7b6e04f42945bfcbaf030e10e7a9f1bf8d13957ac3344717ee902326ededad44

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 22:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4d3a867c1ce25b918dc4fa45136a2b40_NeikiAnalytics.exe
Size

316KB
MD5

4d3a867c1ce25b918dc4fa45136a2b40
SHA1

d8e6aeba24399861a646f318575ea01fa11f1db8
SHA256

7b6e04f42945bfcbaf030e10e7a9f1bf8d13957ac3344717ee902326ededad44
SHA512

23e4edc3a0cbd22537d42d7704ef386dd4379508058e03e6e1cdea248159ded17abf5c171fce16f6476b3c080695e1a5acd71815dfe72f40a50373b96b2d3f3b
SSDEEP

3072:mYUb5QoJ4g+LsP9iGqT8ZjKIz1ZdW4SrOLVSVpe1GhpSBfmy:mY699qT8hKSZI4zLVSVpe1GvOff

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 64 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

wexyyx.exewbo.exewtjoi.exewgtnkyg.exewywokl.exewumhj.exewuqqcooo.exewpy.exewvqoq.exewjsw.exewecsjn.exewiahjhh.exewdil.exewgfo.exewjw.exewbntvt.exewfgq.exewvo.exewrif.exewydyemmvl.exewwyauvk.exewnbw.exewidcswr.exewnkm.exewbolmnkj.exewihnferv.exewbeoip.exewkdtkqf.exewpaponjw.exewtfpkt.exewgrahmqvu.exewslbgdc.exewbku.exewwucw.exewuryewt.exewldfyn.exewqkxb.exewpayjh.exewbscwk.exewllgjnus.exewlonflrm.exewfarxaqm.exewsbejlpyq.exewinx.exewcyi.exewml.exewduqsp.exewrlrpj.exewrkdwtt.exewnxkei.exewamrlnphm.exe4d3a867c1ce25b918dc4fa45136a2b40_NeikiAnalytics.exewbqkv.exewan.exewtbqov.exewxvmxd.exewbjaqe.exewmmmfg.exewtkgle.exewdjkmfp.exewjhamnw.exewguobqy.exewvmdddy.exewmikbcd.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wexyyx.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wbo.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wtjoi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wgtnkyg.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wywokl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wumhj.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wuqqcooo.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wpy.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wvqoq.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wjsw.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wecsjn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wiahjhh.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wdil.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wgfo.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wjw.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wbntvt.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wfgq.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wvo.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wrif.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wydyemmvl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wwyauvk.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wnbw.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	widcswr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wnkm.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wbolmnkj.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wihnferv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wbeoip.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wkdtkqf.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wpaponjw.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wtfpkt.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wgrahmqvu.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wslbgdc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wbku.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wwucw.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wuryewt.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wldfyn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wqkxb.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wpayjh.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wbscwk.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wllgjnus.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wlonflrm.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wfarxaqm.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wsbejlpyq.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	winx.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wcyi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wml.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wduqsp.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wrlrpj.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wrkdwtt.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wnxkei.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wamrlnphm.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	4d3a867c1ce25b918dc4fa45136a2b40_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wbqkv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wan.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wtbqov.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wxvmxd.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wbjaqe.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wmmmfg.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wtkgle.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wdjkmfp.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wjhamnw.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wguobqy.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wvmdddy.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation	wmikbcd.exe

Executes dropped EXE 64 IoCs

Processes:

wpaponjw.exewffet.exewxvmxd.exewbscwk.exewlahkjgd.exewlpkwcd.exewgfo.exewtfpkt.exewgrahmqvu.exewpy.exewjhamnw.exewjw.exewbo.exewllgjnus.exewdqf.exewtjoi.exewlonflrm.exewvqoq.exewgtnkyg.exewcyi.exewteguhsi.exewslbgdc.exewblfidpjk.exewjsw.exewwyauvk.exewywokl.exewguobqy.exewbku.exewfarxaqm.exewrkdwtt.exewsbejlpyq.exewbb.exewbqkv.exewfbrdgy.exewnbw.exewan.exewbntvt.exewinx.exewucpimre.exewecsjn.exewidcswr.exewbjaqe.exewrthfp.exewnkm.exewml.exewblal.exewnvj.exewejltyirb.exewwucw.exewfgq.exewege.exewvmdddy.exewbolmnkj.exewmmmfg.exewvo.exewbeoip.exewkdtkqf.exewihnferv.exewuryewt.exewumhj.exewqrdxq.exewrif.exewnxkei.exewmikbcd.exe

pid	process
4564	wpaponjw.exe
5032	wffet.exe
1952	wxvmxd.exe
1244	wbscwk.exe
2948	wlahkjgd.exe
4812	wlpkwcd.exe
3944	wgfo.exe
3792	wtfpkt.exe
4660	wgrahmqvu.exe
956	wpy.exe
2652	wjhamnw.exe
3124	wjw.exe
3456	wbo.exe
2956	wllgjnus.exe
4040	wdqf.exe
796	wtjoi.exe
5108	wlonflrm.exe
2708	wvqoq.exe
2948	wgtnkyg.exe
5052	wcyi.exe
5092	wteguhsi.exe
4404	wslbgdc.exe
2044	wblfidpjk.exe
4496	wjsw.exe
2772	wwyauvk.exe
640	wywokl.exe
4816	wguobqy.exe
4992	wbku.exe
4772	wfarxaqm.exe
1964	wrkdwtt.exe
316	wsbejlpyq.exe
2588	wbb.exe
3756	wbqkv.exe
4912	wfbrdgy.exe
3004	wnbw.exe
4120	wan.exe
1888	wbntvt.exe
3464	winx.exe
396	wucpimre.exe
2112	wecsjn.exe
4916	widcswr.exe
800	wbjaqe.exe
4912	wrthfp.exe
4856	wnkm.exe
1732	wml.exe
5064	wblal.exe
2848	wnvj.exe
4196	wejltyirb.exe
2688	wwucw.exe
5040	wfgq.exe
876	wege.exe
2708	wvmdddy.exe
4740	wbolmnkj.exe
4856	wmmmfg.exe
2192	wvo.exe
4404	wbeoip.exe
2468	wkdtkqf.exe
3240	wihnferv.exe
1124	wuryewt.exe
4564	wumhj.exe
528	wqrdxq.exe
3488	wrif.exe
820	wnxkei.exe
1496	wmikbcd.exe

Drops file in System32 directory 64 IoCs

Processes:

wfvy.exewiahjhh.exewqlv.exewbscwk.exewnbw.exewguobqy.exewbolmnkj.exewgfo.exewtfpkt.exewslbgdc.exewwyauvk.exewqrdxq.exewnmptvw.exewtkgle.exewbo.exewllgjnus.exewbjaqe.exewrthfp.exewhgyep.exewbqkv.exewecsjn.exewfbrdgy.exewnxkei.exewldfyn.exewqkxb.exewlahkjgd.exewcyi.exewml.exewblal.exewmikbcd.exewhkrvoa.exewffet.exewteguhsi.exewjhrfubap.exewjlijln.exewtbqov.exewdil.exewdjkmfp.exewuryewt.exewvmdddy.exewexyyx.exewnvj.exewrkdwtt.exewidcswr.exewege.exewqteieqia.exewlonflrm.exewgtnkyg.exewamrlnphm.exewduqsp.exewjhamnw.exewvqoq.exewydyemmvl.exewxvmxd.exe

description	ioc	process
File created	C:\Windows\SysWOW64\wjhrfubap.exe	wfvy.exe
File created	C:\Windows\SysWOW64\wdil.exe	wiahjhh.exe
File opened for modification	C:\Windows\SysWOW64\wpayjh.exe	wqlv.exe
File created	C:\Windows\SysWOW64\wlahkjgd.exe	wbscwk.exe
File created	C:\Windows\SysWOW64\wan.exe	wnbw.exe
File created	C:\Windows\SysWOW64\wbku.exe	wguobqy.exe
File opened for modification	C:\Windows\SysWOW64\wmmmfg.exe	wbolmnkj.exe
File created	C:\Windows\SysWOW64\wtfpkt.exe	wgfo.exe
File created	C:\Windows\SysWOW64\wgrahmqvu.exe	wtfpkt.exe
File opened for modification	C:\Windows\SysWOW64\wblfidpjk.exe	wslbgdc.exe
File created	C:\Windows\SysWOW64\wywokl.exe	wwyauvk.exe
File opened for modification	C:\Windows\SysWOW64\wrif.exe	wqrdxq.exe
File created	C:\Windows\SysWOW64\wamrlnphm.exe	wnmptvw.exe
File created	C:\Windows\SysWOW64\wdjkmfp.exe	wtkgle.exe
File opened for modification	C:\Windows\SysWOW64\wllgjnus.exe	wbo.exe
File opened for modification	C:\Windows\SysWOW64\wdqf.exe	wllgjnus.exe
File created	C:\Windows\SysWOW64\wrthfp.exe	wbjaqe.exe
File created	C:\Windows\SysWOW64\wnkm.exe	wrthfp.exe
File created	C:\Windows\SysWOW64\wphc.exe	whgyep.exe
File opened for modification	C:\Windows\SysWOW64\wfbrdgy.exe	wbqkv.exe
File created	C:\Windows\SysWOW64\widcswr.exe	wecsjn.exe
File opened for modification	C:\Windows\SysWOW64\wnbw.exe	wfbrdgy.exe
File opened for modification	C:\Windows\SysWOW64\wmikbcd.exe	wnxkei.exe
File opened for modification	C:\Windows\SysWOW64\wfvy.exe	wldfyn.exe
File opened for modification	C:\Windows\SysWOW64\wtkgle.exe	wqkxb.exe
File opened for modification	C:\Windows\SysWOW64\wlpkwcd.exe	wlahkjgd.exe
File created	C:\Windows\SysWOW64\wteguhsi.exe	wcyi.exe
File opened for modification	C:\Windows\SysWOW64\wywokl.exe	wwyauvk.exe
File opened for modification	C:\Windows\SysWOW64\wblal.exe	wml.exe
File created	C:\Windows\SysWOW64\wnvj.exe	wblal.exe
File created	C:\Windows\SysWOW64\wvioc.exe	wmikbcd.exe
File opened for modification	C:\Windows\SysWOW64\wqlv.exe	whkrvoa.exe
File created	C:\Windows\SysWOW64\wxvmxd.exe	wffet.exe
File created	C:\Windows\SysWOW64\wslbgdc.exe	wteguhsi.exe
File opened for modification	C:\Windows\SysWOW64\wjlijln.exe	wjhrfubap.exe
File opened for modification	C:\Windows\SysWOW64\wnmptvw.exe	wjlijln.exe
File created	C:\Windows\SysWOW64\wuqqcooo.exe	wtbqov.exe
File opened for modification	C:\Windows\SysWOW64\wydyemmvl.exe	wdil.exe
File opened for modification	C:\Windows\SysWOW64\whkrvoa.exe	wdjkmfp.exe
File opened for modification	C:\Windows\SysWOW64\wnkm.exe	wrthfp.exe
File opened for modification	C:\Windows\SysWOW64\wumhj.exe	wuryewt.exe
File opened for modification	C:\Windows\SysWOW64\wbolmnkj.exe	wvmdddy.exe
File created	C:\Windows\SysWOW64\wmikbcd.exe	wnxkei.exe
File created	C:\Windows\SysWOW64\wiahjhh.exe	wexyyx.exe
File opened for modification	C:\Windows\SysWOW64\wdil.exe	wiahjhh.exe
File created	C:\Windows\SysWOW64\wtkgle.exe	wqkxb.exe
File opened for modification	C:\Windows\SysWOW64\wslbgdc.exe	wteguhsi.exe
File opened for modification	C:\Windows\SysWOW64\wejltyirb.exe	wnvj.exe
File opened for modification	C:\Windows\SysWOW64\wsbejlpyq.exe	wrkdwtt.exe
File opened for modification	C:\Windows\SysWOW64\widcswr.exe	wecsjn.exe
File opened for modification	C:\Windows\SysWOW64\wbjaqe.exe	widcswr.exe
File created	C:\Windows\SysWOW64\wvmdddy.exe	wege.exe
File opened for modification	C:\Windows\SysWOW64\wuumrnbf.exe	wqteieqia.exe
File created	C:\Windows\SysWOW64\wvqoq.exe	wlonflrm.exe
File created	C:\Windows\SysWOW64\wcyi.exe	wgtnkyg.exe
File opened for modification	C:\Windows\SysWOW64\wqteieqia.exe	wamrlnphm.exe
File created	C:\Windows\SysWOW64\wtbqov.exe	wduqsp.exe
File created	C:\Windows\SysWOW64\wjw.exe	wjhamnw.exe
File opened for modification	C:\Windows\SysWOW64\wjhrfubap.exe	wfvy.exe
File created	C:\Windows\SysWOW64\wgtnkyg.exe	wvqoq.exe
File opened for modification	C:\Windows\SysWOW64\wqkxb.exe	wydyemmvl.exe
File created	C:\Windows\SysWOW64\wnmptvw.exe	wjlijln.exe
File created	C:\Windows\SysWOW64\wqkxb.exe	wydyemmvl.exe
File created	C:\Windows\SysWOW64\wbscwk.exe	wxvmxd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 10 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
4248	4564	WerFault.exe	wpaponjw.exe
4176	5032	WerFault.exe	wffet.exe
1932	4660	WerFault.exe	wgrahmqvu.exe
4388	796	WerFault.exe	wtjoi.exe
5060	5108	WerFault.exe	wlonflrm.exe
3288	4992	WerFault.exe	wbku.exe
4588	4404	WerFault.exe	wbeoip.exe
1424	3832	WerFault.exe	wldfyn.exe
4844	4896	WerFault.exe	wqteieqia.exe
1536	2924	WerFault.exe	whkrvoa.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

4d3a867c1ce25b918dc4fa45136a2b40_NeikiAnalytics.exewpaponjw.exewffet.exewxvmxd.exewbscwk.exewlahkjgd.exewlpkwcd.exewgfo.exewtfpkt.exewgrahmqvu.exewpy.exe

description	pid	process	target process
PID 2424 wrote to memory of 4564	2424	4d3a867c1ce25b918dc4fa45136a2b40_NeikiAnalytics.exe	wpaponjw.exe
PID 2424 wrote to memory of 4564	2424	4d3a867c1ce25b918dc4fa45136a2b40_NeikiAnalytics.exe	wpaponjw.exe
PID 2424 wrote to memory of 4564	2424	4d3a867c1ce25b918dc4fa45136a2b40_NeikiAnalytics.exe	wpaponjw.exe
PID 2424 wrote to memory of 3124	2424	4d3a867c1ce25b918dc4fa45136a2b40_NeikiAnalytics.exe	cmd.exe
PID 2424 wrote to memory of 3124	2424	4d3a867c1ce25b918dc4fa45136a2b40_NeikiAnalytics.exe	cmd.exe
PID 2424 wrote to memory of 3124	2424	4d3a867c1ce25b918dc4fa45136a2b40_NeikiAnalytics.exe	cmd.exe
PID 4564 wrote to memory of 5032	4564	wpaponjw.exe	wffet.exe
PID 4564 wrote to memory of 5032	4564	wpaponjw.exe	wffet.exe
PID 4564 wrote to memory of 5032	4564	wpaponjw.exe	wffet.exe
PID 4564 wrote to memory of 1584	4564	wpaponjw.exe	cmd.exe
PID 4564 wrote to memory of 1584	4564	wpaponjw.exe	cmd.exe
PID 4564 wrote to memory of 1584	4564	wpaponjw.exe	cmd.exe
PID 5032 wrote to memory of 1952	5032	wffet.exe	wxvmxd.exe
PID 5032 wrote to memory of 1952	5032	wffet.exe	wxvmxd.exe
PID 5032 wrote to memory of 1952	5032	wffet.exe	wxvmxd.exe
PID 5032 wrote to memory of 5056	5032	wffet.exe	cmd.exe
PID 5032 wrote to memory of 5056	5032	wffet.exe	cmd.exe
PID 5032 wrote to memory of 5056	5032	wffet.exe	cmd.exe
PID 1952 wrote to memory of 1244	1952	wxvmxd.exe	wbscwk.exe
PID 1952 wrote to memory of 1244	1952	wxvmxd.exe	wbscwk.exe
PID 1952 wrote to memory of 1244	1952	wxvmxd.exe	wbscwk.exe
PID 1952 wrote to memory of 4376	1952	wxvmxd.exe	cmd.exe
PID 1952 wrote to memory of 4376	1952	wxvmxd.exe	cmd.exe
PID 1952 wrote to memory of 4376	1952	wxvmxd.exe	cmd.exe
PID 1244 wrote to memory of 2948	1244	wbscwk.exe	wlahkjgd.exe
PID 1244 wrote to memory of 2948	1244	wbscwk.exe	wlahkjgd.exe
PID 1244 wrote to memory of 2948	1244	wbscwk.exe	wlahkjgd.exe
PID 1244 wrote to memory of 3940	1244	wbscwk.exe	cmd.exe
PID 1244 wrote to memory of 3940	1244	wbscwk.exe	cmd.exe
PID 1244 wrote to memory of 3940	1244	wbscwk.exe	cmd.exe
PID 2948 wrote to memory of 4812	2948	wlahkjgd.exe	wlpkwcd.exe
PID 2948 wrote to memory of 4812	2948	wlahkjgd.exe	wlpkwcd.exe
PID 2948 wrote to memory of 4812	2948	wlahkjgd.exe	wlpkwcd.exe
PID 2948 wrote to memory of 2288	2948	wlahkjgd.exe	cmd.exe
PID 2948 wrote to memory of 2288	2948	wlahkjgd.exe	cmd.exe
PID 2948 wrote to memory of 2288	2948	wlahkjgd.exe	cmd.exe
PID 4812 wrote to memory of 3944	4812	wlpkwcd.exe	wgfo.exe
PID 4812 wrote to memory of 3944	4812	wlpkwcd.exe	wgfo.exe
PID 4812 wrote to memory of 3944	4812	wlpkwcd.exe	wgfo.exe
PID 4812 wrote to memory of 5052	4812	wlpkwcd.exe	cmd.exe
PID 4812 wrote to memory of 5052	4812	wlpkwcd.exe	cmd.exe
PID 4812 wrote to memory of 5052	4812	wlpkwcd.exe	cmd.exe
PID 3944 wrote to memory of 3792	3944	wgfo.exe	wtfpkt.exe
PID 3944 wrote to memory of 3792	3944	wgfo.exe	wtfpkt.exe
PID 3944 wrote to memory of 3792	3944	wgfo.exe	wtfpkt.exe
PID 3944 wrote to memory of 5092	3944	wgfo.exe	cmd.exe
PID 3944 wrote to memory of 5092	3944	wgfo.exe	cmd.exe
PID 3944 wrote to memory of 5092	3944	wgfo.exe	cmd.exe
PID 3792 wrote to memory of 4660	3792	wtfpkt.exe	wgrahmqvu.exe
PID 3792 wrote to memory of 4660	3792	wtfpkt.exe	wgrahmqvu.exe
PID 3792 wrote to memory of 4660	3792	wtfpkt.exe	wgrahmqvu.exe
PID 3792 wrote to memory of 3280	3792	wtfpkt.exe	cmd.exe
PID 3792 wrote to memory of 3280	3792	wtfpkt.exe	cmd.exe
PID 3792 wrote to memory of 3280	3792	wtfpkt.exe	cmd.exe
PID 4660 wrote to memory of 956	4660	wgrahmqvu.exe	wpy.exe
PID 4660 wrote to memory of 956	4660	wgrahmqvu.exe	wpy.exe
PID 4660 wrote to memory of 956	4660	wgrahmqvu.exe	wpy.exe
PID 4660 wrote to memory of 1348	4660	wgrahmqvu.exe	cmd.exe
PID 4660 wrote to memory of 1348	4660	wgrahmqvu.exe	cmd.exe
PID 4660 wrote to memory of 1348	4660	wgrahmqvu.exe	cmd.exe
PID 956 wrote to memory of 2652	956	wpy.exe	wjhamnw.exe
PID 956 wrote to memory of 2652	956	wpy.exe	wjhamnw.exe
PID 956 wrote to memory of 2652	956	wpy.exe	wjhamnw.exe
PID 956 wrote to memory of 1248	956	wpy.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\4d3a867c1ce25b918dc4fa45136a2b40_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4d3a867c1ce25b918dc4fa45136a2b40_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:2424
- C:\Windows\SysWOW64\wpaponjw.exe
  "C:\Windows\system32\wpaponjw.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:4564
- - C:\Windows\SysWOW64\wffet.exe
    "C:\Windows\system32\wffet.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in System32 directory
    - Suspicious use of WriteProcessMemory
    PID:5032
  - - C:\Windows\SysWOW64\wxvmxd.exe
      "C:\Windows\system32\wxvmxd.exe"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:1952
    - - C:\Windows\SysWOW64\wbscwk.exe
        
        "C:\Windows\system32\wbscwk.exe"
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1244
      - C:\Windows\SysWOW64\wlahkjgd.exe
        
        "C:\Windows\system32\wlahkjgd.exe"
        6⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2948
        
        C:\Windows\SysWOW64\wlpkwcd.exe
        
        "C:\Windows\system32\wlpkwcd.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4812
        
        C:\Windows\SysWOW64\wgfo.exe
        
        "C:\Windows\system32\wgfo.exe"
        8⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:3944
        
        C:\Windows\SysWOW64\wtfpkt.exe
        
        "C:\Windows\system32\wtfpkt.exe"
        9⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:3792
        
        C:\Windows\SysWOW64\wgrahmqvu.exe
        
        "C:\Windows\system32\wgrahmqvu.exe"
        10⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4660
        
        C:\Windows\SysWOW64\wpy.exe
        
        "C:\Windows\system32\wpy.exe"
        11⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:956
        
        C:\Windows\SysWOW64\wjhamnw.exe
        
        "C:\Windows\system32\wjhamnw.exe"
        12⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2652
        
        C:\Windows\SysWOW64\wjw.exe
        
        "C:\Windows\system32\wjw.exe"
        13⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:3124
        
        C:\Windows\SysWOW64\wbo.exe
        
        "C:\Windows\system32\wbo.exe"
        14⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3456
        
        C:\Windows\SysWOW64\wllgjnus.exe
        
        "C:\Windows\system32\wllgjnus.exe"
        15⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2956
        
        C:\Windows\SysWOW64\wdqf.exe
        
        "C:\Windows\system32\wdqf.exe"
        16⤵
        Executes dropped EXE
        
        PID:4040
        
        C:\Windows\SysWOW64\wtjoi.exe
        
        "C:\Windows\system32\wtjoi.exe"
        17⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:796
        
        C:\Windows\SysWOW64\wlonflrm.exe
        
        "C:\Windows\system32\wlonflrm.exe"
        18⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:5108
        
        C:\Windows\SysWOW64\wvqoq.exe
        
        "C:\Windows\system32\wvqoq.exe"
        19⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2708
        
        C:\Windows\SysWOW64\wgtnkyg.exe
        
        "C:\Windows\system32\wgtnkyg.exe"
        20⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2948
        
        C:\Windows\SysWOW64\wcyi.exe
        
        "C:\Windows\system32\wcyi.exe"
        21⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:5052
        
        C:\Windows\SysWOW64\wteguhsi.exe
        
        "C:\Windows\system32\wteguhsi.exe"
        22⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:5092
        
        C:\Windows\SysWOW64\wslbgdc.exe
        
        "C:\Windows\system32\wslbgdc.exe"
        23⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4404
        
        C:\Windows\SysWOW64\wblfidpjk.exe
        
        "C:\Windows\system32\wblfidpjk.exe"
        24⤵
        Executes dropped EXE
        
        PID:2044
        
        C:\Windows\SysWOW64\wjsw.exe
        
        "C:\Windows\system32\wjsw.exe"
        25⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:4496
        
        C:\Windows\SysWOW64\wwyauvk.exe
        
        "C:\Windows\system32\wwyauvk.exe"
        26⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2772
        
        C:\Windows\SysWOW64\wywokl.exe
        
        "C:\Windows\system32\wywokl.exe"
        27⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:640
        
        C:\Windows\SysWOW64\wguobqy.exe
        
        "C:\Windows\system32\wguobqy.exe"
        28⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4816
        
        C:\Windows\SysWOW64\wbku.exe
        
        "C:\Windows\system32\wbku.exe"
        29⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:4992
        
        C:\Windows\SysWOW64\wfarxaqm.exe
        
        "C:\Windows\system32\wfarxaqm.exe"
        30⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:4772
        
        C:\Windows\SysWOW64\wrkdwtt.exe
        
        "C:\Windows\system32\wrkdwtt.exe"
        31⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1964
        
        C:\Windows\SysWOW64\wsbejlpyq.exe
        
        "C:\Windows\system32\wsbejlpyq.exe"
        32⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:316
        
        C:\Windows\SysWOW64\wbb.exe
        
        "C:\Windows\system32\wbb.exe"
        33⤵
        Executes dropped EXE
        
        PID:2588
        
        C:\Windows\SysWOW64\wbqkv.exe
        
        "C:\Windows\system32\wbqkv.exe"
        34⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3756
        
        C:\Windows\SysWOW64\wfbrdgy.exe
        
        "C:\Windows\system32\wfbrdgy.exe"
        35⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4912
        
        C:\Windows\SysWOW64\wnbw.exe
        
        "C:\Windows\system32\wnbw.exe"
        36⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3004
        
        C:\Windows\SysWOW64\wan.exe
        
        "C:\Windows\system32\wan.exe"
        37⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:4120
        
        C:\Windows\SysWOW64\wbntvt.exe
        
        "C:\Windows\system32\wbntvt.exe"
        38⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:1888
        
        C:\Windows\SysWOW64\winx.exe
        
        "C:\Windows\system32\winx.exe"
        39⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:3464
        
        C:\Windows\SysWOW64\wucpimre.exe
        
        "C:\Windows\system32\wucpimre.exe"
        40⤵
        Executes dropped EXE
        
        PID:396
        
        C:\Windows\SysWOW64\wecsjn.exe
        
        "C:\Windows\system32\wecsjn.exe"
        41⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2112
        
        C:\Windows\SysWOW64\widcswr.exe
        
        "C:\Windows\system32\widcswr.exe"
        42⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4916
        
        C:\Windows\SysWOW64\wbjaqe.exe
        
        "C:\Windows\system32\wbjaqe.exe"
        43⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:800
        
        C:\Windows\SysWOW64\wrthfp.exe
        
        "C:\Windows\system32\wrthfp.exe"
        44⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4912
        
        C:\Windows\SysWOW64\wnkm.exe
        
        "C:\Windows\system32\wnkm.exe"
        45⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:4856
        
        C:\Windows\SysWOW64\wml.exe
        
        "C:\Windows\system32\wml.exe"
        46⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1732
        
        C:\Windows\SysWOW64\wblal.exe
        
        "C:\Windows\system32\wblal.exe"
        47⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:5064
        
        C:\Windows\SysWOW64\wnvj.exe
        
        "C:\Windows\system32\wnvj.exe"
        48⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2848
        
        C:\Windows\SysWOW64\wejltyirb.exe
        
        "C:\Windows\system32\wejltyirb.exe"
        49⤵
        Executes dropped EXE
        
        PID:4196
        
        C:\Windows\SysWOW64\wwucw.exe
        
        "C:\Windows\system32\wwucw.exe"
        50⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:2688
        
        C:\Windows\SysWOW64\wfgq.exe
        
        "C:\Windows\system32\wfgq.exe"
        51⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:5040
        
        C:\Windows\SysWOW64\wege.exe
        
        "C:\Windows\system32\wege.exe"
        52⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:876
        
        C:\Windows\SysWOW64\wvmdddy.exe
        
        "C:\Windows\system32\wvmdddy.exe"
        53⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2708
        
        C:\Windows\SysWOW64\wbolmnkj.exe
        
        "C:\Windows\system32\wbolmnkj.exe"
        54⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4740
        
        C:\Windows\SysWOW64\wmmmfg.exe
        
        "C:\Windows\system32\wmmmfg.exe"
        55⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:4856
        
        C:\Windows\SysWOW64\wvo.exe
        
        "C:\Windows\system32\wvo.exe"
        56⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:2192
        
        C:\Windows\SysWOW64\wbeoip.exe
        
        "C:\Windows\system32\wbeoip.exe"
        57⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:4404
        
        C:\Windows\SysWOW64\wkdtkqf.exe
        
        "C:\Windows\system32\wkdtkqf.exe"
        58⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:2468
        
        C:\Windows\SysWOW64\wihnferv.exe
        
        "C:\Windows\system32\wihnferv.exe"
        59⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:3240
        
        C:\Windows\SysWOW64\wuryewt.exe
        
        "C:\Windows\system32\wuryewt.exe"
        60⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1124
        
        C:\Windows\SysWOW64\wumhj.exe
        
        "C:\Windows\system32\wumhj.exe"
        61⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:4564
        
        C:\Windows\SysWOW64\wqrdxq.exe
        
        "C:\Windows\system32\wqrdxq.exe"
        62⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:528
        
        C:\Windows\SysWOW64\wrif.exe
        
        "C:\Windows\system32\wrif.exe"
        63⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:3488
        
        C:\Windows\SysWOW64\wnxkei.exe
        
        "C:\Windows\system32\wnxkei.exe"
        64⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:820
        
        C:\Windows\SysWOW64\wmikbcd.exe
        
        "C:\Windows\system32\wmikbcd.exe"
        65⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1496
        
        C:\Windows\SysWOW64\wvioc.exe
        
        "C:\Windows\system32\wvioc.exe"
        66⤵
        
        PID:2132
        
        C:\Windows\SysWOW64\wldfyn.exe
        
        "C:\Windows\system32\wldfyn.exe"
        67⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:3832
        
        C:\Windows\SysWOW64\wfvy.exe
        
        "C:\Windows\system32\wfvy.exe"
        68⤵
        Drops file in System32 directory
        
        PID:5040
        
        C:\Windows\SysWOW64\wjhrfubap.exe
        
        "C:\Windows\system32\wjhrfubap.exe"
        69⤵
        Drops file in System32 directory
        
        PID:4308
        
        C:\Windows\SysWOW64\wjlijln.exe
        
        "C:\Windows\system32\wjlijln.exe"
        70⤵
        Drops file in System32 directory
        
        PID:4976
        
        C:\Windows\SysWOW64\wnmptvw.exe
        
        "C:\Windows\system32\wnmptvw.exe"
        71⤵
        Drops file in System32 directory
        
        PID:2960
        
        C:\Windows\SysWOW64\wamrlnphm.exe
        
        "C:\Windows\system32\wamrlnphm.exe"
        72⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:4564
        
        C:\Windows\SysWOW64\wqteieqia.exe
        
        "C:\Windows\system32\wqteieqia.exe"
        73⤵
        Drops file in System32 directory
        
        PID:4896
        
        C:\Windows\SysWOW64\wuumrnbf.exe
        
        "C:\Windows\system32\wuumrnbf.exe"
        74⤵
        
        PID:2812
        
        C:\Windows\SysWOW64\wduqsp.exe
        
        "C:\Windows\system32\wduqsp.exe"
        75⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:4960
        
        C:\Windows\SysWOW64\wtbqov.exe
        
        "C:\Windows\system32\wtbqov.exe"
        76⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:1196
        
        C:\Windows\SysWOW64\wuqqcooo.exe
        
        "C:\Windows\system32\wuqqcooo.exe"
        77⤵
        Checks computer location settings
        
        PID:1728
        
        C:\Windows\SysWOW64\wrlrpj.exe
        
        "C:\Windows\system32\wrlrpj.exe"
        78⤵
        Checks computer location settings
        
        PID:2212
        
        C:\Windows\SysWOW64\wqijo.exe
        
        "C:\Windows\system32\wqijo.exe"
        79⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\wexyyx.exe
        
        "C:\Windows\system32\wexyyx.exe"
        80⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:4988
        
        C:\Windows\SysWOW64\wiahjhh.exe
        
        "C:\Windows\system32\wiahjhh.exe"
        81⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:3096
        
        C:\Windows\SysWOW64\wdil.exe
        
        "C:\Windows\system32\wdil.exe"
        82⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:3700
        
        C:\Windows\SysWOW64\wydyemmvl.exe
        
        "C:\Windows\system32\wydyemmvl.exe"
        83⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:1236
        
        C:\Windows\SysWOW64\wqkxb.exe
        
        "C:\Windows\system32\wqkxb.exe"
        84⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:2592
        
        C:\Windows\SysWOW64\wtkgle.exe
        
        "C:\Windows\system32\wtkgle.exe"
        85⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:1968
        
        C:\Windows\SysWOW64\wdjkmfp.exe
        
        "C:\Windows\system32\wdjkmfp.exe"
        86⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:4196
        
        C:\Windows\SysWOW64\whkrvoa.exe
        
        "C:\Windows\system32\whkrvoa.exe"
        87⤵
        Drops file in System32 directory
        
        PID:2924
        
        C:\Windows\SysWOW64\wqlv.exe
        
        "C:\Windows\system32\wqlv.exe"
        88⤵
        Drops file in System32 directory
        
        PID:4244
        
        C:\Windows\SysWOW64\wpayjh.exe
        
        "C:\Windows\system32\wpayjh.exe"
        89⤵
        Checks computer location settings
        
        PID:2488
        
        C:\Windows\SysWOW64\whgyep.exe
        
        "C:\Windows\system32\whgyep.exe"
        90⤵
        Drops file in System32 directory
        
        PID:1620
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpayjh.exe"
        90⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqlv.exe"
        89⤵
        
        PID:1912
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whkrvoa.exe"
        88⤵
        
        PID:1648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 1108
        88⤵
        Program crash
        
        PID:1536
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdjkmfp.exe"
        87⤵
        
        PID:3116
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtkgle.exe"
        86⤵
        
        PID:3680
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqkxb.exe"
        85⤵
        
        PID:4904
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wydyemmvl.exe"
        84⤵
        
        PID:2312
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdil.exe"
        83⤵
        
        PID:4660
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wiahjhh.exe"
        82⤵
        
        PID:3568
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wexyyx.exe"
        81⤵
        
        PID:5092
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqijo.exe"
        80⤵
        
        PID:2988
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrlrpj.exe"
        79⤵
        
        PID:800
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wuqqcooo.exe"
        78⤵
        
        PID:3432
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtbqov.exe"
        77⤵
        
        PID:1244
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wduqsp.exe"
        76⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wuumrnbf.exe"
        75⤵
        
        PID:4780
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqteieqia.exe"
        74⤵
        
        PID:1236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 1564
        74⤵
        Program crash
        
        PID:4844
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wamrlnphm.exe"
        73⤵
        
        PID:3464
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnmptvw.exe"
        72⤵
        
        PID:2984
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjlijln.exe"
        71⤵
        
        PID:4248
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjhrfubap.exe"
        70⤵
        
        PID:1368
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfvy.exe"
        69⤵
        
        PID:2480
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wldfyn.exe"
        68⤵
        
        PID:1960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 1712
        68⤵
        Program crash
        
        PID:1424
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvioc.exe"
        67⤵
        
        PID:3244
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmikbcd.exe"
        66⤵
        
        PID:2876
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnxkei.exe"
        65⤵
        
        PID:3512
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrif.exe"
        64⤵
        
        PID:3108
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqrdxq.exe"
        63⤵
        
        PID:4360
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wumhj.exe"
        62⤵
        
        PID:2216
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wuryewt.exe"
        61⤵
        
        PID:4292
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wihnferv.exe"
        60⤵
        
        PID:716
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkdtkqf.exe"
        59⤵
        
        PID:4948
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbeoip.exe"
        58⤵
        
        PID:1876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 1536
        58⤵
        Program crash
        
        PID:4588
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvo.exe"
        57⤵
        
        PID:3108
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmmmfg.exe"
        56⤵
        
        PID:3488
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbolmnkj.exe"
        55⤵
        
        PID:4800
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvmdddy.exe"
        54⤵
        
        PID:2476
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wege.exe"
        53⤵
        
        PID:4812
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfgq.exe"
        52⤵
        
        PID:3116
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwucw.exe"
        51⤵
        
        PID:2572
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wejltyirb.exe"
        50⤵
        
        PID:2044
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnvj.exe"
        49⤵
        
        PID:1960
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wblal.exe"
        48⤵
        
        PID:4780
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wml.exe"
        47⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnkm.exe"
        46⤵
        
        PID:4800
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrthfp.exe"
        45⤵
        
        PID:2476
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbjaqe.exe"
        44⤵
        
        PID:4624
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\widcswr.exe"
        43⤵
        
        PID:4244
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wecsjn.exe"
        42⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wucpimre.exe"
        41⤵
        
        PID:1960
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\winx.exe"
        40⤵
        
        PID:820
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbntvt.exe"
        39⤵
        
        PID:4876
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wan.exe"
        38⤵
        
        PID:4240
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnbw.exe"
        37⤵
        
        PID:2212
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfbrdgy.exe"
        36⤵
        
        PID:3564
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbqkv.exe"
        35⤵
        
        PID:2128
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbb.exe"
        34⤵
        
        PID:3688
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wsbejlpyq.exe"
        33⤵
        
        PID:3512
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrkdwtt.exe"
        32⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfarxaqm.exe"
        31⤵
        
        PID:1228
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbku.exe"
        30⤵
        
        PID:3816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 1104
        30⤵
        Program crash
        
        PID:3288
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wguobqy.exe"
        29⤵
        
        PID:1988
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wywokl.exe"
        28⤵
        
        PID:2288
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwyauvk.exe"
        27⤵
        
        PID:2652
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjsw.exe"
        26⤵
        
        PID:3756
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wblfidpjk.exe"
        25⤵
        
        PID:2132
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wslbgdc.exe"
        24⤵
        
        PID:4660
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wteguhsi.exe"
        23⤵
        
        PID:4040
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wcyi.exe"
        22⤵
        
        PID:2556
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgtnkyg.exe"
        21⤵
        
        PID:5000
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvqoq.exe"
        20⤵
        
        PID:4580
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlonflrm.exe"
        19⤵
        
        PID:5044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 1396
        19⤵
        Program crash
        
        PID:5060
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtjoi.exe"
        18⤵
        
        PID:1692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 796 -s 536
        18⤵
        Program crash
        
        PID:4388
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdqf.exe"
        17⤵
        
        PID:528
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wllgjnus.exe"
        16⤵
        
        PID:2984
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbo.exe"
        15⤵
        
        PID:628
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjw.exe"
        14⤵
        
        PID:3436
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjhamnw.exe"
        13⤵
        
        PID:1852
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpy.exe"
        12⤵
        
        PID:1248
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgrahmqvu.exe"
        11⤵
        
        PID:1348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 768
        11⤵
        Program crash
        
        PID:1932
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtfpkt.exe"
        10⤵
        
        PID:3280
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgfo.exe"
        9⤵
        
        PID:5092
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlpkwcd.exe"
        8⤵
        
        PID:5052
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlahkjgd.exe"
        7⤵
        
        PID:2288
      - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbscwk.exe"
        6⤵
        
        PID:3940
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxvmxd.exe"
        5⤵
        
        PID:4376
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wffet.exe"
      4⤵
      PID:5056
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 1088
      4⤵
      Program crash
      PID:4176
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpaponjw.exe"
    3⤵
    PID:1584
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 1692
    3⤵
    - Program crash
    PID:4248
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c del "C:\Users\Admin\AppData\Local\Temp\4d3a867c1ce25b918dc4fa45136a2b40_NeikiAnalytics.exe"
  2⤵
  PID:3124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4564 -ip 4564
1⤵
PID:4032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 5032 -ip 5032
1⤵
PID:4928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 4660 -ip 4660
1⤵
PID:2192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 176 -p 4660 -ip 4660
1⤵
PID:4384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 796 -ip 796
1⤵
PID:1320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 5108 -ip 5108
1⤵
PID:544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 4992 -ip 4992
1⤵
PID:3048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4404 -ip 4404
1⤵
PID:1236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 3832 -ip 3832
1⤵
PID:4796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 4896 -ip 4896
1⤵
PID:3168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 176 -p 2924 -ip 2924
1⤵
PID:2040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6TQEXKX3\install[2].htm

Filesize
7KB

MD5
9463ba07743e8a9aca3b55373121b7c5

SHA1
4fdd121b2d2afd98881ab4cdb2d2a513ff5bb26f

SHA256
d5319a00eb7542e02c1e76cb20e2073c0411cd918e32094bc66f9147a0bfae6d

SHA512
6a1a97f37a5e607a3dc7f5fae343911a7f75d371a34ec27deb2971ee47388891f001d80959d37609d1c909af1674b4962da739e8a2cfce07e3d2ce6abf0c6ad7

Download Submit
C:\Windows\SysWOW64\wbb.exe

Filesize
317KB

MD5
ede6a67cfab7a979d113921bea4f72c4

SHA1
5a76ab9b5381836c2e1d4d1c64ba109d3732efe9

SHA256
18d7554ea6ef93ed888529069688e6528cfe40de20fd531e916b6023fe5d216b

SHA512
beb127d09f127a91d99c6034a0fb7c9e21adf09a3ad8c23cfc32ff75d40d16b7ffc3b405b83c3ffc2f444896f17eacf19382ec31d990b6a2189b79c3925fae1e

Download Submit
C:\Windows\SysWOW64\wbku.exe

Filesize
317KB

MD5
60d9848db17a433d809fd86048e8fc62

SHA1
5cc8466a5b2ec53318e9044e9f394ea3be02f801

SHA256
4914d88193b35b4eba5a817e37baf513b62324dc1512888b4510ca7390785ffa

SHA512
0e6fd974ef33289bca6ff16d9a9d86a948c76d6f4659f5bc3fefbb3df36fe7e68dd0ff607a8e7b1280d574dd80545287e96662ea270c45046e426a2cf23d0468

Download Submit
C:\Windows\SysWOW64\wblfidpjk.exe

Filesize
317KB

MD5
203ca6f2c0522b07c7ded4f59f8740d7

SHA1
957f6d5541e5379853c033b39f265bdad04726fd

SHA256
c87b09f7c9e83ed30a2f080af2a2324af7db41ec86ad165d7effbc91bd1b2b30

SHA512
d9d6f2bc4afbc1e6542ab30fe38f6a09471897c1a1f73f5a32c30d73cafcf76f30bb70484bd47c0ef8d6675dc2ea0d99ec3496397b410c293550cbaece5cf507

Download Submit
C:\Windows\SysWOW64\wbo.exe

Filesize
317KB

MD5
7db73852722e8b0920d9bad5c57f32a9

SHA1
a23692e70d9c335b51f1d69a86a9bafbb4a5d0cb

SHA256
d4982bb4f855ad4b9f13a93c59e99a96f21c541322c9e77a4c33a28fcb0cb943

SHA512
4da553dfdbc15280e02e4e8a632fed726e67affc75b74715902fc14709e73aabbca44a6438c16d2e9b22be3b83ccb4a14d42d86252e827c030daff53365d5ba7

Download Submit
C:\Windows\SysWOW64\wbscwk.exe

Filesize
316KB

MD5
f29ab80b61538340a9a4a7f7be22b647

SHA1
5589c175f4d57305037ff2cea1ec31d7de275ba3

SHA256
3f711adf014186450bbe64111bb78d6cd75a68a9cfe792b0de33767a1591131b

SHA512
75544b7a54334315c8ca908b4d0b126b6f7ea6a863c7297246dd07f6bae706ad03d3075e178d3945cab0cef42e2e54b083b31dcb64ecc6d2528928c0d1bee302

Download Submit
C:\Windows\SysWOW64\wcyi.exe

Filesize
317KB

MD5
efcb3aeead3db720bf5c2b8f121a8d1c

SHA1
a17ded6d2a598dd78e493ad2403ddba36c04c37a

SHA256
e10aa724375b1b9ee5bc744da14805542dd9aab839b4bfa38f887ad4c8d7c357

SHA512
6e1c3c392495cd28fbb8d75eb53e24c56e5cdc5ff30b522e2ee797614928d3e15d99f8db5107fbcd411b716fa53f903bb1b62bb05d6c1c96307b3f31c94fadda

Download Submit
C:\Windows\SysWOW64\wdqf.exe

Filesize
317KB

MD5
7628cf805423f3fdc8ab02b99154b968

SHA1
4b640f79f634c1279db06d92af7224ab251781e1

SHA256
521b4fb666792a86e64eb78b6e804402c09ae4c7d517ed7a3b9fce27ed7582fe

SHA512
472da57f91877080b9575c30135a90dbf7c7c1bd0e056b51c961775cd8bc543a1c4802a9566070a0744221e79040f10533b4d1cc142242a17d0e1cc4efbbe17d

Download Submit
C:\Windows\SysWOW64\wfarxaqm.exe

Filesize
317KB

MD5
f265d4f0745fb3ec94658d516f83d63d

SHA1
43dab28f720e99fe8b22d27abb1c563d9f632d65

SHA256
8442073760991f5f472952f3f3a45ccee4e999b8f28c21f366275bf3cab38d9e

SHA512
baa6d62a780294606af6c2ecd22611a0a9ec3f1b7be6846d5cee223d6958118b0473340a79daf0e5694d401fd880a83e757f80f008356b59ba7a0535251c8395

Download Submit
C:\Windows\SysWOW64\wffet.exe

Filesize
316KB

MD5
b1d7b30ab2f0924c42ac7f457d1a647c

SHA1
71a4458cdd82cf9c7d67a60afe063e7fc4290644

SHA256
23f66b83fe22a170cbf0f8b480706b2b155c7fc967a12acadb2e28348af783c5

SHA512
00adec4f27453f2082e1f5a70aeec62fb7bde6cc46a3b5c62e2b5fbaf0176e98c25963e3094462e611476f72fceb5afe883746de5b4229929e6f4db3e78b7240

Download Submit
C:\Windows\SysWOW64\wgfo.exe

Filesize
316KB

MD5
e89bcce32df63629ebd8b07cccdd3798

SHA1
2df8c23c1da75c515a4cfc3b0d4ff86c167ac4b3

SHA256
76c081caaccd4723abcf950a5030512fa3f82f541ca5dc20411aacbea7009348

SHA512
68b66de6794782bd6d7cbcd4c8e024794b4acb1d397bf3cdf0596d3beb98753084f478e1e65e36bdada5b018969b0f3933c34443ab3b897825ae93cbc02bcb69

Download Submit
C:\Windows\SysWOW64\wgrahmqvu.exe

Filesize
316KB

MD5
98029420a09d7c7c67bd1478978a6cc3

SHA1
2f65a1d872c4c6c5e7ddee04dbc8a714f266c3b8

SHA256
a5546fee3b581b0e990c0f46a5cb9d049033890b8bf1de6b9fb25cd95f9f30ca

SHA512
3f165dcf784e44f38afde1858e01e19c1e1a94ba49e055b1401534c47fc6f9f539287b4f4a8decd2cb1eba99d94a8186caa2ea2c3a4107c05c4e8d8c6dbda986

Download Submit
C:\Windows\SysWOW64\wgtnkyg.exe

Filesize
317KB

MD5
01b0051e57eea37a65770f825ad14313

SHA1
98da994cd9ab80ea8dcee45f694deaf6cf5e9881

SHA256
4a552fb07d50d1530157b174aaa4359114501713b90023f5fd1401a50d347df6

SHA512
d1990526f3238a98de790de8bb99cbd47854474367b775125a79f6628b8014ffceeeb4fa6eec8055cf46824953f5cfa0c7fb9ac98e9569f8be6bd5e67527433f

Download Submit
C:\Windows\SysWOW64\wguobqy.exe

Filesize
317KB

MD5
96600f76f5d36bf1bb7c7cc6d3efa468

SHA1
5212025d1cbe6bd1a7c1996ccaab1469198663fd

SHA256
ffb2123ec2294a8ee9ab80e751c3d081b819898cc047e3b76d245f1d018f710b

SHA512
0f1577a56b66538286395d4d690091e55f160e739cc8f6866bd9a8099b7386993edc989ed38c17c8762068ed78e561d095f66ab8bc2798621aa82fbf6d85a3cf

Download Submit
C:\Windows\SysWOW64\wjhamnw.exe

Filesize
316KB

MD5
75d1d3bf988f2741a224c004514c8862

SHA1
4baedcd1b772d7c5e450eb0386d63ce2c017cf28

SHA256
64c294024a1c1282576cabc6e95e73765269808d1d3d7a96eb5d25287d74d868

SHA512
f1dde8f339e2e90346f0201164a12905dc43ce80666497b01f2e4541fa5461a8af92210cf9803a8834c28b874fde766f7717a7e5c1db0656a58cf96ed91ddea6

Download Submit
C:\Windows\SysWOW64\wjsw.exe

Filesize
317KB

MD5
5620ccc14523de70048e2eccd444a979

SHA1
0a5cd33a998aa50a36a0d5b159db014538db06d1

SHA256
7278402defad8bbd579fce46df3850c0a903b75b3aba799e20dfd844c72f2914

SHA512
55b3c666201be1ff9152dfac19dac8d9fd0475265fc6297f03e7c2f104f7d72b7603aa247fd666d74277f431733fdd06cb17e3b000f717d057aac8f4eea4d765

Download Submit
C:\Windows\SysWOW64\wjw.exe

Filesize
317KB

MD5
b0f4bbbf52f21ab90b34e895051df9d6

SHA1
f2b1d53fc9e126b44eb6c5770da7d53c75c7861e

SHA256
e4da15fdc0a39707f2bfb8126674875aafb3f0e3177422f9438268091a1efb8d

SHA512
e2d87616c5d34fe8b54565834d8b5918f71bc842057f5583b4427a93d8f5b6171eb849d6e41eb710baa1cd70f202593858f24da671d894e33d36ea5cd56365fe

Download Submit
C:\Windows\SysWOW64\wlahkjgd.exe

Filesize
316KB

MD5
ef9feb394e593ea26905d3f1e2b081d9

SHA1
d87a24b3d8eba8a23602d0f464cc1631555d7b7b

SHA256
5be2c7775fe8ec07619b05080e75e63c4fda913ac593bc80753b399e2baaa8ba

SHA512
dd833837dac4127dfeececfacc141aca10341ee1bac412bfc4e0c71f31c20ad3adf7ab13308d525a725e77d8ebb671d8754ad57cc8658e4eff79456d8d72a2c1

Download Submit
C:\Windows\SysWOW64\wllgjnus.exe

Filesize
317KB

MD5
76b295176e86ab52e3442673101189bd

SHA1
0a643c066ac03a082feeaf6f58f2829410cce2a7

SHA256
3fca0e3bec6ffdc727d1e6889f69c62c9c2b315508733ddd1afe69295b61165d

SHA512
6e4d7e8e3e037c7d19a59649cdfc2438577b7d889ab2f15f859e5ee20f5e4afa554e4f30bfb5289f0a7d082e403d22c488c6b2d203c4c47c6b53630ce4b3bd73

Download Submit
C:\Windows\SysWOW64\wlonflrm.exe

Filesize
317KB

MD5
2d849d0d676a8555d4aedd37e4948f60

SHA1
75412e5513c736686c1eebd1f75a502bac47984e

SHA256
73045398d647e8adcdce8e856299bae2d9aacf5955a173b2695dc07679530519

SHA512
4c06783857849147c426c957a9b5e4d45e18dc1bd9bf7ede7eb4b6b96410f7b9502cef155fe3f9c4ae9b34cb663814a26029ed36ecc329d21dca66fb28d7aa46

Download Submit
C:\Windows\SysWOW64\wlpkwcd.exe

Filesize
316KB

MD5
232dc861ec2c2fdd24e4da53f3421bad

SHA1
001cafb01c3e07e3a7ded00c65fc08ba5e4c6ede

SHA256
3e138c50b86f958703b448322723ba5bea6fd71ea060b90c3221f9002a291088

SHA512
267d2f7e71affa9667099011f92e740e5ac876837c9da820d605e96353d6aaf3daf6d83b8c7f4374182e33951553ee89fa89600bc6a9e271a4451374a2a7382e

Download Submit
C:\Windows\SysWOW64\wpaponjw.exe

Filesize
316KB

MD5
866eb57af756250c5dd9cfec790f49db

SHA1
4b70f04d0657018f2335a5de1d102594c48d33ec

SHA256
cb375e9e14e564c6889f42f030fa968530d77637bf95621d52b8506810376d0d

SHA512
890e6a1fd1992285af0105b3660b7a64ff3e7fca1ebf643d6a87f7c4d84d07f90d3292d90b3e4537d0cb10d9144f07915efe0faa96e05135cf4c82bb7e2604dc

Download Submit
C:\Windows\SysWOW64\wpy.exe

Filesize
316KB

MD5
f302c586b337777183ba383bf79bf54c

SHA1
1c4039953780a00ab9e74ef6bd5d028913f5d582

SHA256
698b1b5939e4b4c0616888343fd83542156d5163175cc37dbcbd724f0924fb60

SHA512
8762fc987c4982054bf93c06c48026f723ee121f10d66f5244502d0d9bb84bfd2c9508b2423715f13c3ba5df007e94d832d6fcfe219604fb3bd26d260974fb16

Download Submit
C:\Windows\SysWOW64\wrkdwtt.exe

Filesize
317KB

MD5
e801c07b1fbb7f8e934a0d95ff4b357d

SHA1
5ac2389f013bb72374695b6a72a28b62d41e4f95

SHA256
eabe97958beb41933f7c1dd430685fc1d983d6baabcd90a225db6dfad032aedd

SHA512
f32d5d556325158fc8a6cbdbce61306994594b5eaa31b804d350993b4eb0c21fd54b3a191306c6b2366db8721ed47b017cff667cb49ce996099344a7e27af59b

Download Submit
C:\Windows\SysWOW64\wsbejlpyq.exe

Filesize
317KB

MD5
2c6e4501c1f86e47a6bcab3254590cec

SHA1
52d8e78529bee5d085b3bbe7bb9151d49aaf4aa3

SHA256
bebd578c3c781a87736486da9667037a7210292bdf4cda90ced5ad5659c972f3

SHA512
d7f036dad7067354579040b4bd474debf564b4f2f483b26c09581700dbc6b4181ff47b2e02b6854a110390d29fae1484ead246a35129969b7748bf0479b40f60

Download Submit
C:\Windows\SysWOW64\wslbgdc.exe

Filesize
317KB

MD5
8d4a1f5a15ef9188acf290fc885cb83a

SHA1
0f4af741931e816fb6c82e6f42d638d2aebdc1d7

SHA256
0b6e3d4f46265c655d16e0321fe3e88fbb52ad31ff544b767c534830ad74fa7f

SHA512
c353b08ded8db480ad513b6fe379d4567ad4c5f5549c8757323a6cacef24adc97b98fdd4b916b7427eb6b6ab7330338150cd358b35ebaf77f923e61415aa7b16

Download Submit
C:\Windows\SysWOW64\wteguhsi.exe

Filesize
317KB

MD5
805f52c504cba839169bf3a7368b1478

SHA1
67b6335cf4c8a433e41b62357f83e30b7d5c68a7

SHA256
6b0894aeedb836c066586a6264936eb6f4b597340b86352338bddc6653b64d09

SHA512
4a7b3fa2f8fd921ef28948d87b4037c0ca0da48d42d8613f0e9644063640967671c2267a32f69ce84d8c11b25faaef6a733dda7e63ac41eb0f24ab012896f157

Download Submit
C:\Windows\SysWOW64\wtfpkt.exe

Filesize
316KB

MD5
ef3e6e1c0f038ec72c42d49c3fd76b37

SHA1
2102b5a32494f0dbe96aaa600929e9590818c36d

SHA256
220848a6c95903eb4da55dc620e396b103d280f7b316867e432a7a31048db62d

SHA512
0f5f8779db387afeac134619a3bfc785b6b64e11abe77087585b89a83f3c98af3188908339f28fb9d92be850e857da7c34a19aa9345f2cc5f7d14bade4897a9f

Download Submit
C:\Windows\SysWOW64\wtjoi.exe

Filesize
317KB

MD5
082a601e745c002104aa5a408572a112

SHA1
378ee90fe77b9be13dbcafbca0d0b1f28d214256

SHA256
3a98a19df6e1e518a31d166225822320aa38650cfabac269bafd6a461b9aa5d7

SHA512
d5fd1dac7ac0ac75b97977d205a7b6c7cc047af5bece970afde8031c864bc222c8c19217b18b955429ad81c15e6fee2d8ceca5206b4426e86cca481fe79a12a4

Download Submit
C:\Windows\SysWOW64\wvqoq.exe

Filesize
317KB

MD5
29e24ca6e593f06da01d8f23d2464843

SHA1
1c7cabeb0c4d26cbed820b47518b9be86d96b526

SHA256
0ca33df9415a7b09b25c5a1614a0d6e944071c33fd55d08a7a94d2410a53d613

SHA512
87a673370d7173faffcc2aac4bc297ad916334cef3504c54bd878ec7a0eae5f60548546e9b0aac7c96970993811bf8334663acb30069629fc452aa03e1aa1709

Download Submit
C:\Windows\SysWOW64\wwyauvk.exe

Filesize
317KB

MD5
fb06f7bad977030937d88084de41a850

SHA1
28e0db1be0edc83d5372c077253368920d6ef004

SHA256
b767a900243d4815a37e7c296a074f38e492cbcbf14feaaaf714ea04b8941a3a

SHA512
aa395cab95766f80c11e13a235a92f447c50f6393b77c3e5123ccf633c349b6d7b0354560a7eee63ba6ad5996b85ad91335314f05750ddc2c144e64f5caedc03

Download Submit
C:\Windows\SysWOW64\wxvmxd.exe

Filesize
316KB

MD5
68a25822a08131983cf6f2c5d23c2708

SHA1
1ca95cb8ee34901665f0a6a2eabd0a021ebf24d1

SHA256
c127adea521116f3f668dfe3d276353353fddabe05d99ca3595988d6ec38fa09

SHA512
99662f69b89c4d5a1cde0c376c965ee752908e501ff228802e7fe0e2f2eed233967269b5eba39c7d280dd2b177d01d36a7c7e1f7c7e9be29eb1b80471612028a

Download Submit
C:\Windows\SysWOW64\wywokl.exe

Filesize
317KB

MD5
66776142e102f5062c60bf062518f6f1

SHA1
5651948140bb35535d83fdbb075958b0bd62c6eb

SHA256
a8b83baf396be8d87fb9aadde885639954605d9b1b0f0825e237197a5baa37ed

SHA512
0ff90478dd9d124192281a164eaa10975a995cb426275bb5c2fe832f4b70c19a0a5d871155f04c88cddb5fbddd67ce674773f5aeee35c190b387a3de3be5257f

Download Submit
memory/316-336-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/396-401-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/528-587-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/640-284-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/796-176-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/800-427-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/820-606-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/820-596-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/876-494-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/876-503-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/956-114-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1124-571-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1244-52-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1496-615-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1496-605-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1732-453-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1732-444-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1888-385-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1952-42-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1952-31-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1964-325-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1964-314-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2044-252-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2044-240-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2112-410-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2132-623-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2132-614-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2192-529-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2192-539-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2424-0-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2424-11-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2468-555-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2588-335-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2588-344-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2652-125-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2688-486-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2708-197-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2708-512-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2708-186-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2772-274-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2772-263-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2848-469-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2948-208-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2948-62-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2956-156-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3004-368-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3124-136-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3124-124-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3240-563-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3456-146-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3456-135-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3464-393-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3488-597-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3756-352-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3792-83-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3792-94-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3832-631-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3944-84-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4040-166-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4120-377-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4120-369-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4196-477-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4308-639-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4404-547-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4404-241-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4404-538-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4404-228-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4496-251-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4496-264-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4564-579-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4564-21-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4564-10-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4660-104-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4740-511-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4740-521-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4772-315-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4812-72-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4816-294-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4856-435-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4856-520-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4856-530-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4856-445-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4912-426-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4912-436-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4912-360-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4916-409-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4916-418-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4992-304-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5032-32-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5040-495-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5040-485-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5052-218-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5052-207-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5064-461-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5092-229-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5108-187-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download