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wcdum.exe"
        103⤵
        
        PID:4288
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wsdftsqd.exe"
        102⤵
        
        PID:4880
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlxryoal.exe"
        101⤵
        
        PID:4080
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgwmfbrfr.exe"
        100⤵
        
        PID:1744
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrlrpj.exe"
        99⤵
        
        PID:1680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 1352
        99⤵
        Program crash
        
        PID:3876
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wluhubn.exe"
        98⤵
        
        PID:1160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 1364
        98⤵
        Program crash
        
        PID:4496
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpvedan.exe"
        97⤵
        
        PID:4848
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfqgrv.exe"
        96⤵
        
        PID:4940
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxxsns.exe"
        95⤵
        
        PID:2408
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wiwhebyn.exe"
        94⤵
        
        PID:508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 1440
        94⤵
        Program crash
        
        PID:4408
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wyicsbv.exe"
        93⤵
        
        PID:3288
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwqppkyq.exe"
        92⤵
        
        PID:4116
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrqv.exe"
        91⤵
        
        PID:3228
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdplgjv.exe"
        90⤵
        
        PID:4856
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfkebk.exe"
        89⤵
        
        PID:3600
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpn.exe"
        88⤵
        
        PID:4600
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjx.exe"
        87⤵
        
        PID:1428
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlgbfme.exe"
        86⤵
        
        PID:3796
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjppbvj.exe"
        85⤵
        
        PID:4468
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wngcdu.exe"
        84⤵
        
        PID:4268
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgp.exe"
        83⤵
        
        PID:4212
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnpl.exe"
        82⤵
        
        PID:1560
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\weovqco.exe"
        81⤵
        
        PID:3864
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlt.exe"
        80⤵
        
        PID:4608
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wsieckna.exe"
        79⤵
        
        PID:3620
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wemam.exe"
        78⤵
        
        PID:2060
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxiyrk.exe"
        77⤵
        
        PID:432
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wemymc.exe"
        76⤵
        
        PID:3788
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgsigo.exe"
        75⤵
        
        PID:1892
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wml.exe"
        74⤵
        
        PID:5020
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvbglwu.exe"
        73⤵
        
        PID:3732
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whauc.exe"
        72⤵
        
        PID:1428
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\walmh.exe"
        71⤵
        
        PID:3592
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wujsg.exe"
        70⤵
        
        PID:8
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wctuneh.exe"
        69⤵
        
        PID:3356
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwptsss.exe"
        68⤵
        
        PID:2152
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\weikfkp.exe"
        67⤵
        
        PID:3012
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wcdij.exe"
        66⤵
        
        PID:4548
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdxbfxul.exe"
        65⤵
        
        PID:3160
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmnjxmoq.exe"
        64⤵
        
        PID:5076
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxnxnu.exe"
        63⤵
        
        PID:5040
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wygqju.exe"
        62⤵
        
        PID:1920
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wogc.exe"
        61⤵
        
        PID:1220
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wsaw.exe"
        60⤵
        
        PID:1892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 1256
        60⤵
        Program crash
        
        PID:4936
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmxdlmgx.exe"
        59⤵
        
        PID:3520
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\woaytlhc.exe"
        58⤵
        
        PID:3580
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\waanktokc.exe"
        57⤵
        
        PID:3532
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmnrub.exe"
        56⤵
        
        PID:4456
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjipx.exe"
        55⤵
        
        PID:2428
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wndj.exe"
        54⤵
        
        PID:4664
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdc.exe"
        53⤵
        
        PID:5092
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdhjuqgb.exe"
        52⤵
        
        PID:4192
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wssfkqco.exe"
        51⤵
        
        PID:3356
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnqmiir.exe"
        50⤵
        
        PID:1724
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmayg.exe"
        49⤵
        
        PID:4684
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wju.exe"
        48⤵
        
        PID:2560
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wyf.exe"
        47⤵
        
        PID:3136
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtexys.exe"
        46⤵
        
        PID:2316
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvwst.exe"
        45⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 116
        45⤵
        Program crash
        
        PID:4756
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlvdbrxn.exe"
        44⤵
        
        PID:3744
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkgqyb.exe"
        43⤵
        
        PID:2956
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgboblp.exe"
        42⤵
        
        PID:620
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgyq.exe"
        41⤵
        
        PID:4880
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmxbp.exe"
        40⤵
        
        PID:4908
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whgrv.exe"
        39⤵
        
        PID:776
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnqwrgnx.exe"
        38⤵
        
        PID:2720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 224
        38⤵
        Program crash
        
        PID:2920
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wyqmjo.exe"
        37⤵
        
        PID:4860
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbyv.exe"
        36⤵
        
        PID:4604
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wyjjtx.exe"
        35⤵
        
        PID:264
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjrkhosbc.exe"
        34⤵
        
        PID:436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 1396
        34⤵
        Program crash
        
        PID:1832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 1456
        34⤵
        Program crash
        
        PID:4760
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wglimxh.exe"
        33⤵
        
        PID:3156
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wweqg.exe"
        32⤵
        
        PID:5004
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whppfid.exe"
        31⤵
        
        PID:4900
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxoymh.exe"
        30⤵
        
        PID:4860
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkeeuok.exe"
        29⤵
        
        PID:1208
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whxday.exe"
        28⤵
        
        PID:1676
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnqsl.exe"
        27⤵
        
        PID:1596
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqlmh.exe"
        26⤵
        
        PID:4364
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwfctkicp.exe"
        25⤵
        
        PID:3716
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvnpqu.exe"
        24⤵
        
        PID:220
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxwy.exe"
        23⤵
        
        PID:4272
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjwnvdd.exe"
        22⤵
        
        PID:4324
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whrla.exe"
        21⤵
        
        PID:4288
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmbqwmw.exe"
        20⤵
        
        PID:1744
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\weorx.exe"
        19⤵
        
        PID:2800
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wsamm.exe"
        18⤵
        
        PID:4380
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvtg.exe"
        17⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wcnv.exe"
        16⤵
        
        PID:3308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 1384
        16⤵
        Program crash
        
        PID:1228
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wngjw.exe"
        15⤵
        
        PID:1172
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wuuroe.exe"
        14⤵
        
        PID:4288
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtlf.exe"
        13⤵
        
        PID:1744
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfwewu.exe"
        12⤵
        
        PID:3168
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\weck.exe"
        11⤵
        
        PID:2644
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdwhfj.exe"
        10⤵
        
        PID:3020
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjfoj.exe"
        9⤵
        
        PID:1044
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wypiy.exe"
        8⤵
        
        PID:4600
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnydn.exe"
        7⤵
        
        PID:1196
      - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkfmaqvai.exe"
        6⤵
        
        PID:4076
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbfr.exe"
        5⤵
        
        PID:4720
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfktlnn.exe"
      4⤵
      PID:1100
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkmbkkn.exe"
    3⤵
    PID:3508
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 1340
    3⤵
    - Program crash
    PID:2408
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c del "C:\Users\Admin\AppData\Local\Temp\a789d85112422769a4e5bfd578aeb490_NeikiAnalytics.exe"
  2⤵
  PID:2468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3336 -ip 3336
1⤵
PID:1224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 2580 -ip 2580
1⤵
PID:3424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4844 -ip 4844
1⤵
PID:3012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 4844 -ip 4844
1⤵
PID:3580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 4184 -ip 4184
1⤵
PID:1672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 3328 -ip 3328
1⤵
PID:1616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4692 -ip 4692
1⤵
PID:224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2080 -ip 2080
1⤵
PID:2152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 2700 -ip 2700
1⤵
PID:3240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 4236 -ip 4236
1⤵
PID:2404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\wbfr.exe

Filesize
82KB

MD5
f774dcba2a6acfecbd25b19aa48f85e9

SHA1
c1b3ad19dc48bbff11411880a55f553246624ea5

SHA256
c1e96b7ef75ade0236b4f4e86650d46946f04fc07555e3d37595a2f7d85015a5

SHA512
d91bb292f855f3254ce5f27342b5d6e1a195b032ef8f0bcc1ec00064c79e71a69a91fa775b49f744d4cbfeb3399518dac56f24ffc362f6db32a0032fb1323af8

Download Submit
C:\Windows\SysWOW64\wcnv.exe

Filesize
82KB

MD5
fef9e3150c8579e1d8e37f9176801d9b

SHA1
4d01e3e7bbe1d10377881d54c736d933d8069217

SHA256
9b8d50164ef63ca256129f709906af792147bc2bf78381619fe91d612a91fae8

SHA512
03e1b36e74713182c1ffb7ad2caa2e5dc5331586d095e67c39a24613916153f96e696f85ec56986ac0e4471a3096ef9df7cf1dc77d41da59745d999f665fa8ba

Download Submit
C:\Windows\SysWOW64\wdwhfj.exe

Filesize
82KB

MD5
0c5d989a6da959892d20b2d425e5f758

SHA1
89996e61d303c00c3e90929f8c0092d0d850a7af

SHA256
24d3b740d71f1bc6eefe8a618d84007d982ea93f43a387d787dd4e4f9471548a

SHA512
7d60ad8dc1a36b2c30f6d9e184500b4e8516bd29a3d02f7bae6a3d585876d019f84d76d98481606cbb002e8cb160a223a53fa42caddc72b5cc657d7eb7a3456a

Download Submit
C:\Windows\SysWOW64\weck.exe

Filesize
82KB

MD5
6fa63c85202a93a4b777a5434de2a359

SHA1
8c2f9892ad723955a5a73558631982b9ae9ebe1d

SHA256
e7f0d54f809a64e24831938803c14b0538836e625ca3ad018cbb4b267ef3cf52

SHA512
b5392aa706f6ae264f7025a5b31345ce11cbf6a0f5be28b2a1df0f138dd25c8cb6d0b5ebd2430edd89252da266e67f2ab3c7e80c36156cd9f00552aa09a11a8d

Download Submit
C:\Windows\SysWOW64\weorx.exe

Filesize
82KB

MD5
de38face69910a9fd8a26afbdfa7a5e3

SHA1
4baad2e27362a78dff742afe2afae751e2bc7c4d

SHA256
2c2e99f12974df39cce651e59cfe2d27c2ee3b5a83aa7a5fc5feb03f5764922e

SHA512
3090f2b30955f91015af115dc7e287d210cd1edf06c5a4cb4d651bf09e2074ba201fb913eb8c01304ee1e0c0473eaf7478dddfa631bc6cde64dabf0d96305df2

Download Submit
C:\Windows\SysWOW64\wfktlnn.exe

Filesize
82KB

MD5
af316f1a487525017271b0718f47557c

SHA1
ed9da18dc640f6b7ed1260175cdcc6afe7abdba3

SHA256
396480f2b06f7ab3c3b4b8909ff438d179f2a34abfbff380440acfc1b7dc501c

SHA512
3bc7bf457c112a28cd04ec86b304dfe5edb9024ef38d3d97f6b6548bd6b092c0807f7e82742cc9e3dcd0a08bb1fce9f6157ee0faf772301cddaf455cb10f5190

Download Submit
C:\Windows\SysWOW64\wfwewu.exe

Filesize
82KB

MD5
a8b84c25564042c037a69569f92b3d86

SHA1
b3a41f32da1c1256b40e48aa913014e9ab2f3e52

SHA256
e78657b346a725911de93bd9c2765e77b48448d3730de6b5e488cad3993ff0fc

SHA512
ae2d2fdd44364e35b410e7acd4510b1d6922131205f90e09c9f0a05371b54f6a9d21600958e20522743586c3d1fc1d904092b9ffa6f683b1fd169517b1bef2fb

Download Submit
C:\Windows\SysWOW64\wglimxh.exe

Filesize
83KB

MD5
abe42e229d41c9eb97d4e2b45b28f2d0

SHA1
ebce7b88f696cdb19148be70081c7e34f33b0a08

SHA256
4e5920eed7ffb7989889181e1f5f8537c0db86f9804d835130222b946d8bef5d

SHA512
52ee1ad2d2ba13e82c8b0ffd288007cf5e96fd4260694d4a670c736e0f2f247378e446c2069a7066ad27f902ea18e1a271141ae7fa271faa8710abc4ea1de8d1

Download Submit
C:\Windows\SysWOW64\whppfid.exe

Filesize
82KB

MD5
f3f5ceb6af213071f922772061688c2c

SHA1
4018e041cabed98a8703ebe55f6526a8b22e9132

SHA256
163d439597d0b58d1cba99937cfcb057d3fb5d38f76f7481190d56f9c04e4c43

SHA512
d9306e7d0a65265dd2e478be2c9348192463a667b5790088c21d5946dd7358b624a57122d918044b34e67e44b885be6ccfd9aa841073340e13989aff9d1a89ce

Download Submit
C:\Windows\SysWOW64\whrla.exe

Filesize
82KB

MD5
84f4e34c9210d2406a6bab452cca60fc

SHA1
3266e099cbe997118f30f34bbb21c03cd44c860e

SHA256
de21e76d1d55a0b3f2d5667075dad3771dd2d36314dd6be1efc38759df96413d

SHA512
241118433637fd19047aa9fce56d476b87ef1738fd250b744fb96b747e39fe80461a8cb56ce7592c04aeb2cadfdf729e8bbfffef8c5fca4fa4942726a9371535

Download Submit
C:\Windows\SysWOW64\whxday.exe

Filesize
82KB

MD5
8be7d74734babde779b2c44484f1df54

SHA1
537e158ba2bf814e0bd785602b316099e1914343

SHA256
08a82a4faebcfe521397dc4531927a50f33ec6be895fd9266e414dcdb2bda764

SHA512
a8818c969207a5b20f8562f8977ce3cc90ad5fcddf3e2bc687aedb144a71f2a8dc022c802c7170178118bc4abbb4cad393f814703870d7775d61d0a736b9dcd6

Download Submit
C:\Windows\SysWOW64\wjfoj.exe

Filesize
82KB

MD5
ff04d6f92e1b9e6754fcf0e4bf774bdd

SHA1
48b650ad5be4f160e395b027d3b0fffece961309

SHA256
a6b2a067fceefde7f7ce052451ea26000c79f2b696da77227f150303746496e0

SHA512
182a7c89942a39720f61c63dba31a3d0a2e3cb9ea4254389354720419b0005356c3fb4500e6e68e795e501c0201113a2fc3b1306bfa09dc1e3ad8cd3541fcf7c

Download Submit
C:\Windows\SysWOW64\wjrkhosbc.exe

Filesize
83KB

MD5
52b82d2ffefad628fc0dd8bfbe9f4168

SHA1
e503f9fc55db8ac3e4953349fdb868f160141663

SHA256
bf96b820fdc22c117cea8ea9de9204aef33daf76b7f615dbae48866ccbfa9e11

SHA512
d500f6bd1e3948ef8d7bb8d26b243461041e7dc4d3e953c7de8e3488fc3cde15a41f0a6cdd59cee9847dce3a0818f5f582d4d554f39c5d57778700af9309b1eb

Download Submit
C:\Windows\SysWOW64\wjwnvdd.exe

Filesize
82KB

MD5
2adac722a47e9d7fdca1f2a22430ce4d

SHA1
53cf37e3ff576c412bdac516ec7f05b3ae979691

SHA256
4730a8094373aaa8a5870e7bcb07ce9ce7b8ce32468c304b7d1256a235163bc0

SHA512
a161576df16fe98bb1536384a6e3a179b430d5ef77db3c03620bb6ea98f3a8726db93ca961f405ee7c61919ecfe81491313884416a68780748411ffc024e32bc

Download Submit
C:\Windows\SysWOW64\wkeeuok.exe

Filesize
82KB

MD5
1dcf7cac63cb13f45b633aec04e95b83

SHA1
1582dedacab36bb60b6a4078bed7b9cf45e6634f

SHA256
83a9b54ebf3f2640148b756f75a55c975f0645105317bdd311c91f3723413ff3

SHA512
db40d8f8a0738fcaa23049d2a2e06bd9fb7358fc11f247f426ab4135489e37b58330db19073df43c0e2d6dcbb5c985c1d3eb4e43b5809cfd756c2bc719d35940

Download Submit
C:\Windows\SysWOW64\wkfmaqvai.exe

Filesize
82KB

MD5
268db830daad1d8c93ed003bfa9bca21

SHA1
e3ade5934462e64909791ada09f12779098bb41c

SHA256
b101e9aec54d954afdfa16dc84272b31ba4203bb6307cb6bd9b17a8cb9602e46

SHA512
7d1b0552bfe9c78b9dedd8a5fd049b1555c5e44eadff54c68b120f0dfcf349bca5a93b0643c0a1bd7c7f08369654d18587e0934c15c1c08bdc32cfb9eaa7dab8

Download Submit
C:\Windows\SysWOW64\wkmbkkn.exe

Filesize
82KB

MD5
19c3e0e9ff5129bef061d29e3eca58de

SHA1
e1fd12a166aacf9b1313a43c0c62ea2375ea6884

SHA256
ed8f4c6a693611ab0c53be19bd9459a1d61e16a3f4549ca6c51e17649d45f265

SHA512
9299d2df45dd76fedc65468a6250c140f9e5436e0ba1c6c48e5566687d22c5f6bcaffbfd2b6dc4be01f662da9c6c676c02f13e491beab8e470864a03a2b354d7

Download Submit
C:\Windows\SysWOW64\wmbqwmw.exe

Filesize
82KB

MD5
f7dc91588d61307ed9e04daa924ee576

SHA1
c1f038e399581971f36fe3f1ebdcac5705824b7d

SHA256
18e3554d8324b83eef24b545db8f78185a3052d8cc700c94d867b4ea81185eca

SHA512
b23fe9a3ed649f0766d5b3dd290baca24234ae456560cd105fe296464f9973d95d70e4b6bcc3c31e67785a44c243c2793e1627080b928f68c2df129a9304c31a

Download Submit
C:\Windows\SysWOW64\wngjw.exe

Filesize
82KB

MD5
53d7e2ee49d65f763bd6b7adaff145af

SHA1
483173e085f6c5e74b78feb71935b94cb8552afa

SHA256
7710b777ea32c46a843fe26a61cfd3b74027bb1961452e258d2e464afce4807d

SHA512
cd1b6cb718896929d7ff3f1aaa517785ba24c07c1120d5fb4fa47fe61af7973684b6a1f23fa9eb0ea84ad5c652801bfb1b667e67a032712cbde4c45fb7e909ab

Download Submit
C:\Windows\SysWOW64\wnqsl.exe

Filesize
82KB

MD5
07136915d25152d40203fcc723e52036

SHA1
74702be157945cdec24b0e2ac9cc15e5c003352e

SHA256
755bbd8778c7802d9347ef72eb5ae875116cd206415d44fc5482ba125ecd7f59

SHA512
dc61e8eba10d9faf5580e5f4654bc2f93ecbc79d0bab290866c77d1b76853da3c689ccb37f45d3a85af672403d7b3be8f28b9a91b42a081f6d79bfa2b32708c8

Download Submit
C:\Windows\SysWOW64\wnydn.exe

Filesize
82KB

MD5
6197bec9db2f4b0d3bfb555739cfd05d

SHA1
1fc3fb6aa58a1223deb88d8bcee67eea0ca1f84c

SHA256
9bd267e7fafd2a792dd12692dc50915d7aa18a83e1ee2b822bce8099a394c6e6

SHA512
82742a0d37a87379b09fb93b8a6787f0d2d642176f11ebb08af48f02c9994657c2c41f4715df30e4783e7289d9e6aa9675870bfbacf5ea69e65995f6abea6c2f

Download Submit
C:\Windows\SysWOW64\wqlmh.exe

Filesize
82KB

MD5
441bef8d0626f7af438fe9ea89ac3c2e

SHA1
fc217f78b7b0073b94686a2673cac989876e5502

SHA256
0e430be4b52e62e6cf201e3caf0996c04e7283b2f73dd52ba61be80c9cc4e603

SHA512
a331f680d1bb8aa1647e20add216425443e5a6eabefb2ad90fab3be3ed75ac3497c2b369f4e55899dd7eebd96b5eb844e51978c5a380f4c7d144701fd7372352

Download Submit
C:\Windows\SysWOW64\wsamm.exe

Filesize
82KB

MD5
bbe9df2fb9c588b45641eee686a9d599

SHA1
2e0637b3c2179f0006019a74f42fa1897b5cb50c

SHA256
7a6e693ea01d7e20438c9d073da9113803823dabd0e491c7cfac4c094f338cb5

SHA512
9df697e12a7cfa8ee8835bc6e2359ac58fd7d423f8d73886a8c2b78c94b3bf43c304d6ea8c30d5e01aa2fff2464e262201f39532989d8aa61b87f2f7828c9cc3

Download Submit
C:\Windows\SysWOW64\wtlf.exe

Filesize
82KB

MD5
ad242e0a48b944c04479cfaa6afde832

SHA1
2e16a0329118a2ee96239bb40773a52032ca1a4c

SHA256
ac38af13f411457e17ea77762ca827ea1f1248c9de2b41c17863e0f6a88170f0

SHA512
7894896a456fc44902a7f530578f249f731e63b88f60a7126a6130b71d6e63b05cc2d3f07b3c8362adc75afb22de509cee3ff0c6719ceb644de2bea705117811

Download Submit
C:\Windows\SysWOW64\wuuroe.exe

Filesize
82KB

MD5
a3c6b562687a99330590f42af38788fe

SHA1
e36f7afc6f1be5c4c60f584439858b7ab353d586

SHA256
7cd2e2438df7b2380bb007cdd94e92165407ba0df8c1f8c75647d8b9aedbd071

SHA512
b23cd4e62f4ab9457d32d99b64d20bf8b68853f8e8c4854444081693f927c4dd462f52d30321ad9446e61646a62322ef6f082d71cd34e9c89db75701a3e58eff

Download Submit
C:\Windows\SysWOW64\wvnpqu.exe

Filesize
82KB

MD5
15037ca9a5857155dc8909bceec04e33

SHA1
474ef10f9b0da8a0de27440b7b2e799e86ea74e7

SHA256
55c13c7afe187a59eb793ab26ab61e04e8b74a7705ae9041f188570262a9d052

SHA512
25ed88d6ec8a1ccfe55e5c6a80f5a4714ed407ea3b40a208a7fbb91339a6de9ad0ab7d0c50b7e429b1d00262e23215365e0ae72491bcca7776d1c0afe0be76fd

Download Submit
C:\Windows\SysWOW64\wvtg.exe

Filesize
82KB

MD5
233c12b41353276a40f965d80f6e46df

SHA1
6845434b7a78b58c56f23fe7685316430245ba50

SHA256
2819286f9b9c6c2bf9b2244c5de9120ee8d780ece15163b7469d714237b1d506

SHA512
249e9b9bca567fed0212579b5b3bfb61585b928c1e41ebda4b2f666fc1e61880b8aff2dd835f6f9896a844088ef4260c08b16b8ebaec5611e53da53fae4edb24

Download Submit
C:\Windows\SysWOW64\wweqg.exe

Filesize
82KB

MD5
4903444fe5083422e2edfda127cd867c

SHA1
d589df4ca439843b324c174dddd4c09692776d5e

SHA256
3dee3d40f7b629db45805c7752100944d9586096ccc6c66106d960b6a1e17e47

SHA512
6e7ec09a0171f06de97a80875c7dbfab6eca84ee6db1eb64f63348d999ebe24ac7aa3e6258e8245f8161b2306d08efd6a781eb46793b6e5add41bc3e21b11453

Download Submit
C:\Windows\SysWOW64\wwfctkicp.exe

Filesize
82KB

MD5
4160271f7fb2964df5140bbb7b65918d

SHA1
23a12925b393befe2a746527242e7b3637929810

SHA256
fc1ccec959180eca8277df23e10b58ec450871eb18839ed6f70dd609f17fb410

SHA512
722611e99e757ce2f63b6c6121e11de7e7a62e327c2c9726890e8c1fb23cf1afa09f9bf5456a6357700b55f42e0702b33a130ba59a8a584a3d70d41260a46919

Download Submit
C:\Windows\SysWOW64\wxoymh.exe

Filesize
82KB

MD5
a9f856ab913cbc31488ba7db21346b67

SHA1
92ec030a15772bae89f7f294dc779b416b8242d3

SHA256
8723a1a4175eb363feb663b84491822a21dfdd79fad4420802d183a4f42e2a70

SHA512
9d65d21767f5639d4778ffe39c6779973fee6ce6fa527e00b161135292f6370eec3c24c3b0f3dc81382e88e1d1288075c37fbeb5c470c1c17b0800e5ed51e435

Download Submit
C:\Windows\SysWOW64\wxwy.exe

Filesize
82KB

MD5
3ebde9ca11f23819cbd27c846804f519

SHA1
c533bc964fcf4e0faa3d6cc00d3afc3565f36c75

SHA256
ed92dfbc5839b84d99a25070ec70a003b81491b48388514e66376f501e84eea5

SHA512
4db3737720fc506ec8e2f8113eb7ff1ce63a27654f759a3b6b9b561a685f273f7d5713eb9f07ce4259a26c5a7d05b7135fb90f5e4b5941a06a2e48c49bb0d540

Download Submit
C:\Windows\SysWOW64\wypiy.exe

Filesize
82KB

MD5
f93c625887014e577baecd0dc39098cb

SHA1
e697c27806fc2a63352212a264bec92eb7f65cd4

SHA256
322f64d7fe9888f7332bf99eb8036749856610329860ac6076a8bb516b489260

SHA512
2e9976a2a88b50b6ca4642d9af0cf96dc3d145f9253fffbc85843bb8ff32c3f3d4f50f416d3768b01ee1c8c02e7a730ae6d838d29f147428fd628cc29aedd9f8

Download Submit
memory/216-592-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/216-440-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/216-523-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/216-601-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/552-321-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/644-290-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/732-116-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/964-651-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/964-642-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/964-566-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1104-515-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1136-609-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1148-634-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1500-269-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1504-146-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1588-187-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1596-348-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1672-584-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1672-574-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1884-279-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1896-177-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1972-156-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1972-167-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1992-0-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1992-11-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2000-54-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2000-42-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2152-416-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2152-406-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2224-474-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2456-482-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2468-64-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2468-75-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2488-43-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2580-157-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2580-449-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2596-618-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2612-289-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2612-301-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2616-207-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2800-407-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2800-397-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2888-228-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3032-96-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3032-85-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3152-491-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3236-21-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3236-32-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3308-249-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3308-541-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3308-531-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3328-583-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3328-432-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3328-593-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3336-9-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3336-22-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3532-331-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3536-86-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3540-466-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3540-457-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3576-300-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3576-311-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3584-106-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3596-507-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3616-643-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3700-197-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3796-217-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3804-499-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3992-65-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3992-53-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4104-136-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4184-372-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4336-415-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4336-424-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4360-540-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4360-549-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4364-398-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4432-389-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4508-532-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4516-448-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4516-458-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4580-238-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4580-227-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4584-626-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4584-617-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4584-126-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4684-248-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4684-259-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4692-557-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4724-347-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4724-356-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4736-381-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4756-364-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4844-339-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/5032-575-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/5032-565-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download