93ea3caa5e2b6ed8f1da347829664d1e4ec7ad2def94791b2ffdac2c526df48a

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 00:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

93ea3caa5e2b6ed8f1da347829664d1e4ec7ad2def94791b2ffdac2c526df48a.exe
Size

93KB
MD5

565f6ac5f84bc7f85552f9235e6f6c6d
SHA1

e36f88ed23ba029715f73743667db83cc56d3cc2
SHA256

93ea3caa5e2b6ed8f1da347829664d1e4ec7ad2def94791b2ffdac2c526df48a
SHA512

ac12e1eabdd017fc337cda3e33b3adb6a38bc768ee6238811b763d49ee2d3e36d9479f1be412944542d95c7406e194f0d4bc511c3a9fbe565a085363f29f3ad5
SSDEEP

1536:xch3vwSbax3rHV6+HwsWGhG5JiBzQmVvHz:BHTrhWiBzQK

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2960	cmd.exe

Executes dropped EXE 64 IoCs

pid	Process
1956	whunv.exe
2556	wkv.exe
2868	wkgvbp.exe
2024	wbnup.exe
2300	wproqurh.exe
784	wgkvk.exe
2496	wwdee.exe
112	wabd.exe
1804	wptnfgf.exe
2684	wxdr.exe
3032	wrhhd.exe
1540	wyqnic.exe
1452	whrrak.exe
2012	wefmrlrwk.exe
2120	wiwj.exe
1868	wkyrmtv.exe
676	wqlg.exe
1912	wtcdft.exe
2252	wgbybuxs.exe
1804	whdgdlg.exe
2612	wxleqb.exe
2880	wbywxs.exe
2036	wiopjb.exe
3044	wkdiqu.exe
264	wqelid.exe
2476	wdmo.exe
820	wkace.exe
2272	wjrehi.exe
2484	whto.exe
2424	wkhhwakm.exe
2132	wryb.exe
2932	wtahjas.exe
1328	wfydhb.exe
1288	whoa.exe
2300	wrbkrs.exe
1812	wvsi.exe
2416	wgqdhm.exe
1652	wjskid.exe
1616	wmkhc.exe
2676	woxajmbr.exe
2536	wvpt.exe
2788	wureet.exe
1592	wpjjpcv.exe
900	wuw.exe
1952	wcjlotmd.exe
352	wbbnqs.exe
1936	weeur.exe
1012	wwvyd.exe
1792	wwal.exe
2448	wqrq.exe
2440	wgohmsk.exe
2700	weghp.exe
2424	wmhmh.exe
1828	wkkx.exe
1236	wsmc.exe
2512	wlffu.exe
1040	wvcbrtd.exe
484	wyfirj.exe
1700	wkf.exe
1988	wri.exe
2488	wxubrcfq.exe
2924	wblymsc.exe
1204	wmjsiumjd.exe
768	wsan.exe

Loads dropped DLL 64 IoCs

pid	Process
1752	93ea3caa5e2b6ed8f1da347829664d1e4ec7ad2def94791b2ffdac2c526df48a.exe
1752	93ea3caa5e2b6ed8f1da347829664d1e4ec7ad2def94791b2ffdac2c526df48a.exe
1752	93ea3caa5e2b6ed8f1da347829664d1e4ec7ad2def94791b2ffdac2c526df48a.exe
1752	93ea3caa5e2b6ed8f1da347829664d1e4ec7ad2def94791b2ffdac2c526df48a.exe
1956	whunv.exe
1956	whunv.exe
1956	whunv.exe
1956	whunv.exe
2556	wkv.exe
2556	wkv.exe
2556	wkv.exe
2556	wkv.exe
2868	wkgvbp.exe
2868	wkgvbp.exe
2868	wkgvbp.exe
2868	wkgvbp.exe
2024	wbnup.exe
2024	wbnup.exe
2024	wbnup.exe
2024	wbnup.exe
2300	wproqurh.exe
2300	wproqurh.exe
2300	wproqurh.exe
2300	wproqurh.exe
784	wgkvk.exe
784	wgkvk.exe
784	wgkvk.exe
784	wgkvk.exe
2496	wwdee.exe
2496	wwdee.exe
2496	wwdee.exe
2496	wwdee.exe
112	wabd.exe
112	wabd.exe
112	wabd.exe
112	wabd.exe
1804	wptnfgf.exe
1804	wptnfgf.exe
1804	wptnfgf.exe
1804	wptnfgf.exe
2684	wxdr.exe
2684	wxdr.exe
2684	wxdr.exe
2684	wxdr.exe
3032	wrhhd.exe
3032	wrhhd.exe
3032	wrhhd.exe
3032	wrhhd.exe
1540	wyqnic.exe
1540	wyqnic.exe
1540	wyqnic.exe
1540	wyqnic.exe
1452	whrrak.exe
1452	whrrak.exe
1452	whrrak.exe
1452	whrrak.exe
2012	wefmrlrwk.exe
2012	wefmrlrwk.exe
2012	wefmrlrwk.exe
2012	wefmrlrwk.exe
2120	wiwj.exe
2120	wiwj.exe
2120	wiwj.exe
2120	wiwj.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\wodxefil.exe	wip.exe
File created	C:\Windows\SysWOW64\wrlcg.exe	wojvel.exe
File created	C:\Windows\SysWOW64\wwfpyww.exe	wwnou.exe
File created	C:\Windows\SysWOW64\wacemrtk.exe	wpfjpp.exe
File opened for modification	C:\Windows\SysWOW64\wxasig.exe	wehmwa.exe
File created	C:\Windows\SysWOW64\wvfxvjeyi.exe	wcoskbohb.exe
File created	C:\Windows\SysWOW64\whunv.exe	93ea3caa5e2b6ed8f1da347829664d1e4ec7ad2def94791b2ffdac2c526df48a.exe
File opened for modification	C:\Windows\SysWOW64\wiwj.exe	wefmrlrwk.exe
File opened for modification	C:\Windows\SysWOW64\wxubrcfq.exe	wri.exe
File opened for modification	C:\Windows\SysWOW64\wkv.exe	whunv.exe
File created	C:\Windows\SysWOW64\wkdiqu.exe	wiopjb.exe
File created	C:\Windows\SysWOW64\wlpjaa.exe	wfdtbp.exe
File created	C:\Windows\SysWOW64\wxkcvxooh.exe	wqiyeodlw.exe
File created	C:\Windows\SysWOW64\wpkegac.exe	wniwgjtk.exe
File opened for modification	C:\Windows\SysWOW64\wiqpjdbu.exe	wgnhimsh.exe
File created	C:\Windows\SysWOW64\wraaog.exe	wlpjaa.exe
File opened for modification	C:\Windows\SysWOW64\wbbhjga.exe	wcxvahxmp.exe
File created	C:\Windows\SysWOW64\wproqurh.exe	wbnup.exe
File opened for modification	C:\Windows\SysWOW64\wefmrlrwk.exe	whrrak.exe
File opened for modification	C:\Windows\SysWOW64\wodxefil.exe	wip.exe
File created	C:\Windows\SysWOW64\wbqdwi.exe	wtpafax.exe
File opened for modification	C:\Windows\SysWOW64\wys.exe	wpcteii.exe
File opened for modification	C:\Windows\SysWOW64\wvfxvjeyi.exe	wcoskbohb.exe
File opened for modification	C:\Windows\SysWOW64\wfukqgt.exe	wgsahgpq.exe
File opened for modification	C:\Windows\SysWOW64\whunv.exe	93ea3caa5e2b6ed8f1da347829664d1e4ec7ad2def94791b2ffdac2c526df48a.exe
File created	C:\Windows\SysWOW64\wwal.exe	wwvyd.exe
File created	C:\Windows\SysWOW64\wmhmh.exe	weghp.exe
File opened for modification	C:\Windows\SysWOW64\wlx.exe	wakt.exe
File opened for modification	C:\Windows\SysWOW64\wrkcs.exe	wljxbgnjp.exe
File opened for modification	C:\Windows\SysWOW64\wabd.exe	wwdee.exe
File opened for modification	C:\Windows\SysWOW64\wbywxs.exe	wxleqb.exe
File opened for modification	C:\Windows\SysWOW64\wqrq.exe	wwal.exe
File opened for modification	C:\Windows\SysWOW64\wmyqs.exe	wfjxgelxj.exe
File opened for modification	C:\Windows\SysWOW64\wlc.exe	wmyqs.exe
File opened for modification	C:\Windows\SysWOW64\wrtj.exe	wbcb.exe
File opened for modification	C:\Windows\SysWOW64\wkleuifeu.exe	wlhsli.exe
File created	C:\Windows\SysWOW64\wavruiil.exe	wvgubq.exe
File opened for modification	C:\Windows\SysWOW64\wbnup.exe	wkgvbp.exe
File created	C:\Windows\SysWOW64\wtahjas.exe	wryb.exe
File created	C:\Windows\SysWOW64\wvcbrtd.exe	wlffu.exe
File created	C:\Windows\SysWOW64\wxubrcfq.exe	wri.exe
File opened for modification	C:\Windows\SysWOW64\wssinc.exe	wiivid.exe
File created	C:\Windows\SysWOW64\wpcteii.exe	wsxithfid.exe
File opened for modification	C:\Windows\SysWOW64\wvyxvh.exe	womjvwmax.exe
File opened for modification	C:\Windows\SysWOW64\wpcwjhv.exe	wqynahrp.exe
File opened for modification	C:\Windows\SysWOW64\wkgvbp.exe	wkv.exe
File created	C:\Windows\SysWOW64\wqelid.exe	wkdiqu.exe
File created	C:\Windows\SysWOW64\wpjjpcv.exe	wureet.exe
File opened for modification	C:\Windows\SysWOW64\wwnou.exe	wrmke.exe
File opened for modification	C:\Windows\SysWOW64\wmmmvanq.exe	wkleuifeu.exe
File created	C:\Windows\SysWOW64\wjduhr.exe	whamfbr.exe
File opened for modification	C:\Windows\SysWOW64\wigfq.exe	wjduhr.exe
File opened for modification	C:\Windows\SysWOW64\wqynahrp.exe	wkwihyho.exe
File opened for modification	C:\Windows\SysWOW64\wmhmh.exe	weghp.exe
File opened for modification	C:\Windows\SysWOW64\wmuiy.exe	wndh.exe
File opened for modification	C:\Windows\SysWOW64\wpkegac.exe	wniwgjtk.exe
File opened for modification	C:\Windows\SysWOW64\wiliahtk.exe	wajghyhi.exe
File opened for modification	C:\Windows\SysWOW64\wmjawiv.exe	wckfagluh.exe
File created	C:\Windows\SysWOW64\wefmrlrwk.exe	whrrak.exe
File opened for modification	C:\Windows\SysWOW64\wwal.exe	wwvyd.exe
File created	C:\Windows\SysWOW64\wyfirj.exe	wvcbrtd.exe
File opened for modification	C:\Windows\SysWOW64\wltucg.exe	wfgfdw.exe
File opened for modification	C:\Windows\SysWOW64\wyqnic.exe	wrhhd.exe
File opened for modification	C:\Windows\SysWOW64\wbsynfph.exe	wmuiy.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 11 IoCs

pid	pid_target	Process	procid_target
2772	2740	WerFault.exe	354
2788	2584	WerFault.exe	391
2800	2528	WerFault.exe	422
1828	2120	WerFault.exe	432
1928	2512	WerFault.exe	490
1044	2880	WerFault.exe	554
2476	1356	WerFault.exe	582
1292	2488	WerFault.exe	613
2060	2924	WerFault.exe	623
2988	1832	WerFault.exe	648
1316	1576	WerFault.exe	715

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1752 wrote to memory of 1956	1752	93ea3caa5e2b6ed8f1da347829664d1e4ec7ad2def94791b2ffdac2c526df48a.exe	28
PID 1752 wrote to memory of 1956	1752	93ea3caa5e2b6ed8f1da347829664d1e4ec7ad2def94791b2ffdac2c526df48a.exe	28
PID 1752 wrote to memory of 1956	1752	93ea3caa5e2b6ed8f1da347829664d1e4ec7ad2def94791b2ffdac2c526df48a.exe	28
PID 1752 wrote to memory of 1956	1752	93ea3caa5e2b6ed8f1da347829664d1e4ec7ad2def94791b2ffdac2c526df48a.exe	28
PID 1752 wrote to memory of 2960	1752	93ea3caa5e2b6ed8f1da347829664d1e4ec7ad2def94791b2ffdac2c526df48a.exe	29
PID 1752 wrote to memory of 2960	1752	93ea3caa5e2b6ed8f1da347829664d1e4ec7ad2def94791b2ffdac2c526df48a.exe	29
PID 1752 wrote to memory of 2960	1752	93ea3caa5e2b6ed8f1da347829664d1e4ec7ad2def94791b2ffdac2c526df48a.exe	29
PID 1752 wrote to memory of 2960	1752	93ea3caa5e2b6ed8f1da347829664d1e4ec7ad2def94791b2ffdac2c526df48a.exe	29
PID 1956 wrote to memory of 2556	1956	whunv.exe	31
PID 1956 wrote to memory of 2556	1956	whunv.exe	31
PID 1956 wrote to memory of 2556	1956	whunv.exe	31
PID 1956 wrote to memory of 2556	1956	whunv.exe	31
PID 1956 wrote to memory of 2204	1956	whunv.exe	32
PID 1956 wrote to memory of 2204	1956	whunv.exe	32
PID 1956 wrote to memory of 2204	1956	whunv.exe	32
PID 1956 wrote to memory of 2204	1956	whunv.exe	32
PID 2556 wrote to memory of 2868	2556	wkv.exe	34
PID 2556 wrote to memory of 2868	2556	wkv.exe	34
PID 2556 wrote to memory of 2868	2556	wkv.exe	34
PID 2556 wrote to memory of 2868	2556	wkv.exe	34
PID 2556 wrote to memory of 1528	2556	wkv.exe	35
PID 2556 wrote to memory of 1528	2556	wkv.exe	35
PID 2556 wrote to memory of 1528	2556	wkv.exe	35
PID 2556 wrote to memory of 1528	2556	wkv.exe	35
PID 2868 wrote to memory of 2024	2868	wkgvbp.exe	37
PID 2868 wrote to memory of 2024	2868	wkgvbp.exe	37
PID 2868 wrote to memory of 2024	2868	wkgvbp.exe	37
PID 2868 wrote to memory of 2024	2868	wkgvbp.exe	37
PID 2868 wrote to memory of 2800	2868	wkgvbp.exe	38
PID 2868 wrote to memory of 2800	2868	wkgvbp.exe	38
PID 2868 wrote to memory of 2800	2868	wkgvbp.exe	38
PID 2868 wrote to memory of 2800	2868	wkgvbp.exe	38
PID 2024 wrote to memory of 2300	2024	wbnup.exe	40
PID 2024 wrote to memory of 2300	2024	wbnup.exe	40
PID 2024 wrote to memory of 2300	2024	wbnup.exe	40
PID 2024 wrote to memory of 2300	2024	wbnup.exe	40
PID 2024 wrote to memory of 2916	2024	wbnup.exe	41
PID 2024 wrote to memory of 2916	2024	wbnup.exe	41
PID 2024 wrote to memory of 2916	2024	wbnup.exe	41
PID 2024 wrote to memory of 2916	2024	wbnup.exe	41
PID 2300 wrote to memory of 784	2300	wproqurh.exe	43
PID 2300 wrote to memory of 784	2300	wproqurh.exe	43
PID 2300 wrote to memory of 784	2300	wproqurh.exe	43
PID 2300 wrote to memory of 784	2300	wproqurh.exe	43
PID 2300 wrote to memory of 1492	2300	wproqurh.exe	44
PID 2300 wrote to memory of 1492	2300	wproqurh.exe	44
PID 2300 wrote to memory of 1492	2300	wproqurh.exe	44
PID 2300 wrote to memory of 1492	2300	wproqurh.exe	44
PID 784 wrote to memory of 2496	784	wgkvk.exe	46
PID 784 wrote to memory of 2496	784	wgkvk.exe	46
PID 784 wrote to memory of 2496	784	wgkvk.exe	46
PID 784 wrote to memory of 2496	784	wgkvk.exe	46
PID 784 wrote to memory of 1568	784	wgkvk.exe	47
PID 784 wrote to memory of 1568	784	wgkvk.exe	47
PID 784 wrote to memory of 1568	784	wgkvk.exe	47
PID 784 wrote to memory of 1568	784	wgkvk.exe	47
PID 2496 wrote to memory of 112	2496	wwdee.exe	49
PID 2496 wrote to memory of 112	2496	wwdee.exe	49
PID 2496 wrote to memory of 112	2496	wwdee.exe	49
PID 2496 wrote to memory of 112	2496	wwdee.exe	49
PID 2496 wrote to memory of 1060	2496	wwdee.exe	50
PID 2496 wrote to memory of 1060	2496	wwdee.exe	50
PID 2496 wrote to memory of 1060	2496	wwdee.exe	50
PID 2496 wrote to memory of 1060	2496	wwdee.exe	50

C:\Users\Admin\AppData\Local\Temp\93ea3caa5e2b6ed8f1da347829664d1e4ec7ad2def94791b2ffdac2c526df48a.exe
"C:\Users\Admin\AppData\Local\Temp\93ea3caa5e2b6ed8f1da347829664d1e4ec7ad2def94791b2ffdac2c526df48a.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1752
- C:\Windows\SysWOW64\whunv.exe
  "C:\Windows\system32\whunv.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:1956
- - C:\Windows\SysWOW64\wkv.exe
    "C:\Windows\system32\wkv.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in System32 directory
    - Suspicious use of WriteProcessMemory
    PID:2556
  - - C:\Windows\SysWOW64\wkgvbp.exe
      "C:\Windows\system32\wkgvbp.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:2868
    - - C:\Windows\SysWOW64\wbnup.exe
        
        "C:\Windows\system32\wbnup.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2024
      - C:\Windows\SysWOW64\wproqurh.exe
        
        "C:\Windows\system32\wproqurh.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2300
        
        C:\Windows\SysWOW64\wgkvk.exe
        
        "C:\Windows\system32\wgkvk.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:784
        
        C:\Windows\SysWOW64\wwdee.exe
        
        "C:\Windows\system32\wwdee.exe"
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2496
        
        C:\Windows\SysWOW64\wabd.exe
        
        "C:\Windows\system32\wabd.exe"
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:112
        
        C:\Windows\SysWOW64\wptnfgf.exe
        
        "C:\Windows\system32\wptnfgf.exe"
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1804
        
        C:\Windows\SysWOW64\wxdr.exe
        
        "C:\Windows\system32\wxdr.exe"
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2684
        
        C:\Windows\SysWOW64\wrhhd.exe
        
        "C:\Windows\system32\wrhhd.exe"
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:3032
        
        C:\Windows\SysWOW64\wyqnic.exe
        
        "C:\Windows\system32\wyqnic.exe"
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1540
        
        C:\Windows\SysWOW64\whrrak.exe
        
        "C:\Windows\system32\whrrak.exe"
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:1452
        
        C:\Windows\SysWOW64\wefmrlrwk.exe
        
        "C:\Windows\system32\wefmrlrwk.exe"
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:2012
        
        C:\Windows\SysWOW64\wiwj.exe
        
        "C:\Windows\system32\wiwj.exe"
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2120
        
        C:\Windows\SysWOW64\wkyrmtv.exe
        
        "C:\Windows\system32\wkyrmtv.exe"
        17⤵
        Executes dropped EXE
        
        PID:1868
        
        C:\Windows\SysWOW64\wqlg.exe
        
        "C:\Windows\system32\wqlg.exe"
        18⤵
        Executes dropped EXE
        
        PID:676
        
        C:\Windows\SysWOW64\wtcdft.exe
        
        "C:\Windows\system32\wtcdft.exe"
        19⤵
        Executes dropped EXE
        
        PID:1912
        
        C:\Windows\SysWOW64\wgbybuxs.exe
        
        "C:\Windows\system32\wgbybuxs.exe"
        20⤵
        Executes dropped EXE
        
        PID:2252
        
        C:\Windows\SysWOW64\whdgdlg.exe
        
        "C:\Windows\system32\whdgdlg.exe"
        21⤵
        Executes dropped EXE
        
        PID:1804
        
        C:\Windows\SysWOW64\wxleqb.exe
        
        "C:\Windows\system32\wxleqb.exe"
        22⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2612
        
        C:\Windows\SysWOW64\wbywxs.exe
        
        "C:\Windows\system32\wbywxs.exe"
        23⤵
        Executes dropped EXE
        
        PID:2880
        
        C:\Windows\SysWOW64\wiopjb.exe
        
        "C:\Windows\system32\wiopjb.exe"
        24⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2036
        
        C:\Windows\SysWOW64\wkdiqu.exe
        
        "C:\Windows\system32\wkdiqu.exe"
        25⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3044
        
        C:\Windows\SysWOW64\wqelid.exe
        
        "C:\Windows\system32\wqelid.exe"
        26⤵
        Executes dropped EXE
        
        PID:264
        
        C:\Windows\SysWOW64\wdmo.exe
        
        "C:\Windows\system32\wdmo.exe"
        27⤵
        Executes dropped EXE
        
        PID:2476
        
        C:\Windows\SysWOW64\wkace.exe
        
        "C:\Windows\system32\wkace.exe"
        28⤵
        Executes dropped EXE
        
        PID:820
        
        C:\Windows\SysWOW64\wjrehi.exe
        
        "C:\Windows\system32\wjrehi.exe"
        29⤵
        Executes dropped EXE
        
        PID:2272
        
        C:\Windows\SysWOW64\whto.exe
        
        "C:\Windows\system32\whto.exe"
        30⤵
        Executes dropped EXE
        
        PID:2484
        
        C:\Windows\SysWOW64\wkhhwakm.exe
        
        "C:\Windows\system32\wkhhwakm.exe"
        31⤵
        Executes dropped EXE
        
        PID:2424
        
        C:\Windows\SysWOW64\wryb.exe
        
        "C:\Windows\system32\wryb.exe"
        32⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2132
        
        C:\Windows\SysWOW64\wtahjas.exe
        
        "C:\Windows\system32\wtahjas.exe"
        33⤵
        Executes dropped EXE
        
        PID:2932
        
        C:\Windows\SysWOW64\wfydhb.exe
        
        "C:\Windows\system32\wfydhb.exe"
        34⤵
        Executes dropped EXE
        
        PID:1328
        
        C:\Windows\SysWOW64\whoa.exe
        
        "C:\Windows\system32\whoa.exe"
        35⤵
        Executes dropped EXE
        
        PID:1288
        
        C:\Windows\SysWOW64\wrbkrs.exe
        
        "C:\Windows\system32\wrbkrs.exe"
        36⤵
        Executes dropped EXE
        
        PID:2300
        
        C:\Windows\SysWOW64\wvsi.exe
        
        "C:\Windows\system32\wvsi.exe"
        37⤵
        Executes dropped EXE
        
        PID:1812
        
        C:\Windows\SysWOW64\wgqdhm.exe
        
        "C:\Windows\system32\wgqdhm.exe"
        38⤵
        Executes dropped EXE
        
        PID:2416
        
        C:\Windows\SysWOW64\wjskid.exe
        
        "C:\Windows\system32\wjskid.exe"
        39⤵
        Executes dropped EXE
        
        PID:1652
        
        C:\Windows\SysWOW64\wmkhc.exe
        
        "C:\Windows\system32\wmkhc.exe"
        40⤵
        Executes dropped EXE
        
        PID:1616
        
        C:\Windows\SysWOW64\woxajmbr.exe
        
        "C:\Windows\system32\woxajmbr.exe"
        41⤵
        Executes dropped EXE
        
        PID:2676
        
        C:\Windows\SysWOW64\wvpt.exe
        
        "C:\Windows\system32\wvpt.exe"
        42⤵
        Executes dropped EXE
        
        PID:2536
        
        C:\Windows\SysWOW64\wureet.exe
        
        "C:\Windows\system32\wureet.exe"
        43⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2788
        
        C:\Windows\SysWOW64\wpjjpcv.exe
        
        "C:\Windows\system32\wpjjpcv.exe"
        44⤵
        Executes dropped EXE
        
        PID:1592
        
        C:\Windows\SysWOW64\wuw.exe
        
        "C:\Windows\system32\wuw.exe"
        45⤵
        Executes dropped EXE
        
        PID:900
        
        C:\Windows\SysWOW64\wcjlotmd.exe
        
        "C:\Windows\system32\wcjlotmd.exe"
        46⤵
        Executes dropped EXE
        
        PID:1952
        
        C:\Windows\SysWOW64\wbbnqs.exe
        
        "C:\Windows\system32\wbbnqs.exe"
        47⤵
        Executes dropped EXE
        
        PID:352
        
        C:\Windows\SysWOW64\weeur.exe
        
        "C:\Windows\system32\weeur.exe"
        48⤵
        Executes dropped EXE
        
        PID:1936
        
        C:\Windows\SysWOW64\wwvyd.exe
        
        "C:\Windows\system32\wwvyd.exe"
        49⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1012
        
        C:\Windows\SysWOW64\wwal.exe
        
        "C:\Windows\system32\wwal.exe"
        50⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1792
        
        C:\Windows\SysWOW64\wqrq.exe
        
        "C:\Windows\system32\wqrq.exe"
        51⤵
        Executes dropped EXE
        
        PID:2448
        
        C:\Windows\SysWOW64\wgohmsk.exe
        
        "C:\Windows\system32\wgohmsk.exe"
        52⤵
        Executes dropped EXE
        
        PID:2440
        
        C:\Windows\SysWOW64\weghp.exe
        
        "C:\Windows\system32\weghp.exe"
        53⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2700
        
        C:\Windows\SysWOW64\wmhmh.exe
        
        "C:\Windows\system32\wmhmh.exe"
        54⤵
        Executes dropped EXE
        
        PID:2424
        
        C:\Windows\SysWOW64\wkkx.exe
        
        "C:\Windows\system32\wkkx.exe"
        55⤵
        Executes dropped EXE
        
        PID:1828
        
        C:\Windows\SysWOW64\wsmc.exe
        
        "C:\Windows\system32\wsmc.exe"
        56⤵
        Executes dropped EXE
        
        PID:1236
        
        C:\Windows\SysWOW64\wlffu.exe
        
        "C:\Windows\system32\wlffu.exe"
        57⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2512
        
        C:\Windows\SysWOW64\wvcbrtd.exe
        
        "C:\Windows\system32\wvcbrtd.exe"
        58⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1040
        
        C:\Windows\SysWOW64\wyfirj.exe
        
        "C:\Windows\system32\wyfirj.exe"
        59⤵
        Executes dropped EXE
        
        PID:484
        
        C:\Windows\SysWOW64\wkf.exe
        
        "C:\Windows\system32\wkf.exe"
        60⤵
        Executes dropped EXE
        
        PID:1700
        
        C:\Windows\SysWOW64\wri.exe
        
        "C:\Windows\system32\wri.exe"
        61⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1988
        
        C:\Windows\SysWOW64\wxubrcfq.exe
        
        "C:\Windows\system32\wxubrcfq.exe"
        62⤵
        Executes dropped EXE
        
        PID:2488
        
        C:\Windows\SysWOW64\wblymsc.exe
        
        "C:\Windows\system32\wblymsc.exe"
        63⤵
        Executes dropped EXE
        
        PID:2924
        
        C:\Windows\SysWOW64\wmjsiumjd.exe
        
        "C:\Windows\system32\wmjsiumjd.exe"
        64⤵
        Executes dropped EXE
        
        PID:1204
        
        C:\Windows\SysWOW64\wsan.exe
        
        "C:\Windows\system32\wsan.exe"
        65⤵
        Executes dropped EXE
        
        PID:768
        
        C:\Windows\SysWOW64\wvct.exe
        
        "C:\Windows\system32\wvct.exe"
        66⤵
        
        PID:1124
        
        C:\Windows\SysWOW64\wtqqlvi.exe
        
        "C:\Windows\system32\wtqqlvi.exe"
        67⤵
        
        PID:1492
        
        C:\Windows\SysWOW64\wbstdet.exe
        
        "C:\Windows\system32\wbstdet.exe"
        68⤵
        
        PID:620
        
        C:\Windows\SysWOW64\wakt.exe
        
        "C:\Windows\system32\wakt.exe"
        69⤵
        Drops file in System32 directory
        
        PID:2500
        
        C:\Windows\SysWOW64\wlx.exe
        
        "C:\Windows\system32\wlx.exe"
        70⤵
        
        PID:1164
        
        C:\Windows\SysWOW64\wskutmi.exe
        
        "C:\Windows\system32\wskutmi.exe"
        71⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\wpbux.exe
        
        "C:\Windows\system32\wpbux.exe"
        72⤵
        
        PID:2212
        
        C:\Windows\SysWOW64\wxdxo.exe
        
        "C:\Windows\system32\wxdxo.exe"
        73⤵
        
        PID:1736
        
        C:\Windows\SysWOW64\wip.exe
        
        "C:\Windows\system32\wip.exe"
        74⤵
        Drops file in System32 directory
        
        PID:1880
        
        C:\Windows\SysWOW64\wodxefil.exe
        
        "C:\Windows\system32\wodxefil.exe"
        75⤵
        
        PID:988
        
        C:\Windows\SysWOW64\wbdwn.exe
        
        "C:\Windows\system32\wbdwn.exe"
        76⤵
        
        PID:2916
        
        C:\Windows\SysWOW64\whrmmp.exe
        
        "C:\Windows\system32\whrmmp.exe"
        77⤵
        
        PID:1508
        
        C:\Windows\SysWOW64\wkij.exe
        
        "C:\Windows\system32\wkij.exe"
        78⤵
        
        PID:2016
        
        C:\Windows\SysWOW64\wrjn.exe
        
        "C:\Windows\system32\wrjn.exe"
        79⤵
        
        PID:1952
        
        C:\Windows\SysWOW64\wcvxoo.exe
        
        "C:\Windows\system32\wcvxoo.exe"
        80⤵
        
        PID:1756
        
        C:\Windows\SysWOW64\wwodav.exe
        
        "C:\Windows\system32\wwodav.exe"
        81⤵
        
        PID:820
        
        C:\Windows\SysWOW64\wibn.exe
        
        "C:\Windows\system32\wibn.exe"
        82⤵
        
        PID:2996
        
        C:\Windows\SysWOW64\wcsrc.exe
        
        "C:\Windows\system32\wcsrc.exe"
        83⤵
        
        PID:2992
        
        C:\Windows\SysWOW64\wmpmyhon.exe
        
        "C:\Windows\system32\wmpmyhon.exe"
        84⤵
        
        PID:2628
        
        C:\Windows\SysWOW64\whjrkodg.exe
        
        "C:\Windows\system32\whjrkodg.exe"
        85⤵
        
        PID:1648
        
        C:\Windows\SysWOW64\wdcwvvtb.exe
        
        "C:\Windows\system32\wdcwvvtb.exe"
        86⤵
        
        PID:332
        
        C:\Windows\SysWOW64\wbfifvv.exe
        
        "C:\Windows\system32\wbfifvv.exe"
        87⤵
        
        PID:556
        
        C:\Windows\SysWOW64\whtcqf.exe
        
        "C:\Windows\system32\whtcqf.exe"
        88⤵
        
        PID:2312
        
        C:\Windows\SysWOW64\wfjxgelxj.exe
        
        "C:\Windows\system32\wfjxgelxj.exe"
        89⤵
        Drops file in System32 directory
        
        PID:2188
        
        C:\Windows\SysWOW64\wmyqs.exe
        
        "C:\Windows\system32\wmyqs.exe"
        90⤵
        Drops file in System32 directory
        
        PID:856
        
        C:\Windows\SysWOW64\wlc.exe
        
        "C:\Windows\system32\wlc.exe"
        91⤵
        
        PID:2784
        
        C:\Windows\SysWOW64\wwplq.exe
        
        "C:\Windows\system32\wwplq.exe"
        92⤵
        
        PID:2220
        
        C:\Windows\SysWOW64\wurwcos.exe
        
        "C:\Windows\system32\wurwcos.exe"
        93⤵
        
        PID:3064
        
        C:\Windows\SysWOW64\wxugbe.exe
        
        "C:\Windows\system32\wxugbe.exe"
        94⤵
        
        PID:328
        
        C:\Windows\SysWOW64\wvm.exe
        
        "C:\Windows\system32\wvm.exe"
        95⤵
        
        PID:1272
        
        C:\Windows\SysWOW64\wao.exe
        
        "C:\Windows\system32\wao.exe"
        96⤵
        
        PID:3056
        
        C:\Windows\SysWOW64\wkaau.exe
        
        "C:\Windows\system32\wkaau.exe"
        97⤵
        
        PID:2060
        
        C:\Windows\SysWOW64\wndh.exe
        
        "C:\Windows\system32\wndh.exe"
        98⤵
        Drops file in System32 directory
        
        PID:576
        
        C:\Windows\SysWOW64\wmuiy.exe
        
        "C:\Windows\system32\wmuiy.exe"
        99⤵
        Drops file in System32 directory
        
        PID:2512
        
        C:\Windows\SysWOW64\wbsynfph.exe
        
        "C:\Windows\system32\wbsynfph.exe"
        100⤵
        
        PID:2772
        
        C:\Windows\SysWOW64\wajape.exe
        
        "C:\Windows\system32\wajape.exe"
        101⤵
        
        PID:2744
        
        C:\Windows\SysWOW64\wglein.exe
        
        "C:\Windows\system32\wglein.exe"
        102⤵
        
        PID:2452
        
        C:\Windows\SysWOW64\wqiyeodlw.exe
        
        "C:\Windows\system32\wqiyeodlw.exe"
        103⤵
        Drops file in System32 directory
        
        PID:1804
        
        C:\Windows\SysWOW64\wxkcvxooh.exe
        
        "C:\Windows\system32\wxkcvxooh.exe"
        104⤵
        
        PID:2852
        
        C:\Windows\SysWOW64\wgmhohyqq.exe
        
        "C:\Windows\system32\wgmhohyqq.exe"
        105⤵
        
        PID:1596
        
        C:\Windows\SysWOW64\wmojg.exe
        
        "C:\Windows\system32\wmojg.exe"
        106⤵
        
        PID:2916
        
        C:\Windows\SysWOW64\wtcxfx.exe
        
        "C:\Windows\system32\wtcxfx.exe"
        107⤵
        
        PID:808
        
        C:\Windows\SysWOW64\wsekpyjgq.exe
        
        "C:\Windows\system32\wsekpyjgq.exe"
        108⤵
        
        PID:1492
        
        C:\Windows\SysWOW64\wuu.exe
        
        "C:\Windows\system32\wuu.exe"
        109⤵
        
        PID:704
        
        C:\Windows\SysWOW64\wbiviydw.exe
        
        "C:\Windows\system32\wbiviydw.exe"
        110⤵
        
        PID:2740
        
        C:\Windows\SysWOW64\weldjpj.exe
        
        "C:\Windows\system32\weldjpj.exe"
        111⤵
        
        PID:2552
        
        C:\Windows\SysWOW64\wllhbxv.exe
        
        "C:\Windows\system32\wllhbxv.exe"
        112⤵
        
        PID:2644
        
        C:\Windows\SysWOW64\wro.exe
        
        "C:\Windows\system32\wro.exe"
        113⤵
        
        PID:2440
        
        C:\Windows\SysWOW64\wvq.exe
        
        "C:\Windows\system32\wvq.exe"
        114⤵
        
        PID:2148
        
        C:\Windows\SysWOW64\wcehsij.exe
        
        "C:\Windows\system32\wcehsij.exe"
        115⤵
        
        PID:1432
        
        C:\Windows\SysWOW64\wegosa.exe
        
        "C:\Windows\system32\wegosa.exe"
        116⤵
        
        PID:2012
        
        C:\Windows\SysWOW64\wlhsli.exe
        
        "C:\Windows\system32\wlhsli.exe"
        117⤵
        Drops file in System32 directory
        
        PID:2424
        
        C:\Windows\SysWOW64\wkleuifeu.exe
        
        "C:\Windows\system32\wkleuifeu.exe"
        118⤵
        Drops file in System32 directory
        
        PID:1392
        
        C:\Windows\SysWOW64\wmmmvanq.exe
        
        "C:\Windows\system32\wmmmvanq.exe"
        119⤵
        
        PID:2084
        
        C:\Windows\SysWOW64\wpfjpp.exe
        
        "C:\Windows\system32\wpfjpp.exe"
        120⤵
        Drops file in System32 directory
        
        PID:2908
        
        C:\Windows\SysWOW64\wacemrtk.exe
        
        "C:\Windows\system32\wacemrtk.exe"
        121⤵
        
        PID:2860
        
        C:\Windows\SysWOW64\wdflnjbv.exe
        
        "C:\Windows\system32\wdflnjbv.exe"
        122⤵
        
        PID:2584
        
        C:\Windows\SysWOW64\wjv.exe
        
        "C:\Windows\system32\wjv.exe"
        123⤵
        
        PID:2340
        
        C:\Windows\SysWOW64\wniwgjtk.exe
        
        "C:\Windows\system32\wniwgjtk.exe"
        124⤵
        Drops file in System32 directory
        
        PID:1664
        
        C:\Windows\SysWOW64\wpkegac.exe
        
        "C:\Windows\system32\wpkegac.exe"
        125⤵
        
        PID:2508
        
        C:\Windows\SysWOW64\wromir.exe
        
        "C:\Windows\system32\wromir.exe"
        126⤵
        
        PID:2276
        
        C:\Windows\SysWOW64\wvfj.exe
        
        "C:\Windows\system32\wvfj.exe"
        127⤵
        
        PID:1704
        
        C:\Windows\SysWOW64\wgcdxjp.exe
        
        "C:\Windows\system32\wgcdxjp.exe"
        128⤵
        
        PID:952
        
        C:\Windows\SysWOW64\wvkclaqtd.exe
        
        "C:\Windows\system32\wvkclaqtd.exe"
        129⤵
        
        PID:2776
        
        C:\Windows\SysWOW64\wamkm.exe
        
        "C:\Windows\system32\wamkm.exe"
        130⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\wtpafax.exe
        
        "C:\Windows\system32\wtpafax.exe"
        131⤵
        Drops file in System32 directory
        
        PID:2108
        
        C:\Windows\SysWOW64\wbqdwi.exe
        
        "C:\Windows\system32\wbqdwi.exe"
        132⤵
        
        PID:2528
        
        C:\Windows\SysWOW64\wyke.exe
        
        "C:\Windows\system32\wyke.exe"
        133⤵
        
        PID:2900
        
        C:\Windows\SysWOW64\wgnhimsh.exe
        
        "C:\Windows\system32\wgnhimsh.exe"
        134⤵
        Drops file in System32 directory
        
        PID:1272
        
        C:\Windows\SysWOW64\wiqpjdbu.exe
        
        "C:\Windows\system32\wiqpjdbu.exe"
        135⤵
        
        PID:2120
        
        C:\Windows\SysWOW64\wmrxkuh.exe
        
        "C:\Windows\system32\wmrxkuh.exe"
        136⤵
        
        PID:3048
        
        C:\Windows\SysWOW64\wojvel.exe
        
        "C:\Windows\system32\wojvel.exe"
        137⤵
        Drops file in System32 directory
        
        PID:1408
        
        C:\Windows\SysWOW64\wrlcg.exe
        
        "C:\Windows\system32\wrlcg.exe"
        138⤵
        
        PID:3060
        
        C:\Windows\SysWOW64\wtnk.exe
        
        "C:\Windows\system32\wtnk.exe"
        139⤵
        
        PID:2200
        
        C:\Windows\SysWOW64\wapn.exe
        
        "C:\Windows\system32\wapn.exe"
        140⤵
        
        PID:2536
        
        C:\Windows\SysWOW64\wds.exe
        
        "C:\Windows\system32\wds.exe"
        141⤵
        
        PID:2764
        
        C:\Windows\SysWOW64\whudyl.exe
        
        "C:\Windows\system32\whudyl.exe"
        142⤵
        
        PID:1688
        
        C:\Windows\SysWOW64\wiivid.exe
        
        "C:\Windows\system32\wiivid.exe"
        143⤵
        Drops file in System32 directory
        
        PID:1872
        
        C:\Windows\SysWOW64\wssinc.exe
        
        "C:\Windows\system32\wssinc.exe"
        144⤵
        
        PID:1624
        
        C:\Windows\SysWOW64\wwvqossti.exe
        
        "C:\Windows\system32\wwvqossti.exe"
        145⤵
        
        PID:352
        
        C:\Windows\SysWOW64\wuycxrxr.exe
        
        "C:\Windows\system32\wuycxrxr.exe"
        146⤵
        
        PID:1740
        
        C:\Windows\SysWOW64\wsqdbrpah.exe
        
        "C:\Windows\system32\wsqdbrpah.exe"
        147⤵
        
        PID:2000
        
        C:\Windows\SysWOW64\wvrkb.exe
        
        "C:\Windows\system32\wvrkb.exe"
        148⤵
        
        PID:2688
        
        C:\Windows\SysWOW64\wmlsuyi.exe
        
        "C:\Windows\system32\wmlsuyi.exe"
        149⤵
        
        PID:2600
        
        C:\Windows\SysWOW64\wsxithfid.exe
        
        "C:\Windows\system32\wsxithfid.exe"
        150⤵
        Drops file in System32 directory
        
        PID:768
        
        C:\Windows\SysWOW64\wpcteii.exe
        
        "C:\Windows\system32\wpcteii.exe"
        151⤵
        Drops file in System32 directory
        
        PID:2504
        
        C:\Windows\SysWOW64\wys.exe
        
        "C:\Windows\system32\wys.exe"
        152⤵
        
        PID:2632
        
        C:\Windows\SysWOW64\wbutqi.exe
        
        "C:\Windows\system32\wbutqi.exe"
        153⤵
        
        PID:912
        
        C:\Windows\SysWOW64\wehmwa.exe
        
        "C:\Windows\system32\wehmwa.exe"
        154⤵
        Drops file in System32 directory
        
        PID:2512
        
        C:\Windows\SysWOW64\wxasig.exe
        
        "C:\Windows\system32\wxasig.exe"
        155⤵
        
        PID:2736
        
        C:\Windows\SysWOW64\wfdtbp.exe
        
        "C:\Windows\system32\wfdtbp.exe"
        156⤵
        Drops file in System32 directory
        
        PID:2212
        
        C:\Windows\SysWOW64\wlpjaa.exe
        
        "C:\Windows\system32\wlpjaa.exe"
        157⤵
        Drops file in System32 directory
        
        PID:2072
        
        C:\Windows\SysWOW64\wraaog.exe
        
        "C:\Windows\system32\wraaog.exe"
        158⤵
        
        PID:2704
        
        C:\Windows\SysWOW64\wycfhp.exe
        
        "C:\Windows\system32\wycfhp.exe"
        159⤵
        
        PID:2088
        
        C:\Windows\SysWOW64\wwtf.exe
        
        "C:\Windows\system32\wwtf.exe"
        160⤵
        
        PID:2396
        
        C:\Windows\SysWOW64\wdhtixchg.exe
        
        "C:\Windows\system32\wdhtixchg.exe"
        161⤵
        
        PID:576
        
        C:\Windows\SysWOW64\wljxbgnjp.exe
        
        "C:\Windows\system32\wljxbgnjp.exe"
        162⤵
        Drops file in System32 directory
        
        PID:3000
        
        C:\Windows\SysWOW64\wrkcs.exe
        
        "C:\Windows\system32\wrkcs.exe"
        163⤵
        
        PID:2292
        
        C:\Windows\SysWOW64\wuysagpn.exe
        
        "C:\Windows\system32\wuysagpn.exe"
        164⤵
        
        PID:3024
        
        C:\Windows\SysWOW64\wbbwrpcnh.exe
        
        "C:\Windows\system32\wbbwrpcnh.exe"
        165⤵
        
        PID:2200
        
        C:\Windows\SysWOW64\winlqa.exe
        
        "C:\Windows\system32\winlqa.exe"
        166⤵
        
        PID:1880
        
        C:\Windows\SysWOW64\wqpoii.exe
        
        "C:\Windows\system32\wqpoii.exe"
        167⤵
        
        PID:2604
        
        C:\Windows\SysWOW64\wrrwk.exe
        
        "C:\Windows\system32\wrrwk.exe"
        168⤵
        
        PID:1804
        
        C:\Windows\SysWOW64\wutekqwg.exe
        
        "C:\Windows\system32\wutekqwg.exe"
        169⤵
        
        PID:2980
        
        C:\Windows\SysWOW64\womjvwmax.exe
        
        "C:\Windows\system32\womjvwmax.exe"
        170⤵
        Drops file in System32 directory
        
        PID:2436
        
        C:\Windows\SysWOW64\wvyxvh.exe
        
        "C:\Windows\system32\wvyxvh.exe"
        171⤵
        
        PID:1868
        
        C:\Windows\SysWOW64\wxcfv.exe
        
        "C:\Windows\system32\wxcfv.exe"
        172⤵
        
        PID:2652
        
        C:\Windows\SysWOW64\wgsahgpq.exe
        
        "C:\Windows\system32\wgsahgpq.exe"
        173⤵
        Drops file in System32 directory
        
        PID:2664
        
        C:\Windows\SysWOW64\wfukqgt.exe
        
        "C:\Windows\system32\wfukqgt.exe"
        174⤵
        
        PID:2452
        
        C:\Windows\SysWOW64\wcxvahxmp.exe
        
        "C:\Windows\system32\wcxvahxmp.exe"
        175⤵
        Drops file in System32 directory
        
        PID:2880
        
        C:\Windows\SysWOW64\wbbhjga.exe
        
        "C:\Windows\system32\wbbhjga.exe"
        176⤵
        
        PID:2064
        
        C:\Windows\SysWOW64\werfewxjg.exe
        
        "C:\Windows\system32\werfewxjg.exe"
        177⤵
        
        PID:1748
        
        C:\Windows\SysWOW64\wcuqnwcg.exe
        
        "C:\Windows\system32\wcuqnwcg.exe"
        178⤵
        
        PID:2272
        
        C:\Windows\SysWOW64\wptitpsyl.exe
        
        "C:\Windows\system32\wptitpsyl.exe"
        179⤵
        
        PID:2436
        
        C:\Windows\SysWOW64\wuhwsao.exe
        
        "C:\Windows\system32\wuhwsao.exe"
        180⤵
        
        PID:1752
        
        C:\Windows\SysWOW64\wuywvyhx.exe
        
        "C:\Windows\system32\wuywvyhx.exe"
        181⤵
        
        PID:2720
        
        C:\Windows\SysWOW64\wbcb.exe
        
        "C:\Windows\system32\wbcb.exe"
        182⤵
        Drops file in System32 directory
        
        PID:1452
        
        C:\Windows\SysWOW64\wrtj.exe
        
        "C:\Windows\system32\wrtj.exe"
        183⤵
        
        PID:2264
        
        C:\Windows\SysWOW64\wygwgibvl.exe
        
        "C:\Windows\system32\wygwgibvl.exe"
        184⤵
        
        PID:1356
        
        C:\Windows\SysWOW64\wajghyhi.exe
        
        "C:\Windows\system32\wajghyhi.exe"
        185⤵
        Drops file in System32 directory
        
        PID:912
        
        C:\Windows\SysWOW64\wiliahtk.exe
        
        "C:\Windows\system32\wiliahtk.exe"
        186⤵
        
        PID:2188
        
        C:\Windows\SysWOW64\wkoqaxb.exe
        
        "C:\Windows\system32\wkoqaxb.exe"
        187⤵
        
        PID:2560
        
        C:\Windows\SysWOW64\wnbiirt.exe
        
        "C:\Windows\system32\wnbiirt.exe"
        188⤵
        
        PID:2652
        
        C:\Windows\SysWOW64\wtq.exe
        
        "C:\Windows\system32\wtq.exe"
        189⤵
        
        PID:3016
        
        C:\Windows\SysWOW64\wvgubq.exe
        
        "C:\Windows\system32\wvgubq.exe"
        190⤵
        Drops file in System32 directory
        
        PID:2060
        
        C:\Windows\SysWOW64\wavruiil.exe
        
        "C:\Windows\system32\wavruiil.exe"
        191⤵
        
        PID:1392
        
        C:\Windows\SysWOW64\wtagnp.exe
        
        "C:\Windows\system32\wtagnp.exe"
        192⤵
        
        PID:940
        
        C:\Windows\SysWOW64\wbnumye.exe
        
        "C:\Windows\system32\wbnumye.exe"
        193⤵
        
        PID:2292
        
        C:\Windows\SysWOW64\wafwpxwus.exe
        
        "C:\Windows\system32\wafwpxwus.exe"
        194⤵
        
        PID:2488
        
        C:\Windows\SysWOW64\wxihyy.exe
        
        "C:\Windows\system32\wxihyy.exe"
        195⤵
        
        PID:2944
        
        C:\Windows\SysWOW64\wrymjfql.exe
        
        "C:\Windows\system32\wrymjfql.exe"
        196⤵
        
        PID:1688
        
        C:\Windows\SysWOW64\wrqnmeiu.exe
        
        "C:\Windows\system32\wrqnmeiu.exe"
        197⤵
        
        PID:2924
        
        C:\Windows\SysWOW64\wbphkit.exe
        
        "C:\Windows\system32\wbphkit.exe"
        198⤵
        
        PID:1452
        
        C:\Windows\SysWOW64\wfgfdw.exe
        
        "C:\Windows\system32\wfgfdw.exe"
        199⤵
        Drops file in System32 directory
        
        PID:1976
        
        C:\Windows\SysWOW64\wltucg.exe
        
        "C:\Windows\system32\wltucg.exe"
        200⤵
        
        PID:2828
        
        C:\Windows\SysWOW64\wokrvxida.exe
        
        "C:\Windows\system32\wokrvxida.exe"
        201⤵
        
        PID:1028
        
        C:\Windows\SysWOW64\wqmawopp.exe
        
        "C:\Windows\system32\wqmawopp.exe"
        202⤵
        
        PID:2484
        
        C:\Windows\SysWOW64\wtaqfhiq.exe
        
        "C:\Windows\system32\wtaqfhiq.exe"
        203⤵
        
        PID:2012
        
        C:\Windows\SysWOW64\wwdyfxp.exe
        
        "C:\Windows\system32\wwdyfxp.exe"
        204⤵
        
        PID:1688
        
        C:\Windows\SysWOW64\widaoxeu.exe
        
        "C:\Windows\system32\widaoxeu.exe"
        205⤵
        
        PID:1832
        
        C:\Windows\SysWOW64\wcoskbohb.exe
        
        "C:\Windows\system32\wcoskbohb.exe"
        206⤵
        Drops file in System32 directory
        
        PID:1552
        
        C:\Windows\SysWOW64\wvfxvjeyi.exe
        
        "C:\Windows\system32\wvfxvjeyi.exe"
        207⤵
        
        PID:892
        
        C:\Windows\SysWOW64\wyspd.exe
        
        "C:\Windows\system32\wyspd.exe"
        208⤵
        
        PID:2616
        
        C:\Windows\SysWOW64\wpcorpvr.exe
        
        "C:\Windows\system32\wpcorpvr.exe"
        209⤵
        
        PID:1328
        
        C:\Windows\SysWOW64\wwncp.exe
        
        "C:\Windows\system32\wwncp.exe"
        210⤵
        
        PID:1624
        
        C:\Windows\SysWOW64\whamfbr.exe
        
        "C:\Windows\system32\whamfbr.exe"
        211⤵
        Drops file in System32 directory
        
        PID:1236
        
        C:\Windows\SysWOW64\wjduhr.exe
        
        "C:\Windows\system32\wjduhr.exe"
        212⤵
        Drops file in System32 directory
        
        PID:2564
        
        C:\Windows\SysWOW64\wigfq.exe
        
        "C:\Windows\system32\wigfq.exe"
        213⤵
        
        PID:1980
        
        C:\Windows\SysWOW64\wohkibob.exe
        
        "C:\Windows\system32\wohkibob.exe"
        214⤵
        
        PID:2456
        
        C:\Windows\SysWOW64\wyswoxpy.exe
        
        "C:\Windows\system32\wyswoxpy.exe"
        215⤵
        
        PID:2600
        
        C:\Windows\SysWOW64\wgucggabt.exe
        
        "C:\Windows\system32\wgucggabt.exe"
        216⤵
        
        PID:768
        
        C:\Windows\SysWOW64\wkwihyho.exe
        
        "C:\Windows\system32\wkwihyho.exe"
        217⤵
        Drops file in System32 directory
        
        PID:900
        
        C:\Windows\SysWOW64\wqynahrp.exe
        
        "C:\Windows\system32\wqynahrp.exe"
        218⤵
        Drops file in System32 directory
        
        PID:1740
        
        C:\Windows\SysWOW64\wpcwjhv.exe
        
        "C:\Windows\system32\wpcwjhv.exe"
        219⤵
        
        PID:1676
        
        C:\Windows\SysWOW64\wqfgj.exe
        
        "C:\Windows\system32\wqfgj.exe"
        220⤵
        
        PID:2160
        
        C:\Windows\SysWOW64\wlhvchd.exe
        
        "C:\Windows\system32\wlhvchd.exe"
        221⤵
        
        PID:1248
        
        C:\Windows\SysWOW64\wtjyup.exe
        
        "C:\Windows\system32\wtjyup.exe"
        222⤵
        
        PID:1592
        
        C:\Windows\SysWOW64\wrmke.exe
        
        "C:\Windows\system32\wrmke.exe"
        223⤵
        Drops file in System32 directory
        
        PID:2424
        
        C:\Windows\SysWOW64\wwnou.exe
        
        "C:\Windows\system32\wwnou.exe"
        224⤵
        Drops file in System32 directory
        
        PID:1236
        
        C:\Windows\SysWOW64\wwfpyww.exe
        
        "C:\Windows\system32\wwfpyww.exe"
        225⤵
        
        PID:2568
        
        C:\Windows\SysWOW64\wdtewhr.exe
        
        "C:\Windows\system32\wdtewhr.exe"
        226⤵
        
        PID:2200
        
        C:\Windows\SysWOW64\wckfagluh.exe
        
        "C:\Windows\system32\wckfagluh.exe"
        227⤵
        Drops file in System32 directory
        
        PID:1576
        
        C:\Windows\SysWOW64\wmjawiv.exe
        
        "C:\Windows\system32\wmjawiv.exe"
        228⤵
        
        PID:2368
        
        C:\Windows\SysWOW64\wlaay.exe
        
        "C:\Windows\system32\wlaay.exe"
        229⤵
        
        PID:1516
        
        C:\Windows\SysWOW64\wchxmwpn.exe
        
        "C:\Windows\system32\wchxmwpn.exe"
        230⤵
        
        PID:3060
        
        C:\Windows\SysWOW64\wfuqtoio.exe
        
        "C:\Windows\system32\wfuqtoio.exe"
        231⤵
        
        PID:2940
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wchxmwpn.exe"
        231⤵
        
        PID:952
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlaay.exe"
        230⤵
        
        PID:1812
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmjawiv.exe"
        229⤵
        
        PID:1284
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wckfagluh.exe"
        228⤵
        
        PID:2868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 180
        228⤵
        Program crash
        
        PID:1316
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdtewhr.exe"
        227⤵
        
        PID:2652
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwfpyww.exe"
        226⤵
        
        PID:2992
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwnou.exe"
        225⤵
        
        PID:1356
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrmke.exe"
        224⤵
        
        PID:1240
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtjyup.exe"
        223⤵
        
        PID:1624
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlhvchd.exe"
        222⤵
        
        PID:2644
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqfgj.exe"
        221⤵
        
        PID:2000
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpcwjhv.exe"
        220⤵
        
        PID:2612
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqynahrp.exe"
        219⤵
        
        PID:2140
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkwihyho.exe"
        218⤵
        
        PID:1736
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgucggabt.exe"
        217⤵
        
        PID:2384
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wyswoxpy.exe"
        216⤵
        
        PID:1272
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wohkibob.exe"
        215⤵
        
        PID:1944
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wigfq.exe"
        214⤵
        
        PID:2760
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjduhr.exe"
        213⤵
        
        PID:2084
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whamfbr.exe"
        212⤵
        
        PID:2264
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwncp.exe"
        211⤵
        
        PID:1408
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpcorpvr.exe"
        210⤵
        
        PID:1664
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wyspd.exe"
        209⤵
        
        PID:112
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvfxvjeyi.exe"
        208⤵
        
        PID:1304
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wcoskbohb.exe"
        207⤵
        
        PID:1676
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\widaoxeu.exe"
        206⤵
        
        PID:1528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 180
        206⤵
        Program crash
        
        PID:2988
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwdyfxp.exe"
        205⤵
        
        PID:2824
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtaqfhiq.exe"
        204⤵
        
        PID:2916
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqmawopp.exe"
        203⤵
        
        PID:1052
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wokrvxida.exe"
        202⤵
        
        PID:628
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wltucg.exe"
        201⤵
        
        PID:2776
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfgfdw.exe"
        200⤵
        
        PID:1868
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbphkit.exe"
        199⤵
        
        PID:976
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrqnmeiu.exe"
        198⤵
        
        PID:2640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 180
        198⤵
        Program crash
        
        PID:2060
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrymjfql.exe"
        197⤵
        
        PID:1012
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxihyy.exe"
        196⤵
        
        PID:2536
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wafwpxwus.exe"
        195⤵
        
        PID:2316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 180
        195⤵
        Program crash
        
        PID:1292
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbnumye.exe"
        194⤵
        
        PID:2084
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtagnp.exe"
        193⤵
        
        PID:1980
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wavruiil.exe"
        192⤵
        
        PID:2972
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvgubq.exe"
        191⤵
        
        PID:2300
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtq.exe"
        190⤵
        
        PID:2452
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnbiirt.exe"
        189⤵
        
        PID:1052
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkoqaxb.exe"
        188⤵
        
        PID:1616
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wiliahtk.exe"
        187⤵
        
        PID:3024
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wajghyhi.exe"
        186⤵
        
        PID:2172
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wygwgibvl.exe"
        185⤵
        
        PID:2260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 184
        185⤵
        Program crash
        
        PID:2476
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrtj.exe"
        184⤵
        
        PID:1936
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbcb.exe"
        183⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wuywvyhx.exe"
        182⤵
        
        PID:2116
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wuhwsao.exe"
        181⤵
        
        PID:1924
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wptitpsyl.exe"
        180⤵
        
        PID:2148
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wcuqnwcg.exe"
        179⤵
        
        PID:1008
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\werfewxjg.exe"
        178⤵
        
        PID:856
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbbhjga.exe"
        177⤵
        
        PID:340
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wcxvahxmp.exe"
        176⤵
        
        PID:2240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 184
        176⤵
        Program crash
        
        PID:1044
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfukqgt.exe"
        175⤵
        
        PID:2896
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgsahgpq.exe"
        174⤵
        
        PID:1596
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxcfv.exe"
        173⤵
        
        PID:2720
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvyxvh.exe"
        172⤵
        
        PID:904
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\womjvwmax.exe"
        171⤵
        
        PID:1524
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wutekqwg.exe"
        170⤵
        
        PID:2276
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrrwk.exe"
        169⤵
        
        PID:2364
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqpoii.exe"
        168⤵
        
        PID:2036
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\winlqa.exe"
        167⤵
        
        PID:1316
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbbwrpcnh.exe"
        166⤵
        
        PID:2072
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wuysagpn.exe"
        165⤵
        
        PID:2212
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrkcs.exe"
        164⤵
        
        PID:1992
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wljxbgnjp.exe"
        163⤵
        
        PID:2084
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdhtixchg.exe"
        162⤵
        
        PID:2416
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwtf.exe"
        161⤵
        
        PID:1016
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wycfhp.exe"
        160⤵
        
        PID:2028
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wraaog.exe"
        159⤵
        
        PID:1988
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlpjaa.exe"
        158⤵
        
        PID:2536
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfdtbp.exe"
        157⤵
        
        PID:1556
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxasig.exe"
        156⤵
        
        PID:1992
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wehmwa.exe"
        155⤵
        
        PID:2348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 788
        155⤵
        Program crash
        
        PID:1928
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbutqi.exe"
        154⤵
        
        PID:964
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wys.exe"
        153⤵
        
        PID:1496
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpcteii.exe"
        152⤵
        
        PID:2240
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wsxithfid.exe"
        151⤵
        
        PID:628
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmlsuyi.exe"
        150⤵
        
        PID:640
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvrkb.exe"
        149⤵
        
        PID:2456
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wsqdbrpah.exe"
        148⤵
        
        PID:112
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wuycxrxr.exe"
        147⤵
        
        PID:2940
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwvqossti.exe"
        146⤵
        
        PID:848
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wssinc.exe"
        145⤵
        
        PID:1356
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wiivid.exe"
        144⤵
        
        PID:1612
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whudyl.exe"
        143⤵
        
        PID:2320
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wds.exe"
        142⤵
        
        PID:2880
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wapn.exe"
        141⤵
        
        PID:2460
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtnk.exe"
        140⤵
        
        PID:2484
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrlcg.exe"
        139⤵
        
        PID:1164
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wojvel.exe"
        138⤵
        
        PID:2500
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmrxkuh.exe"
        137⤵
        
        PID:356
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wiqpjdbu.exe"
        136⤵
        
        PID:2516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 180
        136⤵
        Program crash
        
        PID:1828
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgnhimsh.exe"
        135⤵
        
        PID:2420
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wyke.exe"
        134⤵
        
        PID:1204
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbqdwi.exe"
        133⤵
        
        PID:1716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 840
        133⤵
        Program crash
        
        PID:2800
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtpafax.exe"
        132⤵
        
        PID:1924
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wamkm.exe"
        131⤵
        
        PID:2756
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvkclaqtd.exe"
        130⤵
        
        PID:2732
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgcdxjp.exe"
        129⤵
        
        PID:572
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvfj.exe"
        128⤵
        
        PID:340
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wromir.exe"
        127⤵
        
        PID:1060
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpkegac.exe"
        126⤵
        
        PID:2284
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wniwgjtk.exe"
        125⤵
        
        PID:1064
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjv.exe"
        124⤵
        
        PID:2184
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdflnjbv.exe"
        123⤵
        
        PID:2308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 184
        123⤵
        Program crash
        
        PID:2788
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wacemrtk.exe"
        122⤵
        
        PID:2696
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpfjpp.exe"
        121⤵
        
        PID:2536
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmmmvanq.exe"
        120⤵
        
        PID:112
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkleuifeu.exe"
        119⤵
        
        PID:1492
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlhsli.exe"
        118⤵
        
        PID:2748
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wegosa.exe"
        117⤵
        
        PID:2112
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wcehsij.exe"
        116⤵
        
        PID:2276
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvq.exe"
        115⤵
        
        PID:844
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wro.exe"
        114⤵
        
        PID:2332
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wllhbxv.exe"
        113⤵
        
        PID:2540
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\weldjpj.exe"
        112⤵
        
        PID:1544
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbiviydw.exe"
        111⤵
        
        PID:2544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 184
        111⤵
        Program crash
        
        PID:2772
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wuu.exe"
        110⤵
        
        PID:112
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wsekpyjgq.exe"
        109⤵
        
        PID:1588
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtcxfx.exe"
        108⤵
        
        PID:2060
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmojg.exe"
        107⤵
        
        PID:2208
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgmhohyqq.exe"
        106⤵
        
        PID:1960
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxkcvxooh.exe"
        105⤵
        
        PID:1864
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqiyeodlw.exe"
        104⤵
        
        PID:2864
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wglein.exe"
        103⤵
        
        PID:2696
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wajape.exe"
        102⤵
        
        PID:2108
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbsynfph.exe"
        101⤵
        
        PID:3068
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmuiy.exe"
        100⤵
        
        PID:2160
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wndh.exe"
        99⤵
        
        PID:2416
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkaau.exe"
        98⤵
        
        PID:1788
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wao.exe"
        97⤵
        
        PID:2268
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvm.exe"
        96⤵
        
        PID:1828
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxugbe.exe"
        95⤵
        
        PID:1224
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wurwcos.exe"
        94⤵
        
        PID:2924
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwplq.exe"
        93⤵
        
        PID:2696
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlc.exe"
        92⤵
        
        PID:2676
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmyqs.exe"
        91⤵
        
        PID:2232
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfjxgelxj.exe"
        90⤵
        
        PID:2964
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whtcqf.exe"
        89⤵
        
        PID:964
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbfifvv.exe"
        88⤵
        
        PID:1392
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdcwvvtb.exe"
        87⤵
        
        PID:592
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whjrkodg.exe"
        86⤵
        
        PID:1624
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmpmyhon.exe"
        85⤵
        
        PID:2592
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wcsrc.exe"
        84⤵
        
        PID:1736
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wibn.exe"
        83⤵
        
        PID:2596
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwodav.exe"
        82⤵
        
        PID:2316
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wcvxoo.exe"
        81⤵
        
        PID:1160
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrjn.exe"
        80⤵
        
        PID:1356
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkij.exe"
        79⤵
        
        PID:356
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whrmmp.exe"
        78⤵
        
        PID:1104
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbdwn.exe"
        77⤵
        
        PID:688
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wodxefil.exe"
        76⤵
        
        PID:1964
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wip.exe"
        75⤵
        
        PID:2912
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxdxo.exe"
        74⤵
        
        PID:2668
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpbux.exe"
        73⤵
        
        PID:2764
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wskutmi.exe"
        72⤵
        
        PID:2948
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlx.exe"
        71⤵
        
        PID:3000
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wakt.exe"
        70⤵
        
        PID:2084
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbstdet.exe"
        69⤵
        
        PID:704
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtqqlvi.exe"
        68⤵
        
        PID:1104
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvct.exe"
        67⤵
        
        PID:1320
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wsan.exe"
        66⤵
        
        PID:2508
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmjsiumjd.exe"
        65⤵
        
        PID:1664
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wblymsc.exe"
        64⤵
        
        PID:2904
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxubrcfq.exe"
        63⤵
        
        PID:3024
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wri.exe"
        62⤵
        
        PID:2692
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkf.exe"
        61⤵
        
        PID:2996
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wyfirj.exe"
        60⤵
        
        PID:2964
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvcbrtd.exe"
        59⤵
        
        PID:1632
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlffu.exe"
        58⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wsmc.exe"
        57⤵
        
        PID:2304
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkkx.exe"
        56⤵
        
        PID:1528
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmhmh.exe"
        55⤵
        
        PID:2420
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\weghp.exe"
        54⤵
        
        PID:2920
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgohmsk.exe"
        53⤵
        
        PID:2708
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqrq.exe"
        52⤵
        
        PID:1984
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwal.exe"
        51⤵
        
        PID:2760
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwvyd.exe"
        50⤵
        
        PID:904
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\weeur.exe"
        49⤵
        
        PID:1756
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbbnqs.exe"
        48⤵
        
        PID:2396
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wcjlotmd.exe"
        47⤵
        
        PID:940
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wuw.exe"
        46⤵
        
        PID:2208
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpjjpcv.exe"
        45⤵
        
        PID:848
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wureet.exe"
        44⤵
        
        PID:2804
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvpt.exe"
        43⤵
        
        PID:2852
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\woxajmbr.exe"
        42⤵
        
        PID:2756
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmkhc.exe"
        41⤵
        
        PID:852
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjskid.exe"
        40⤵
        
        PID:1976
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgqdhm.exe"
        39⤵
        
        PID:1068
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvsi.exe"
        38⤵
        
        PID:1012
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrbkrs.exe"
        37⤵
        
        PID:2260
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whoa.exe"
        36⤵
        
        PID:2716
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfydhb.exe"
        35⤵
        
        PID:2144
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtahjas.exe"
        34⤵
        
        PID:3040
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wryb.exe"
        33⤵
        
        PID:2704
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkhhwakm.exe"
        32⤵
        
        PID:2628
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whto.exe"
        31⤵
        
        PID:2568
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjrehi.exe"
        30⤵
        
        PID:2940
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkace.exe"
        29⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdmo.exe"
        28⤵
        
        PID:2112
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqelid.exe"
        27⤵
        
        PID:1008
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkdiqu.exe"
        26⤵
        
        PID:1668
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wiopjb.exe"
        25⤵
        
        PID:2572
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbywxs.exe"
        24⤵
        
        PID:1688
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxleqb.exe"
        23⤵
        
        PID:2912
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whdgdlg.exe"
        22⤵
        
        PID:2544
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgbybuxs.exe"
        21⤵
        
        PID:2460
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtcdft.exe"
        20⤵
        
        PID:2160
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqlg.exe"
        19⤵
        
        PID:892
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkyrmtv.exe"
        18⤵
        
        PID:1068
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wiwj.exe"
        17⤵
        
        PID:2080
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wefmrlrwk.exe"
        16⤵
        
        PID:2140
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whrrak.exe"
        15⤵
        
        PID:2068
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wyqnic.exe"
        14⤵
        
        PID:1832
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrhhd.exe"
        13⤵
        
        PID:2556
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxdr.exe"
        12⤵
        
        PID:3068
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wptnfgf.exe"
        11⤵
        
        PID:2960
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wabd.exe"
        10⤵
        
        PID:1616
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwdee.exe"
        9⤵
        
        PID:1060
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgkvk.exe"
        8⤵
        
        PID:1568
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wproqurh.exe"
        7⤵
        
        PID:1492
      - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbnup.exe"
        6⤵
        
        PID:2916
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkgvbp.exe"
        5⤵
        
        PID:2800
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkv.exe"
      4⤵
      PID:1528
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whunv.exe"
    3⤵
    PID:2204
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c del "C:\Users\Admin\AppData\Local\Temp\93ea3caa5e2b6ed8f1da347829664d1e4ec7ad2def94791b2ffdac2c526df48a.exe"
  2⤵
  - Deletes itself
  PID:2960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\BRLZB5M6.txt

Filesize
97B

MD5
01b395df12e9e0c698cade78adce27f2

SHA1
4933b94cb584dcaca596b990ec74e4cbb11baca0

SHA256
e1ddd64da674b49e15cd3db41fd858252319cae8dbacf586b52b2ac5d95d07ab

SHA512
f1120fdfe0c21beefdc4c92e6bd05a1d893162b3f45e4a38e7fdce59742407caf68c8bb25aa7d417134d7164decc5a2fdc025eef8679a3a459022d4801f97442

Download Submit
\Windows\SysWOW64\wabd.exe

Filesize
93KB

MD5
4199068a64fd35b11ab59a53239f7d2d

SHA1
7f0c908afae0601f989c8d5270b2d43df71249f2

SHA256
d895d8154e2f3351ca53d3c3106c5e186daa5cec1cff8ad0eb3f4695bfb08601

SHA512
37ee48af31a9b7691d4706a92e8106f48d8f1b068a9b7e5506e67862ccbde29b74fac78cfdb204932c596026e87d5c28f48f0e56d49aebe94364fa64495dc08d

Download Submit
\Windows\SysWOW64\wbnup.exe

Filesize
93KB

MD5
7bfaa200b1cfa7e7eb178c229033462f

SHA1
7b75dc998d915e8d67868ab37697b6702c3c62b0

SHA256
8052e2fbacaf2c5b5d3f3e7ffd34ddd199bf2d349583810b6137a60bd562bc24

SHA512
85d2eb48cea92cd4898644b6ec885dbac85027a347e78a7dbf25e92dc4eee62e4a4c3adb1d5f743fd0a6d02a76a15544d54ae2a61b08356f571c955320e034bb

Download Submit
\Windows\SysWOW64\wgkvk.exe

Filesize
93KB

MD5
68ed7390b572dc02d9586af6f0605a70

SHA1
74755144daf934927d9eab111674eb596d30e4d5

SHA256
9af3c546087bf062152411f897f44100b8469436b25726c3716ac7ef83d26b3e

SHA512
747cb3c75502ad5ae0ccfa9669204a1d7e727d19a34d7abf3f55e2962e7a0bc9b5fc8fc4f1030766db8f1e4d688d9207a659fccf319eaff87b16199b7510d82c

Download Submit
\Windows\SysWOW64\whunv.exe

Filesize
93KB

MD5
5f027e12bd0da61f208edd8566f354c9

SHA1
3b1a9515063d5cbb7d0b44ea76e5a6e8b0fb8d7f

SHA256
b19e6fd16361cedde4e84654b4a74e36f67cd489fd490d40647cc5565123583d

SHA512
04da6a008b0f8b977411b018781db9d94b67bedb4edb43ca5fb7cc62a2e96d95ed45f3c3f511037183bdb9efee38e5918d7743e372de173dff31caa1397807ba

Download Submit
\Windows\SysWOW64\wkgvbp.exe

Filesize
93KB

MD5
eae9d9b65e38f8bc4e0ebfdaf9871b1f

SHA1
c0968be6cff7e7866f2f1e2b7d5c0fa074bfd289

SHA256
585c78fa03e1e3b3b3579fb560b567f225de3920c3416b0addacb03afc4a6919

SHA512
6cc3cee0ae8836d9554c91bb66862b94390c2730bac848fd69cd4fc9b9783a7aac0c5544fa74cef57fd5684c1008eeabf5cd41db6a3775629a8b2ce5cc338768

Download Submit
\Windows\SysWOW64\wkv.exe

Filesize
93KB

MD5
f3ea229df13afc2014ddb08384e6c8f7

SHA1
1d52f05d7b17f16b3ec7a1612398d4a945eb3ae1

SHA256
419cea95ac92e2ce452fbd4cca1bc8b42daf9bc0ea629b904ae68e8a1b6d14c7

SHA512
d733a487684dcda31240216f10535125c189e4ca4febc028ca5ac1c1a44e47f28767efaa30971bf2b05ecb30b7bdb8f967d408983805525324a2323902a9b787

Download Submit
\Windows\SysWOW64\wproqurh.exe

Filesize
93KB

MD5
7676b17aacef2704d43a46c9046f8e2e

SHA1
1b2d00c5892ad1288fd502127debbe09075815cf

SHA256
03d9f9150afd5ea5b20dae825bc6ff196227874a739b3473a4e46d1df08048f1

SHA512
2c2913dceb4ae99c0970bab076196d3e6257055e7f8246c88e2915f5925af0b146ab053b3e4cea773a19b034195f663c2f6624321d75a002c6bdabc9256fdcf0

Download Submit
\Windows\SysWOW64\wptnfgf.exe

Filesize
93KB

MD5
ca5691f4dc4667114d4f9489d95ee392

SHA1
31ff54b1b49927f3c4d337407e9a0796904ca594

SHA256
1fa63162b5028113c98c790cdfba4fed5d67e0296480abc41f7374625ee923c1

SHA512
5f0457c684c26016070ce05ed85f948e92f660137d1f4e1b320d01c91bad3d83f6890ed2e5c386a7235caccbd8e64ee02c7424cf96f7a1e0c8230b30ba09e837

Download Submit
\Windows\SysWOW64\wrhhd.exe

Filesize
93KB

MD5
5ee56ad9e48c33dd3fe1a3727918ac17

SHA1
7778cf5a8f71e1ff3635ef5b06dfb004336de91e

SHA256
2f98b91dfb3d73f0c8519e880367d6de4ea6d9d4d623b95fbe392a360ec44a1b

SHA512
2064b14909d442d24ad1c8b08689ec5bfae98e071673f3f02ef08bf885ee7f3b8ee11367fd015ed43292e3fb0a4289d38a35dca55484096c6b8e24514c0ef786

Download Submit
\Windows\SysWOW64\wwdee.exe

Filesize
93KB

MD5
977b3b000982bc4673e0e9200df194af

SHA1
0e3e6f79f6fae30d330217d67b21d94a163d64d7

SHA256
c30a1718c8600dd7c86f05de61c131c03932a2e693a88f0aec4357d7224468c6

SHA512
1591946cca2f165a672e1245e3e195c02437f3985dfe40e45e7f52b5bd0b70ac6c55600d7e3d05992afdd5669a9d06897cad7efeb42d8242e424e0d3b9d361e8

Download Submit
\Windows\SysWOW64\wxdr.exe

Filesize
93KB

MD5
c4db0caa53976ea626117add60d7117c

SHA1
831d77893ecf596896290b7a51d81b5f97d3a014

SHA256
404ad89cd0ddbed252d6028eb3baf898090b0d9439a89968fab52578283418a5

SHA512
5cdd5a6ef1475b7a9293c51c09534e4dbaf754722e4e6a61234576d4fa9c5312d746489e9dec8d0c5890854bfafcb8846e22ae244160a5eabbde23fe95f9a7e5

Download Submit
memory/112-195-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/112-173-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/112-185-0x0000000002300000-0x0000000002317000-memory.dmp

Filesize
92KB

Download
memory/112-187-0x0000000002300000-0x0000000002317000-memory.dmp

Filesize
92KB

Download
memory/676-327-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/676-340-0x0000000003E70000-0x0000000003E87000-memory.dmp

Filesize
92KB

Download
memory/676-342-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/784-131-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/784-149-0x0000000003F70000-0x0000000003F87000-memory.dmp

Filesize
92KB

Download
memory/784-151-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1452-280-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1452-278-0x0000000003460000-0x0000000003477000-memory.dmp

Filesize
92KB

Download
memory/1452-279-0x0000000003460000-0x0000000003477000-memory.dmp

Filesize
92KB

Download
memory/1452-265-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1540-264-0x0000000003600000-0x0000000003617000-memory.dmp

Filesize
92KB

Download
memory/1540-250-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1540-263-0x0000000002340000-0x0000000002357000-memory.dmp

Filesize
92KB

Download
memory/1540-262-0x0000000002340000-0x0000000002357000-memory.dmp

Filesize
92KB

Download
memory/1540-266-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1752-23-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1752-0-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1752-18-0x0000000004020000-0x0000000004037000-memory.dmp

Filesize
92KB

Download
memory/1752-19-0x0000000004020000-0x0000000004037000-memory.dmp

Filesize
92KB

Download
memory/1752-11-0x0000000004010000-0x0000000004027000-memory.dmp

Filesize
92KB

Download
memory/1804-384-0x0000000003930000-0x0000000003947000-memory.dmp

Filesize
92KB

Download
memory/1804-193-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1804-385-0x0000000003930000-0x0000000003947000-memory.dmp

Filesize
92KB

Download
memory/1804-211-0x0000000003370000-0x0000000003387000-memory.dmp

Filesize
92KB

Download
memory/1804-212-0x0000000003370000-0x0000000003387000-memory.dmp

Filesize
92KB

Download
memory/1804-387-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1804-214-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1804-372-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1868-325-0x0000000003340000-0x0000000003357000-memory.dmp

Filesize
92KB

Download
memory/1868-328-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1868-326-0x0000000003340000-0x0000000003357000-memory.dmp

Filesize
92KB

Download
memory/1912-357-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1912-355-0x0000000004030000-0x0000000004047000-memory.dmp

Filesize
92KB

Download
memory/1912-354-0x00000000039E0000-0x00000000039F7000-memory.dmp

Filesize
92KB

Download
memory/1912-341-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1956-43-0x0000000004040000-0x0000000004057000-memory.dmp

Filesize
92KB

Download
memory/1956-21-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1956-36-0x0000000003F00000-0x0000000003F17000-memory.dmp

Filesize
92KB

Download
memory/1956-35-0x0000000003F00000-0x0000000003F17000-memory.dmp

Filesize
92KB

Download
memory/1956-45-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1956-44-0x0000000004040000-0x0000000004057000-memory.dmp

Filesize
92KB

Download
memory/2012-294-0x00000000032B0000-0x00000000032C7000-memory.dmp

Filesize
92KB

Download
memory/2012-293-0x00000000032B0000-0x00000000032C7000-memory.dmp

Filesize
92KB

Download
memory/2012-295-0x00000000032B0000-0x00000000032C7000-memory.dmp

Filesize
92KB

Download
memory/2012-298-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2012-296-0x00000000032B0000-0x00000000032C7000-memory.dmp

Filesize
92KB

Download
memory/2012-281-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2024-111-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2024-89-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2024-109-0x00000000032B0000-0x00000000032C7000-memory.dmp

Filesize
92KB

Download
memory/2024-108-0x00000000032B0000-0x00000000032C7000-memory.dmp

Filesize
92KB

Download
memory/2024-107-0x00000000032B0000-0x00000000032C7000-memory.dmp

Filesize
92KB

Download
memory/2120-297-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2120-313-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2120-310-0x00000000032D0000-0x00000000032E7000-memory.dmp

Filesize
92KB

Download
memory/2120-311-0x00000000032E0000-0x00000000032F7000-memory.dmp

Filesize
92KB

Download
memory/2120-312-0x00000000032E0000-0x00000000032F7000-memory.dmp

Filesize
92KB

Download
memory/2252-365-0x0000000003AE0000-0x0000000003AF7000-memory.dmp

Filesize
92KB

Download
memory/2252-356-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2252-366-0x0000000003AE0000-0x0000000003AF7000-memory.dmp

Filesize
92KB

Download
memory/2252-371-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2300-128-0x0000000003600000-0x0000000003617000-memory.dmp

Filesize
92KB

Download
memory/2300-129-0x0000000003600000-0x0000000003617000-memory.dmp

Filesize
92KB

Download
memory/2300-132-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2496-167-0x0000000003370000-0x0000000003387000-memory.dmp

Filesize
92KB

Download
memory/2496-152-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2496-171-0x0000000003370000-0x0000000003387000-memory.dmp

Filesize
92KB

Download
memory/2496-172-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2556-63-0x0000000003D90000-0x0000000003DA7000-memory.dmp

Filesize
92KB

Download
memory/2556-65-0x0000000003DA0000-0x0000000003DB7000-memory.dmp

Filesize
92KB

Download
memory/2556-64-0x0000000003DA0000-0x0000000003DB7000-memory.dmp

Filesize
92KB

Download
memory/2556-67-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2556-62-0x0000000003D90000-0x0000000003DA7000-memory.dmp

Filesize
92KB

Download
memory/2612-400-0x0000000003A30000-0x0000000003A47000-memory.dmp

Filesize
92KB

Download
memory/2612-386-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2612-402-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2612-401-0x0000000003A30000-0x0000000003A47000-memory.dmp

Filesize
92KB

Download
memory/2612-399-0x0000000003A30000-0x0000000003A47000-memory.dmp

Filesize
92KB

Download
memory/2684-231-0x0000000004030000-0x0000000004047000-memory.dmp

Filesize
92KB

Download
memory/2684-234-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2684-215-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2684-232-0x0000000004030000-0x0000000004047000-memory.dmp

Filesize
92KB

Download
memory/2868-85-0x0000000002410000-0x0000000002427000-memory.dmp

Filesize
92KB

Download
memory/2868-84-0x0000000002410000-0x0000000002427000-memory.dmp

Filesize
92KB

Download
memory/2868-90-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2868-87-0x0000000002420000-0x0000000002437000-memory.dmp

Filesize
92KB

Download
memory/2868-86-0x0000000002420000-0x0000000002437000-memory.dmp

Filesize
92KB

Download
memory/2940-2239-0x0000000076F00000-0x000000007701F000-memory.dmp

Filesize
1.1MB

Download
memory/2940-2240-0x0000000076E00000-0x0000000076EFA000-memory.dmp

Filesize
1000KB

Download
memory/3032-247-0x0000000003E20000-0x0000000003E37000-memory.dmp

Filesize
92KB

Download
memory/3032-248-0x0000000004030000-0x0000000004047000-memory.dmp

Filesize
92KB

Download
memory/3032-249-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3032-233-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3032-246-0x0000000003E20000-0x0000000003E37000-memory.dmp

Filesize
92KB

Download