62bf42b5350c08db60103ba2bab6cb5cbee74b40c95d3742cd2e346451cd5179

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
31/05/2024, 06:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7b9b659a8deb0d70fbfc120326766e30_NeikiAnalytics.exe
Size

316KB
MD5

7b9b659a8deb0d70fbfc120326766e30
SHA1

929def45e95b47b710f57fa2a62d46df191a83e3
SHA256

62bf42b5350c08db60103ba2bab6cb5cbee74b40c95d3742cd2e346451cd5179
SHA512

b6b77da2d81e0543e86086b75f8051dc6452c02e31bfc81dd3b819e6d0436edaed9d73362c81b2dfa390b3335180d81c1f3a7281547587af04070c5ae2a0bf82
SSDEEP

3072:mYUb5QoJ4g+LsP9iGqT8ZjKIz1ZdW4SrOLVSVpe1GhpSBfm4:mY699qT8hKSZI4zLVSVpe1GvOfV

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 64 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wqqlwd.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wrlyypbup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wtil.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wesospv.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wmcupico.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wamyu.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wyfahnfum.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	woaqg.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wrh.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wosho.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wkcumc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wxiopxel.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	7b9b659a8deb0d70fbfc120326766e30_NeikiAnalytics.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wlhgxpe.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wlehatxvc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wyrkjuf.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wktwtgfb.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wfbemfwn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wprouogd.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wlddaxxr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wnjikht.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wbotjc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	waqg.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wdn.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	way.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wau.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wpvkb.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wwehsah.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wwagoe.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wniluimb.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wdkm.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	whxbrmyl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wgdjodc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wgjqcu.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wsoaswa.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wiuyuf.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wyotc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wrinvck.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wodyt.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	woyime.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wfkqr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wwhlvi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wswm.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	waps.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wnbeobs.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wrswh.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	warbj.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wkuy.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wkggew.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wbqdxod.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	whauc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wcr.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wxxsns.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wupvavb.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wvbqnks.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wertwmjns.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wfssem.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wto.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wsltnmh.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wfmhy.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wmc.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wxa.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wnuwa.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	wejnu.exe

Executes dropped EXE 64 IoCs

pid	Process
3768	wlhgxpe.exe
5112	way.exe
1764	wvbqnks.exe
1908	wnuwa.exe
892	wrswh.exe
4592	wwfliye.exe
4396	warbj.exe
4368	wau.exe
2360	wejnu.exe
1440	wwagoe.exe
4340	wkggew.exe
724	wkuy.exe
4192	wtil.exe
5104	wnogkfgd.exe
2384	wodyt.exe
4924	waohbw.exe
5020	wgdsmdy.exe
5028	wayssi.exe
1632	wvnplne.exe
4592	wfgd.exe
3536	wvqjfbq.exe
3968	wtutkpey.exe
2392	wmw.exe
1044	wwhlvi.exe
3316	wpvkb.exe
4192	woyime.exe
912	wesospv.exe
2176	wlctrk.exe
1964	wbmpq.exe
2252	wmxpx.exe
2684	wertwmjns.exe
2604	wfbemfwn.exe
3616	wnjikht.exe
4540	wlehatxvc.exe
1028	wmcupico.exe
1200	wiuyuf.exe
3444	wfssem.exe
2200	wswm.exe
4380	wqqlwd.exe
4344	wtgxhm.exe
2136	wbqdxod.exe
3984	wniluimb.exe
4900	wrhk.exe
3656	wto.exe
2368	wcice.exe
1964	waps.exe
4628	wyotc.exe
1736	whauc.exe
3316	wsltnmh.exe
924	woaqg.exe
1548	wrinvck.exe
716	wfmhy.exe
2652	wbotjc.exe
4568	whxbrmyl.exe
4632	wprouogd.exe
640	wdkm.exe
4848	wdtmwy.exe
216	wamyu.exe
2756	wgdjodc.exe
1200	wrfhiawqb.exe
2244	wnbeobs.exe
5108	wlddaxxr.exe
2952	waqg.exe
4892	wmc.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\wkkub.exe	wbqhvaiv.exe
File created	C:\Windows\SysWOW64\wbmpq.exe	wlctrk.exe
File created	C:\Windows\SysWOW64\wfbemfwn.exe	wertwmjns.exe
File opened for modification	C:\Windows\SysWOW64\wpyhwsy.exe	waplwi.exe
File created	C:\Windows\SysWOW64\wtgko.exe	wtai.exe
File created	C:\Windows\SysWOW64\wamyu.exe	wdtmwy.exe
File created	C:\Windows\SysWOW64\wau.exe	warbj.exe
File opened for modification	C:\Windows\SysWOW64\wtgxhm.exe	wqqlwd.exe
File created	C:\Windows\SysWOW64\wmc.exe	waqg.exe
File opened for modification	C:\Windows\SysWOW64\wbqhvaiv.exe	wyfdn.exe
File opened for modification	C:\Windows\SysWOW64\wtil.exe	wkuy.exe
File opened for modification	C:\Windows\SysWOW64\wesospv.exe	woyime.exe
File created	C:\Windows\SysWOW64\wrlyypbup.exe	wmc.exe
File opened for modification	C:\Windows\SysWOW64\wtai.exe	wfst.exe
File created	C:\Windows\SysWOW64\way.exe	wlhgxpe.exe
File opened for modification	C:\Windows\SysWOW64\wbqdxod.exe	wtgxhm.exe
File created	C:\Windows\SysWOW64\wrhk.exe	wniluimb.exe
File opened for modification	C:\Windows\SysWOW64\wamyu.exe	wdtmwy.exe
File opened for modification	C:\Windows\SysWOW64\wfgd.exe	wvnplne.exe
File opened for modification	C:\Windows\SysWOW64\wgdjodc.exe	wamyu.exe
File opened for modification	C:\Windows\SysWOW64\wvbqnks.exe	way.exe
File created	C:\Windows\SysWOW64\wwtlu.exe	wxxsns.exe
File created	C:\Windows\SysWOW64\wfmhy.exe	wrinvck.exe
File created	C:\Windows\SysWOW64\wdkm.exe	wprouogd.exe
File created	C:\Windows\SysWOW64\wosho.exe	wrh.exe
File created	C:\Windows\SysWOW64\wlyrecb.exe	wtgko.exe
File created	C:\Windows\SysWOW64\wbffyr.exe	wlyrecb.exe
File opened for modification	C:\Windows\SysWOW64\wnuwa.exe	wvbqnks.exe
File opened for modification	C:\Windows\SysWOW64\wayssi.exe	wgdsmdy.exe
File created	C:\Windows\SysWOW64\wmxpx.exe	wbmpq.exe
File opened for modification	C:\Windows\SysWOW64\wbotjc.exe	wfmhy.exe
File opened for modification	C:\Windows\SysWOW64\wdn.exe	wkkub.exe
File opened for modification	C:\Windows\SysWOW64\wwehsah.exe	wktwtgfb.exe
File created	C:\Windows\SysWOW64\warbj.exe	wwfliye.exe
File created	C:\Windows\SysWOW64\wkggew.exe	wwagoe.exe
File created	C:\Windows\SysWOW64\wniluimb.exe	wbqdxod.exe
File opened for modification	C:\Windows\SysWOW64\wcr.exe	wfntakw.exe
File created	C:\Windows\SysWOW64\wxa.exe	wyrkjuf.exe
File created	C:\Windows\SysWOW64\waohbw.exe	wodyt.exe
File created	C:\Windows\SysWOW64\wyotc.exe	waps.exe
File opened for modification	C:\Windows\SysWOW64\wswm.exe	wfssem.exe
File opened for modification	C:\Windows\SysWOW64\wfkqr.exe	wlbyl.exe
File created	C:\Windows\SysWOW64\wqfcp.exe	wucoelioe.exe
File opened for modification	C:\Windows\SysWOW64\wtutkpey.exe	wvqjfbq.exe
File opened for modification	C:\Windows\SysWOW64\whxbrmyl.exe	wbotjc.exe
File opened for modification	C:\Windows\SysWOW64\wnbeobs.exe	wrfhiawqb.exe
File created	C:\Windows\SysWOW64\wtvvgav.exe	wcr.exe
File created	C:\Windows\SysWOW64\wgjqcu.exe	wfkqr.exe
File created	C:\Windows\SysWOW64\wsoaswa.exe	wupvavb.exe
File created	C:\Windows\SysWOW64\wodyt.exe	wnogkfgd.exe
File created	C:\Windows\SysWOW64\wnjikht.exe	wfbemfwn.exe
File created	C:\Windows\SysWOW64\wwagoe.exe	wejnu.exe
File opened for modification	C:\Windows\SysWOW64\wvnplne.exe	wayssi.exe
File opened for modification	C:\Windows\SysWOW64\wdtmwy.exe	wdkm.exe
File created	C:\Windows\SysWOW64\wdn.exe	wkkub.exe
File created	C:\Windows\SysWOW64\wwehsah.exe	wktwtgfb.exe
File opened for modification	C:\Windows\SysWOW64\wlctrk.exe	wesospv.exe
File created	C:\Windows\SysWOW64\wucoelioe.exe	wgjqcu.exe
File opened for modification	C:\Windows\SysWOW64\wosho.exe	wrh.exe
File opened for modification	C:\Windows\SysWOW64\wpvkb.exe	wwhlvi.exe
File created	C:\Windows\SysWOW64\wlddaxxr.exe	wnbeobs.exe
File opened for modification	C:\Windows\SysWOW64\wtvvgav.exe	wcr.exe
File created	C:\Windows\SysWOW64\wbqhvaiv.exe	wyfdn.exe
File created	C:\Windows\SysWOW64\wvbqnks.exe	way.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 18 IoCs

pid	pid_target	Process	procid_target
2716	3768	WerFault.exe	85
3016	1764	WerFault.exe	97
1348	892	WerFault.exe	108
4392	5028	WerFault.exe	153
4704	5028	WerFault.exe	153
1172	1964	WerFault.exe	192
4284	4540	WerFault.exe	209
2976	2136	WerFault.exe	234
4500	3656	WerFault.exe	245
5044	1736	WerFault.exe	259
216	3316	WerFault.exe	262
1140	924	WerFault.exe	267
3608	924	WerFault.exe	267
3360	924	WerFault.exe	333
1892	5020	WerFault.exe	341
2776	3128	WerFault.exe	352
752	3128	WerFault.exe	352
1892	4576	WerFault.exe	403

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 864 wrote to memory of 3768	864	7b9b659a8deb0d70fbfc120326766e30_NeikiAnalytics.exe	85
PID 864 wrote to memory of 3768	864	7b9b659a8deb0d70fbfc120326766e30_NeikiAnalytics.exe	85
PID 864 wrote to memory of 3768	864	7b9b659a8deb0d70fbfc120326766e30_NeikiAnalytics.exe	85
PID 864 wrote to memory of 2520	864	7b9b659a8deb0d70fbfc120326766e30_NeikiAnalytics.exe	87
PID 864 wrote to memory of 2520	864	7b9b659a8deb0d70fbfc120326766e30_NeikiAnalytics.exe	87
PID 864 wrote to memory of 2520	864	7b9b659a8deb0d70fbfc120326766e30_NeikiAnalytics.exe	87
PID 3768 wrote to memory of 5112	3768	wlhgxpe.exe	89
PID 3768 wrote to memory of 5112	3768	wlhgxpe.exe	89
PID 3768 wrote to memory of 5112	3768	wlhgxpe.exe	89
PID 3768 wrote to memory of 3888	3768	wlhgxpe.exe	90
PID 3768 wrote to memory of 3888	3768	wlhgxpe.exe	90
PID 3768 wrote to memory of 3888	3768	wlhgxpe.exe	90
PID 5112 wrote to memory of 1764	5112	way.exe	97
PID 5112 wrote to memory of 1764	5112	way.exe	97
PID 5112 wrote to memory of 1764	5112	way.exe	97
PID 5112 wrote to memory of 1264	5112	way.exe	98
PID 5112 wrote to memory of 1264	5112	way.exe	98
PID 5112 wrote to memory of 1264	5112	way.exe	98
PID 1764 wrote to memory of 1908	1764	wvbqnks.exe	101
PID 1764 wrote to memory of 1908	1764	wvbqnks.exe	101
PID 1764 wrote to memory of 1908	1764	wvbqnks.exe	101
PID 1764 wrote to memory of 3396	1764	wvbqnks.exe	102
PID 1764 wrote to memory of 3396	1764	wvbqnks.exe	102
PID 1764 wrote to memory of 3396	1764	wvbqnks.exe	102
PID 1908 wrote to memory of 892	1908	wnuwa.exe	108
PID 1908 wrote to memory of 892	1908	wnuwa.exe	108
PID 1908 wrote to memory of 892	1908	wnuwa.exe	108
PID 1908 wrote to memory of 4380	1908	wnuwa.exe	109
PID 1908 wrote to memory of 4380	1908	wnuwa.exe	109
PID 1908 wrote to memory of 4380	1908	wnuwa.exe	109
PID 892 wrote to memory of 4592	892	wrswh.exe	112
PID 892 wrote to memory of 4592	892	wrswh.exe	112
PID 892 wrote to memory of 4592	892	wrswh.exe	112
PID 892 wrote to memory of 2580	892	wrswh.exe	113
PID 892 wrote to memory of 2580	892	wrswh.exe	113
PID 892 wrote to memory of 2580	892	wrswh.exe	113
PID 4592 wrote to memory of 4396	4592	wwfliye.exe	117
PID 4592 wrote to memory of 4396	4592	wwfliye.exe	117
PID 4592 wrote to memory of 4396	4592	wwfliye.exe	117
PID 4592 wrote to memory of 3516	4592	wwfliye.exe	118
PID 4592 wrote to memory of 3516	4592	wwfliye.exe	118
PID 4592 wrote to memory of 3516	4592	wwfliye.exe	118
PID 4396 wrote to memory of 4368	4396	warbj.exe	121
PID 4396 wrote to memory of 4368	4396	warbj.exe	121
PID 4396 wrote to memory of 4368	4396	warbj.exe	121
PID 4396 wrote to memory of 3340	4396	warbj.exe	122
PID 4396 wrote to memory of 3340	4396	warbj.exe	122
PID 4396 wrote to memory of 3340	4396	warbj.exe	122
PID 4368 wrote to memory of 2360	4368	wau.exe	124
PID 4368 wrote to memory of 2360	4368	wau.exe	124
PID 4368 wrote to memory of 2360	4368	wau.exe	124
PID 4368 wrote to memory of 5040	4368	wau.exe	125
PID 4368 wrote to memory of 5040	4368	wau.exe	125
PID 4368 wrote to memory of 5040	4368	wau.exe	125
PID 2360 wrote to memory of 1440	2360	wejnu.exe	127
PID 2360 wrote to memory of 1440	2360	wejnu.exe	127
PID 2360 wrote to memory of 1440	2360	wejnu.exe	127
PID 2360 wrote to memory of 2088	2360	wejnu.exe	128
PID 2360 wrote to memory of 2088	2360	wejnu.exe	128
PID 2360 wrote to memory of 2088	2360	wejnu.exe	128
PID 1440 wrote to memory of 4340	1440	wwagoe.exe	130
PID 1440 wrote to memory of 4340	1440	wwagoe.exe	130
PID 1440 wrote to memory of 4340	1440	wwagoe.exe	130
PID 1440 wrote to memory of 4380	1440	wwagoe.exe	131

C:\Users\Admin\AppData\Local\Temp\7b9b659a8deb0d70fbfc120326766e30_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7b9b659a8deb0d70fbfc120326766e30_NeikiAnalytics.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:864
- C:\Windows\SysWOW64\wlhgxpe.exe
  "C:\Windows\system32\wlhgxpe.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:3768
- - C:\Windows\SysWOW64\way.exe
    "C:\Windows\system32\way.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Drops file in System32 directory
    - Suspicious use of WriteProcessMemory
    PID:5112
  - - C:\Windows\SysWOW64\wvbqnks.exe
      "C:\Windows\system32\wvbqnks.exe"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:1764
    - - C:\Windows\SysWOW64\wnuwa.exe
        
        "C:\Windows\system32\wnuwa.exe"
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1908
      - C:\Windows\SysWOW64\wrswh.exe
        
        "C:\Windows\system32\wrswh.exe"
        6⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:892
        
        C:\Windows\SysWOW64\wwfliye.exe
        
        "C:\Windows\system32\wwfliye.exe"
        7⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:4592
        
        C:\Windows\SysWOW64\warbj.exe
        
        "C:\Windows\system32\warbj.exe"
        8⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:4396
        
        C:\Windows\SysWOW64\wau.exe
        
        "C:\Windows\system32\wau.exe"
        9⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4368
        
        C:\Windows\SysWOW64\wejnu.exe
        
        "C:\Windows\system32\wejnu.exe"
        10⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2360
        
        C:\Windows\SysWOW64\wwagoe.exe
        
        "C:\Windows\system32\wwagoe.exe"
        11⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1440
        
        C:\Windows\SysWOW64\wkggew.exe
        
        "C:\Windows\system32\wkggew.exe"
        12⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:4340
        
        C:\Windows\SysWOW64\wkuy.exe
        
        "C:\Windows\system32\wkuy.exe"
        13⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:724
        
        C:\Windows\SysWOW64\wtil.exe
        
        "C:\Windows\system32\wtil.exe"
        14⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:4192
        
        C:\Windows\SysWOW64\wnogkfgd.exe
        
        "C:\Windows\system32\wnogkfgd.exe"
        15⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:5104
        
        C:\Windows\SysWOW64\wodyt.exe
        
        "C:\Windows\system32\wodyt.exe"
        16⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2384
        
        C:\Windows\SysWOW64\waohbw.exe
        
        "C:\Windows\system32\waohbw.exe"
        17⤵
        Executes dropped EXE
        
        PID:4924
        
        C:\Windows\SysWOW64\wgdsmdy.exe
        
        "C:\Windows\system32\wgdsmdy.exe"
        18⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:5020
        
        C:\Windows\SysWOW64\wayssi.exe
        
        "C:\Windows\system32\wayssi.exe"
        19⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:5028
        
        C:\Windows\SysWOW64\wvnplne.exe
        
        "C:\Windows\system32\wvnplne.exe"
        20⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1632
        
        C:\Windows\SysWOW64\wfgd.exe
        
        "C:\Windows\system32\wfgd.exe"
        21⤵
        Executes dropped EXE
        
        PID:4592
        
        C:\Windows\SysWOW64\wvqjfbq.exe
        
        "C:\Windows\system32\wvqjfbq.exe"
        22⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3536
        
        C:\Windows\SysWOW64\wtutkpey.exe
        
        "C:\Windows\system32\wtutkpey.exe"
        23⤵
        Executes dropped EXE
        
        PID:3968
        
        C:\Windows\SysWOW64\wmw.exe
        
        "C:\Windows\system32\wmw.exe"
        24⤵
        Executes dropped EXE
        
        PID:2392
        
        C:\Windows\SysWOW64\wwhlvi.exe
        
        "C:\Windows\system32\wwhlvi.exe"
        25⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1044
        
        C:\Windows\SysWOW64\wpvkb.exe
        
        "C:\Windows\system32\wpvkb.exe"
        26⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:3316
        
        C:\Windows\SysWOW64\woyime.exe
        
        "C:\Windows\system32\woyime.exe"
        27⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4192
        
        C:\Windows\SysWOW64\wesospv.exe
        
        "C:\Windows\system32\wesospv.exe"
        28⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:912
        
        C:\Windows\SysWOW64\wlctrk.exe
        
        "C:\Windows\system32\wlctrk.exe"
        29⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2176
        
        C:\Windows\SysWOW64\wbmpq.exe
        
        "C:\Windows\system32\wbmpq.exe"
        30⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1964
        
        C:\Windows\SysWOW64\wmxpx.exe
        
        "C:\Windows\system32\wmxpx.exe"
        31⤵
        Executes dropped EXE
        
        PID:2252
        
        C:\Windows\SysWOW64\wertwmjns.exe
        
        "C:\Windows\system32\wertwmjns.exe"
        32⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2684
        
        C:\Windows\SysWOW64\wfbemfwn.exe
        
        "C:\Windows\system32\wfbemfwn.exe"
        33⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2604
        
        C:\Windows\SysWOW64\wnjikht.exe
        
        "C:\Windows\system32\wnjikht.exe"
        34⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:3616
        
        C:\Windows\SysWOW64\wlehatxvc.exe
        
        "C:\Windows\system32\wlehatxvc.exe"
        35⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:4540
        
        C:\Windows\SysWOW64\wmcupico.exe
        
        "C:\Windows\system32\wmcupico.exe"
        36⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:1028
        
        C:\Windows\SysWOW64\wiuyuf.exe
        
        "C:\Windows\system32\wiuyuf.exe"
        37⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:1200
        
        C:\Windows\SysWOW64\wfssem.exe
        
        "C:\Windows\system32\wfssem.exe"
        38⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3444
        
        C:\Windows\SysWOW64\wswm.exe
        
        "C:\Windows\system32\wswm.exe"
        39⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:2200
        
        C:\Windows\SysWOW64\wqqlwd.exe
        
        "C:\Windows\system32\wqqlwd.exe"
        40⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4380
        
        C:\Windows\SysWOW64\wtgxhm.exe
        
        "C:\Windows\system32\wtgxhm.exe"
        41⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4344
        
        C:\Windows\SysWOW64\wbqdxod.exe
        
        "C:\Windows\system32\wbqdxod.exe"
        42⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2136
        
        C:\Windows\SysWOW64\wniluimb.exe
        
        "C:\Windows\system32\wniluimb.exe"
        43⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3984
        
        C:\Windows\SysWOW64\wrhk.exe
        
        "C:\Windows\system32\wrhk.exe"
        44⤵
        Executes dropped EXE
        
        PID:4900
        
        C:\Windows\SysWOW64\wto.exe
        
        "C:\Windows\system32\wto.exe"
        45⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:3656
        
        C:\Windows\SysWOW64\wcice.exe
        
        "C:\Windows\system32\wcice.exe"
        46⤵
        Executes dropped EXE
        
        PID:2368
        
        C:\Windows\SysWOW64\waps.exe
        
        "C:\Windows\system32\waps.exe"
        47⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1964
        
        C:\Windows\SysWOW64\wyotc.exe
        
        "C:\Windows\system32\wyotc.exe"
        48⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:4628
        
        C:\Windows\SysWOW64\whauc.exe
        
        "C:\Windows\system32\whauc.exe"
        49⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:1736
        
        C:\Windows\SysWOW64\wsltnmh.exe
        
        "C:\Windows\system32\wsltnmh.exe"
        50⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:3316
        
        C:\Windows\SysWOW64\woaqg.exe
        
        "C:\Windows\system32\woaqg.exe"
        51⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:924
        
        C:\Windows\SysWOW64\wrinvck.exe
        
        "C:\Windows\system32\wrinvck.exe"
        52⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1548
        
        C:\Windows\SysWOW64\wfmhy.exe
        
        "C:\Windows\system32\wfmhy.exe"
        53⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:716
        
        C:\Windows\SysWOW64\wbotjc.exe
        
        "C:\Windows\system32\wbotjc.exe"
        54⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2652
        
        C:\Windows\SysWOW64\whxbrmyl.exe
        
        "C:\Windows\system32\whxbrmyl.exe"
        55⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:4568
        
        C:\Windows\SysWOW64\wprouogd.exe
        
        "C:\Windows\system32\wprouogd.exe"
        56⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4632
        
        C:\Windows\SysWOW64\wdkm.exe
        
        "C:\Windows\system32\wdkm.exe"
        57⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:640
        
        C:\Windows\SysWOW64\wdtmwy.exe
        
        "C:\Windows\system32\wdtmwy.exe"
        58⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4848
        
        C:\Windows\SysWOW64\wamyu.exe
        
        "C:\Windows\system32\wamyu.exe"
        59⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:216
        
        C:\Windows\SysWOW64\wgdjodc.exe
        
        "C:\Windows\system32\wgdjodc.exe"
        60⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:2756
        
        C:\Windows\SysWOW64\wrfhiawqb.exe
        
        "C:\Windows\system32\wrfhiawqb.exe"
        61⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1200
        
        C:\Windows\SysWOW64\wnbeobs.exe
        
        "C:\Windows\system32\wnbeobs.exe"
        62⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2244
        
        C:\Windows\SysWOW64\wlddaxxr.exe
        
        "C:\Windows\system32\wlddaxxr.exe"
        63⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:5108
        
        C:\Windows\SysWOW64\waqg.exe
        
        "C:\Windows\system32\waqg.exe"
        64⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2952
        
        C:\Windows\SysWOW64\wmc.exe
        
        "C:\Windows\system32\wmc.exe"
        65⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4892
        
        C:\Windows\SysWOW64\wrlyypbup.exe
        
        "C:\Windows\system32\wrlyypbup.exe"
        66⤵
        Checks computer location settings
        
        PID:4004
        
        C:\Windows\SysWOW64\wfntakw.exe
        
        "C:\Windows\system32\wfntakw.exe"
        67⤵
        Drops file in System32 directory
        
        PID:3316
        
        C:\Windows\SysWOW64\wcr.exe
        
        "C:\Windows\system32\wcr.exe"
        68⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:2016
        
        C:\Windows\SysWOW64\wtvvgav.exe
        
        "C:\Windows\system32\wtvvgav.exe"
        69⤵
        
        PID:924
        
        C:\Windows\SysWOW64\wyfdn.exe
        
        "C:\Windows\system32\wyfdn.exe"
        70⤵
        Drops file in System32 directory
        
        PID:4608
        
        C:\Windows\SysWOW64\wbqhvaiv.exe
        
        "C:\Windows\system32\wbqhvaiv.exe"
        71⤵
        Drops file in System32 directory
        
        PID:5020
        
        C:\Windows\SysWOW64\wkkub.exe
        
        "C:\Windows\system32\wkkub.exe"
        72⤵
        Drops file in System32 directory
        
        PID:4364
        
        C:\Windows\SysWOW64\wdn.exe
        
        "C:\Windows\system32\wdn.exe"
        73⤵
        Checks computer location settings
        
        PID:3684
        
        C:\Windows\SysWOW64\wyfahnfum.exe
        
        "C:\Windows\system32\wyfahnfum.exe"
        74⤵
        Checks computer location settings
        
        PID:3128
        
        C:\Windows\SysWOW64\waplwi.exe
        
        "C:\Windows\system32\waplwi.exe"
        75⤵
        Drops file in System32 directory
        
        PID:3120
        
        C:\Windows\SysWOW64\wpyhwsy.exe
        
        "C:\Windows\system32\wpyhwsy.exe"
        76⤵
        
        PID:5064
        
        C:\Windows\SysWOW64\wyrkjuf.exe
        
        "C:\Windows\system32\wyrkjuf.exe"
        77⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:4556
        
        C:\Windows\SysWOW64\wxa.exe
        
        "C:\Windows\system32\wxa.exe"
        78⤵
        Checks computer location settings
        
        PID:3708
        
        C:\Windows\SysWOW64\wktwtgfb.exe
        
        "C:\Windows\system32\wktwtgfb.exe"
        79⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:2464
        
        C:\Windows\SysWOW64\wwehsah.exe
        
        "C:\Windows\system32\wwehsah.exe"
        80⤵
        Checks computer location settings
        
        PID:2724
        
        C:\Windows\SysWOW64\wrh.exe
        
        "C:\Windows\system32\wrh.exe"
        81⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:4188
        
        C:\Windows\SysWOW64\wosho.exe
        
        "C:\Windows\system32\wosho.exe"
        82⤵
        Checks computer location settings
        
        PID:2244
        
        C:\Windows\SysWOW64\wkcumc.exe
        
        "C:\Windows\system32\wkcumc.exe"
        83⤵
        Checks computer location settings
        
        PID:5108
        
        C:\Windows\SysWOW64\wxiopxel.exe
        
        "C:\Windows\system32\wxiopxel.exe"
        84⤵
        Checks computer location settings
        
        PID:4992
        
        C:\Windows\SysWOW64\wlbyl.exe
        
        "C:\Windows\system32\wlbyl.exe"
        85⤵
        Drops file in System32 directory
        
        PID:4284
        
        C:\Windows\SysWOW64\wfkqr.exe
        
        "C:\Windows\system32\wfkqr.exe"
        86⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:2136
        
        C:\Windows\SysWOW64\wgjqcu.exe
        
        "C:\Windows\system32\wgjqcu.exe"
        87⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:2416
        
        C:\Windows\SysWOW64\wucoelioe.exe
        
        "C:\Windows\system32\wucoelioe.exe"
        88⤵
        Drops file in System32 directory
        
        PID:2696
        
        C:\Windows\SysWOW64\wqfcp.exe
        
        "C:\Windows\system32\wqfcp.exe"
        89⤵
        
        PID:4576
        
        C:\Windows\SysWOW64\wxxsns.exe
        
        "C:\Windows\system32\wxxsns.exe"
        90⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:2532
        
        C:\Windows\SysWOW64\wwtlu.exe
        
        "C:\Windows\system32\wwtlu.exe"
        91⤵
        
        PID:4256
        
        C:\Windows\SysWOW64\wupvavb.exe
        
        "C:\Windows\system32\wupvavb.exe"
        92⤵
        Checks computer location settings
        Drops file in System32 directory
        
        PID:2668
        
        C:\Windows\SysWOW64\wsoaswa.exe
        
        "C:\Windows\system32\wsoaswa.exe"
        93⤵
        Checks computer location settings
        
        PID:4304
        
        C:\Windows\SysWOW64\wfst.exe
        
        "C:\Windows\system32\wfst.exe"
        94⤵
        Drops file in System32 directory
        
        PID:1856
        
        C:\Windows\SysWOW64\wtai.exe
        
        "C:\Windows\system32\wtai.exe"
        95⤵
        Drops file in System32 directory
        
        PID:3680
        
        C:\Windows\SysWOW64\wtgko.exe
        
        "C:\Windows\system32\wtgko.exe"
        96⤵
        Drops file in System32 directory
        
        PID:736
        
        C:\Windows\SysWOW64\wlyrecb.exe
        
        "C:\Windows\system32\wlyrecb.exe"
        97⤵
        Drops file in System32 directory
        
        PID:1068
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtgko.exe"
        97⤵
        
        PID:4500
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtai.exe"
        96⤵
        
        PID:1548
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfst.exe"
        95⤵
        
        PID:3524
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wsoaswa.exe"
        94⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wupvavb.exe"
        93⤵
        
        PID:3576
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwtlu.exe"
        92⤵
        
        PID:4604
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxxsns.exe"
        91⤵
        
        PID:4248
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqfcp.exe"
        90⤵
        
        PID:3972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 1644
        90⤵
        Program crash
        
        PID:1892
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wucoelioe.exe"
        89⤵
        
        PID:924
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgjqcu.exe"
        88⤵
        
        PID:2184
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfkqr.exe"
        87⤵
        
        PID:4760
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlbyl.exe"
        86⤵
        
        PID:3844
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxiopxel.exe"
        85⤵
        
        PID:4184
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkcumc.exe"
        84⤵
        
        PID:5112
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wosho.exe"
        83⤵
        
        PID:4484
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrh.exe"
        82⤵
        
        PID:4376
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwehsah.exe"
        81⤵
        
        PID:1304
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wktwtgfb.exe"
        80⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxa.exe"
        79⤵
        
        PID:3792
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wyrkjuf.exe"
        78⤵
        
        PID:3676
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpyhwsy.exe"
        77⤵
        
        PID:3316
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\waplwi.exe"
        76⤵
        
        PID:3276
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wyfahnfum.exe"
        75⤵
        
        PID:4936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 116
        75⤵
        Program crash
        
        PID:2776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 1536
        75⤵
        Program crash
        
        PID:752
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdn.exe"
        74⤵
        
        PID:3616
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkkub.exe"
        73⤵
        
        PID:4088
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbqhvaiv.exe"
        72⤵
        
        PID:1344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 116
        72⤵
        Program crash
        
        PID:1892
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wyfdn.exe"
        71⤵
        
        PID:2516
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtvvgav.exe"
        70⤵
        
        PID:668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 924 -s 1504
        70⤵
        Program crash
        
        PID:3360
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wcr.exe"
        69⤵
        
        PID:3536
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfntakw.exe"
        68⤵
        
        PID:2320
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrlyypbup.exe"
        67⤵
        
        PID:5064
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmc.exe"
        66⤵
        
        PID:2136
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\waqg.exe"
        65⤵
        
        PID:3048
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlddaxxr.exe"
        64⤵
        
        PID:2148
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnbeobs.exe"
        63⤵
        
        PID:4248
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrfhiawqb.exe"
        62⤵
        
        PID:1344
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgdjodc.exe"
        61⤵
        
        PID:4548
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wamyu.exe"
        60⤵
        
        PID:2248
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdtmwy.exe"
        59⤵
        
        PID:880
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdkm.exe"
        58⤵
        
        PID:3272
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wprouogd.exe"
        57⤵
        
        PID:4168
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whxbrmyl.exe"
        56⤵
        
        PID:4976
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbotjc.exe"
        55⤵
        
        PID:2312
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfmhy.exe"
        54⤵
        
        PID:2692
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrinvck.exe"
        53⤵
        
        PID:2232
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\woaqg.exe"
        52⤵
        
        PID:3536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 924 -s 1132
        52⤵
        Program crash
        
        PID:1140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 924 -s 116
        52⤵
        Program crash
        
        PID:3608
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wsltnmh.exe"
        51⤵
        
        PID:1856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 1432
        51⤵
        Program crash
        
        PID:216
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whauc.exe"
        50⤵
        
        PID:1040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 1700
        50⤵
        Program crash
        
        PID:5044
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wyotc.exe"
        49⤵
        
        PID:4892
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\waps.exe"
        48⤵
        
        PID:420
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wcice.exe"
        47⤵
        
        PID:3972
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wto.exe"
        46⤵
        
        PID:3792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 1068
        46⤵
        Program crash
        
        PID:4500
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrhk.exe"
        45⤵
        
        PID:2176
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wniluimb.exe"
        44⤵
        
        PID:4544
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbqdxod.exe"
        43⤵
        
        PID:4820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 1676
        43⤵
        Program crash
        
        PID:2976
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtgxhm.exe"
        42⤵
        
        PID:1896
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqqlwd.exe"
        41⤵
        
        PID:1320
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wswm.exe"
        40⤵
        
        PID:3456
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfssem.exe"
        39⤵
        
        PID:4536
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wiuyuf.exe"
        38⤵
        
        PID:3088
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmcupico.exe"
        37⤵
        
        PID:4408
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlehatxvc.exe"
        36⤵
        
        PID:3984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 1536
        36⤵
        Program crash
        
        PID:4284
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnjikht.exe"
        35⤵
        
        PID:3120
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfbemfwn.exe"
        34⤵
        
        PID:2988
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wertwmjns.exe"
        33⤵
        
        PID:2392
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmxpx.exe"
        32⤵
        
        PID:1564
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbmpq.exe"
        31⤵
        
        PID:764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 1568
        31⤵
        Program crash
        
        PID:1172
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlctrk.exe"
        30⤵
        
        PID:2404
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wesospv.exe"
        29⤵
        
        PID:668
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\woyime.exe"
        28⤵
        
        PID:1040
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpvkb.exe"
        27⤵
        
        PID:4976
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwhlvi.exe"
        26⤵
        
        PID:3176
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmw.exe"
        25⤵
        
        PID:4752
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtutkpey.exe"
        24⤵
        
        PID:744
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvqjfbq.exe"
        23⤵
        
        PID:3948
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfgd.exe"
        22⤵
        
        PID:3984
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvnplne.exe"
        21⤵
        
        PID:4184
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wayssi.exe"
        20⤵
        
        PID:3908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 660
        20⤵
        Program crash
        
        PID:4392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 656
        20⤵
        Program crash
        
        PID:4704
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgdsmdy.exe"
        19⤵
        
        PID:1564
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\waohbw.exe"
        18⤵
        
        PID:4424
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wodyt.exe"
        17⤵
        
        PID:3164
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnogkfgd.exe"
        16⤵
        
        PID:3976
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtil.exe"
        15⤵
        
        PID:1040
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkuy.exe"
        14⤵
        
        PID:4500
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkggew.exe"
        13⤵
        
        PID:1736
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwagoe.exe"
        12⤵
        
        PID:4380
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wejnu.exe"
        11⤵
        
        PID:2088
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wau.exe"
        10⤵
        
        PID:5040
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\warbj.exe"
        9⤵
        
        PID:3340
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwfliye.exe"
        8⤵
        
        PID:3516
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrswh.exe"
        7⤵
        
        PID:2580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 1328
        7⤵
        Program crash
        
        PID:1348
      - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnuwa.exe"
        6⤵
        
        PID:4380
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvbqnks.exe"
        5⤵
        
        PID:3396
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 1132
        5⤵
        Program crash
        
        PID:3016
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\way.exe"
      4⤵
      PID:1264
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlhgxpe.exe"
    3⤵
    PID:3888
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 1468
    3⤵
    - Program crash
    PID:2716
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c del "C:\Users\Admin\AppData\Local\Temp\7b9b659a8deb0d70fbfc120326766e30_NeikiAnalytics.exe"
  2⤵
  PID:2520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3768 -ip 3768
1⤵
PID:4632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 1764 -ip 1764
1⤵
PID:2756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 892 -ip 892
1⤵
PID:2564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 5028 -ip 5028
1⤵
PID:2240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 5028 -ip 5028
1⤵
PID:3612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 1964 -ip 1964
1⤵
PID:1188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 4540 -ip 4540
1⤵
PID:1896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2136 -ip 2136
1⤵
PID:3356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 3656 -ip 3656
1⤵
PID:4752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 1736 -ip 1736
1⤵
PID:3976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3316 -ip 3316
1⤵
PID:4308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 924 -ip 924
1⤵
PID:1264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 924 -ip 924
1⤵
PID:2348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 924 -ip 924
1⤵
PID:1132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 5020 -ip 5020
1⤵
PID:2684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3128 -ip 3128
1⤵
PID:2568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 3128 -ip 3128
1⤵
PID:3788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 4576 -ip 4576
1⤵
PID:3020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\waohbw.exe

Filesize
317KB

MD5
a0e0c0babf6e8e6b3478dd6e11a0ce14

SHA1
d5bf42eed238ba9dc7aff8a3c40c16f2caf55169

SHA256
97b9dfbd0b2ccdfc2cbef877bd0312c8a1799e8dbc461c90be38c9c1c517751f

SHA512
1fbb1075d7f9435605faa38c4be90a7bdfb94e60f31cbab0763823113df0e4456ff89551814d086fe3be7d8471388f1826ab893b9db03e0aa5412a4a5b4592cc

Download Submit
C:\Windows\SysWOW64\warbj.exe

Filesize
316KB

MD5
5718f2b0309ae258727ad4ad3bf4e66c

SHA1
fe42ea6e42153e7ed06911f654adb9a4835c251c

SHA256
275ceb1ffb7281ca40b29899fe4c63177bf2434ed918e04a8cdf00d6572f175b

SHA512
3cfe42f946063e8ebe294d17906bf605fd72a56aeacb20e53b23c949bd4866d81db6658b84ecddcfd97b7213d5acd3c39092ef7f3f411e2cecb4e9fc0a56ab09

Download Submit
C:\Windows\SysWOW64\wau.exe

Filesize
317KB

MD5
b1618a5087b8d4065a8f9237ac5d5fe5

SHA1
dd865c55cf8f004d4d3c724586fa6498f3b847f1

SHA256
d460f0954885774f553c90f7b8d46e18d3c1d0f041c49d78195af0d5da1b30d8

SHA512
1f8c1e3f93d727ef3029adbfdcac3726588f59f7002fd0495f1995b2e0ad6b15668c9a133330a491dfa1d713f6371293c74933699eaceca79d5369ef1ffa2ad1

Download Submit
C:\Windows\SysWOW64\way.exe

Filesize
316KB

MD5
ff4b80f07bcb952b0742393a59e72666

SHA1
3c9f14658352c84ccb6170cfb947e578acd7ed53

SHA256
d9fc108c016f6e905072fe3a3a2693b612cbd113d5cb37043e807b0ad639684d

SHA512
7cf3c599c63236bb62d7250dfe379de916f18bb980080ecaf3bd228d518fe6d0f5611652d9c655b3999978348330878c462a685443ed43dc6a2ebb7c1b79c012

Download Submit
C:\Windows\SysWOW64\wayssi.exe

Filesize
317KB

MD5
fe4097c03442d4f571b8f8af7d457ae5

SHA1
9ad4ca06dc44e24ccfe4a9b1113725f0b1cb7c0d

SHA256
c5d2ce0c2ef9a63f24cb96f589fe6f3869aa8b526e799a2abd2dd8aa30d0fb22

SHA512
29920e2296b405920651d65570339b1eef2f7124b104b3e9b94fddace8b19c5238971b1f76a31ff08955b5df1010696afa5dead133e3a1c4067fe3b0f8dc74f6

Download Submit
C:\Windows\SysWOW64\wbmpq.exe

Filesize
317KB

MD5
9186937dd8ce1e6643af4fece579ec33

SHA1
c8757bd30fa4f3b3c326bb0426798ffcac77f8cc

SHA256
7c03116411028b2be5ba7895ea7917045d4bad9d98606b188b9205c8c5de1ba2

SHA512
5d421700c1ff08a4de1032eb5b89e035a2c875aa71fc3265e6e8348d6c653157d2d87b3945606c1780cb8f8903945e96a47c08e42f8b374058466b17fe1685e3

Download Submit
C:\Windows\SysWOW64\wejnu.exe

Filesize
317KB

MD5
8d1f1b520df60b24da81c126f24ed152

SHA1
86fda0291f8af982f6e717ce168f376bd244a530

SHA256
68699d8ea142bd0a5aa48e0b82cd5d4cc8986bfc12be23365be0cae05ae2ca7c

SHA512
78a88325e4c0ea6bf2e2a83193bfbe9c4be0198731a48f637ac153639a8ea87004bec169a39b1c40651025dcb86a310f543797fcdf13fb9f8e7baeb9ff3230af

Download Submit
C:\Windows\SysWOW64\wertwmjns.exe

Filesize
317KB

MD5
9d1e5bbe79bebb991caddc25e9883187

SHA1
08fe8c9872bf6d8503d0233ad02f4d730dfe64c9

SHA256
e3b2f2c48172dc6e359cf07d59e7ab00af55d8195740cc79b815d39544b47602

SHA512
b1c3564b756cede300aab23516befabdb5c50da790e961d426166fe5cf7c79d80b51ed8a2e1e90771e37a2b5f81c03ede2f0b2ad4d125fad6fcebcffdff8925d

Download Submit
C:\Windows\SysWOW64\wesospv.exe

Filesize
317KB

MD5
2fd942a642c6c2857a6af9edd3b272b2

SHA1
12c709d56e6c989f511f8e423d748e896939d6a1

SHA256
40a165be4f37f1194c5356aa7fa5d14d548afa158ecf6e8c1fcc69f17c04c51c

SHA512
b58e697d7088dd48909130f09a89734fa675cb613444567c5ad137ea146b159ff88ac2e5b888c8d5ce5b330da37c75a58243c2f8e5b732258dfd10c014ba2ec0

Download Submit
C:\Windows\SysWOW64\wfbemfwn.exe

Filesize
317KB

MD5
59e6a0d14c3d2b5a08bacb9dba436361

SHA1
d07ee194ca52aedee220a15a99a1430c0c3a5191

SHA256
f600244174d7b807e1d5cf7eb8d8881e69e5d3c1eb85ed1ad0a464784bfc8e54

SHA512
0ce87f004e935d568184428594eb308e3fe2ecc903dd04c545ef5a2ea5564cf255e18f78c4d4bfc1f3bab7de3ec1a4b94cc8163eb3bad0ffd0bcb8e8adb20d68

Download Submit
C:\Windows\SysWOW64\wfgd.exe

Filesize
317KB

MD5
b0db2dcd164223a02a070f1ebc795de3

SHA1
3112130d26b95e7aaa2e0e162e45029a8918dc1b

SHA256
5f83f575fff87f6b2439282d6b2c4794cc89a3c07c03b1511bbab6ec1d56739e

SHA512
a59a750ebbb5ea53e2712a24b97c253d66e09c38e53d60196ee3f86528945b1c87d8dc2748e9a61b41237ce6fde1c078ae866c038ff5d10353d11122fc206b0f

Download Submit
C:\Windows\SysWOW64\wgdsmdy.exe

Filesize
317KB

MD5
1a203aacb26030c30d8e2914249027ca

SHA1
c0455b4e9af5444c9988b4df95651c1893790ec2

SHA256
8668ccac96248d5ac84c559a1f420743b16d91a5c0024b052dfe0df22c3949f5

SHA512
15f4182c3383c35144cccce4cee2c3c4448c379f4368576c679e5c06cec5994acfd84a50c062b102782319feb61efb330182905bbe2c06dc9d6cb4d6f2ba275c

Download Submit
C:\Windows\SysWOW64\wkggew.exe

Filesize
317KB

MD5
e37cd26cda24cd7700fc08e375295bf8

SHA1
bc0d2971b91576c5694bcb3a1fb942169384774f

SHA256
82cd5e59e8781ee500e8ddfe466aafd80f239026174479d74e40413636f03c35

SHA512
4db7217c2b245e4cb860fd9ad2f99db0f60066c37e931c8d3199034adbe926d2c8ef6c16416051d8cb9ed7c11161fda6bcb09918efb098b0567b3859ad6720fd

Download Submit
C:\Windows\SysWOW64\wkuy.exe

Filesize
317KB

MD5
368dda14512b98946d29c14412f31775

SHA1
e29023f72dbc59ce7a713863131839da4408b3fe

SHA256
0749f63c60a03ac29819e42337a7ae4ae99783ee99ac116698512f0a31907efa

SHA512
d68ef799754d7d95163abf024a6c0d6fa865ad426afbc0137764bcf0a34881c95a7677049059adcabd8adfe3e8505666f8e29fada3c82210fee5f948349879a9

Download Submit
C:\Windows\SysWOW64\wlctrk.exe

Filesize
317KB

MD5
59e9612f13a913f219080ccb327f8a58

SHA1
e477a466ca55388ed05a1064cdb7f45a483150a3

SHA256
1f5135bf7b2f58e6ff9df613d01d8e6fcf05b3123dc363c7e8794c6ce6554844

SHA512
304453081c73dec63ebc638012027c169f79e0b1e3dd97f6c4e7bf7d3bc799e6675ab64f431e1ee0d7d4f834fe81cc806c03330a44b67acb0e99a2d51a70b8c0

Download Submit
C:\Windows\SysWOW64\wlhgxpe.exe

Filesize
316KB

MD5
c17e6edcd9ad2042c6f8632daadc1c7e

SHA1
0cab84d47e406256153c36b15638d87ce7631318

SHA256
aa7aaff4c09d16b97e18429168c13a0ad1eb5daca0afb460422fa1fea9a4bf1d

SHA512
6c28476ff9c0b88227b340f7d16f667421c4edcb0605037673504bd1524a4d41bbb6af539a97e84df6895c2aefdc159a6225704ddb2fe76cfebb172af7001d04

Download Submit
C:\Windows\SysWOW64\wmw.exe

Filesize
317KB

MD5
2ec100fc83a3b1ae5591c34f9ccf2a92

SHA1
bf8dee3f8d774e6b21a3439ee7f90f41d287ddba

SHA256
19186df40e663d2fdddd6094e6289ab82e3e9de9af0b4135c2b90e93dbdc1cf3

SHA512
231bd3aa6d6efbbfff2d393576efc7bb989807c0a516b11b827bae222814011ffb32de72984b5e42c6fe26d64d4609e21da45975f01a40232575f084982a35b7

Download Submit
C:\Windows\SysWOW64\wmxpx.exe

Filesize
317KB

MD5
7596ba99a243ac8b92361cbaca60dc1f

SHA1
cc56bb742b4912be528ce200db667f3ca3b745b8

SHA256
0fc93fe5083aa16b139d61ea682ef1c270ed0f3422fda74195752e7c21251d9b

SHA512
298ca59bb4f5d9dd25513a6805ab73fd29c6b414b5ceb375d44a7e10364dbbbd22360b42382a485c2d67b62d605a1a693c9e797ec3f2c02444fd046de58db80a

Download Submit
C:\Windows\SysWOW64\wnogkfgd.exe

Filesize
317KB

MD5
a9975676da6be5025b27da5c992b263a

SHA1
da0fba6bd6f0a8389f091a1fc91ba4b42df32041

SHA256
f75a4a59213512bd1cd10bebcd2b1a940e4be9b77bfb2b1c225fa732db4a213a

SHA512
b990bc167a372f44327205d051341d6fba75ef959db4cae44a7d814d80b4cb3d6415024f6e270563920e3fe51aa7b6d1c3a56fd9c9e20697868c97d860f6a8a4

Download Submit
C:\Windows\SysWOW64\wnuwa.exe

Filesize
316KB

MD5
d1c374a42d8a1f200027e3f1b906743a

SHA1
7822e5f78e8c78eac2336106e6fcac3de9733aed

SHA256
2e9e665bdc692089fb261aedb8ee15bbed9e2e19c79dd664054f5a0e662b5dcc

SHA512
b9efa5fef1db98b0288d3f13edc5892dffda9400341dbf76ff7b38a0a528fede7612337443d1662a38330584c00f5e790a1fac1243fde9609e322b3bf8ea4c04

Download Submit
C:\Windows\SysWOW64\wodyt.exe

Filesize
317KB

MD5
b1fb0db6352c79c481e144f2fd13f2d2

SHA1
692b1c6a19fa59142b9665644ae17d0bfcc1e9d1

SHA256
26d353a0b6a40de5b719296623f38eda64b09955ece8d4842ac017942dd89c79

SHA512
845ab1803f0e482a598d0ec592402ea35536d5608d4bf2c8fa98d62ed2fb1f0eb5815537f659ef561994afa729156f5ad47d8cbb2d0e561071ec712f826c01c9

Download Submit
C:\Windows\SysWOW64\woyime.exe

Filesize
317KB

MD5
5af1d2e3590118c6374344c3e98b8739

SHA1
4cc42498fc8d4c76d5b5e4931f9fde800ab46448

SHA256
34755c4db353142e4a80c08c3b94de7b8b9b01a203ac809aae6805c3c92ddb62

SHA512
33666ee8cdd8c95444a64ed68cedb0ea2d1ea8f62cccc3c697b12e372c16ecd80d3b3f355d28e3d0f74c5b09fcebb0c21c75d2dece503c77a1d72c7bc1edbe2b

Download Submit
C:\Windows\SysWOW64\wpvkb.exe

Filesize
317KB

MD5
3abc081137ff989855ab7d4cc7ef6a8e

SHA1
f28a10da08db1d1e519437aaf2d145b78dc8ee11

SHA256
7950ab423b3b2c173403e01aaac888b21a1dbba637ef01af13209300df7d81e4

SHA512
9f91aa74115cb1d763032b9a641bcabc362eff61e4aed940718de3f01a3009196516a09dfe4f4a98b1624218415c24965a606dfb5b78f84277f5029e412d3d84

Download Submit
C:\Windows\SysWOW64\wrswh.exe

Filesize
316KB

MD5
b49fce48d57d952b900e3e02f59441b7

SHA1
670f33a3b7fa4309bc5522fbfcffc51db4342b80

SHA256
f147d48a5b42b4e623ca4f9bba5a1cae1853e5d4b158c6211c5731cbd0b734aa

SHA512
c3237e3b90533f0c8713d24aca0ea9962da6b6f16cf14b457c508fec26edc139603ea447a083959715e56103408b95963e09b261777ab6f2f64a97394c81fae2

Download Submit
C:\Windows\SysWOW64\wtil.exe

Filesize
317KB

MD5
32f8a90d1fe349731126bb5a82b3e5f0

SHA1
94ed686377f2ca8476a8fc6f9999e6107f00c53b

SHA256
43fbb6a73db7d29d2171074af033a572766d4c41d3b88ee0fbb6d56b32916ae4

SHA512
41a99bf0a5de4f73db2b28f87fcb5f27203b6591d446fec9dffb3dd432fb2df8ff4bf9e331dcc7e3c954f827cf88514461ea24b9c7badcbfb35ac58fc918cfaa

Download Submit
C:\Windows\SysWOW64\wtutkpey.exe

Filesize
317KB

MD5
dde42daf6934e5a99229bd5ec8a92e90

SHA1
f607d89799f1940ef6c67288f80fac90e3f0420f

SHA256
1f9aa1e32b0bb51a144cc17a652630a85dcffb708d1ea1a58086e979c37a057d

SHA512
2a9900314a5ffe414fa3b351222f651ab83856f9d6e2eae7352d30503c2617271b5caa1c79ffc2a4d847e9d638d8f2eec4d66c62558b242f99bccef63bf8fe5d

Download Submit
C:\Windows\SysWOW64\wvbqnks.exe

Filesize
316KB

MD5
e3bfc2433a9aedb2a7e5ba7eaa31bf41

SHA1
4e31615e4c17e00f1e5262b2ba94bb3cc0e80306

SHA256
5651da5c9ba50d31559241751fa4de8b56113e59693a33d38d260c2ff6a9ccd3

SHA512
2bb476c6aba006b102d6f065879f40f73c4c04b72017603ad84fca24b26c5fb3630a22de05b29f9b40ec475d6dd84152f88362d125ade9cb67795ee86202c125

Download Submit
C:\Windows\SysWOW64\wvnplne.exe

Filesize
317KB

MD5
057e4b091786b5eead52d76879ab535e

SHA1
8baeb1b1dd6d418ab40f44749d16a7ea732f1474

SHA256
d81b24c47ae7adc7c61de0c72b8ccf7af0be055ec6d0a5caf68f507b0b840de7

SHA512
b0086a7268b9dd5d7e36281e4d4c12f5e6b538a92a7bb26fdc2c9fc51b2943ca017d6cf20bda008f50420d1da86626f9d8e5eb2e19992665e4b0a77cb3061451

Download Submit
C:\Windows\SysWOW64\wvqjfbq.exe

Filesize
317KB

MD5
e96db724e9a69b4b7fd4100e7ef4d61b

SHA1
88985f36dece1c773a67da9c2ebedafd5e11e8f7

SHA256
906c3007fe67bdddb25f400c91558f0626ec9377a34cf95dfc211337ea5c3f82

SHA512
383adf7e1938b17dd44768762dcb65b8cfd1ed8f0f4caa4b2e939cedb7ccbbf6cc42bbcdab654e9b6f308082c4a8c9f4543d1ad199c941c8bba92b90985f4c86

Download Submit
C:\Windows\SysWOW64\wwagoe.exe

Filesize
317KB

MD5
acdef6e4c65e4718b781adab4856b754

SHA1
38f30c65d230a37d207a5a62f9eb740aa1344834

SHA256
d517b60147a5bd50ee460f87a84f7ba25533236f1376fb66b8dab6a87db7fac6

SHA512
31fbc81a5dff0dcbff88f0c6bf61b0162398a220080e69006874d11ed6764168c9fea3f265c0ee23747f7db8b28dcdf8efc81c629a767e469e3eaf08ae8e9c0b

Download Submit
C:\Windows\SysWOW64\wwfliye.exe

Filesize
316KB

MD5
c064c682e1575b9bb6f6aa806cf85ac6

SHA1
a73a5390af7cab34f721c18023acce2f03f7b9c8

SHA256
232afb8d40baf46005031d2703caaf64a561980f07a6f7939389d2b02e67d4b7

SHA512
988f2e2b6527248bcbbccff8bea3ffe3a95d1d9e0ab01f923ebcf0e89066485ce56f337642ea241e98cb3e739ed9d0948177d9a426ad99bf98bbeecab939815f

Download Submit
C:\Windows\SysWOW64\wwhlvi.exe

Filesize
317KB

MD5
fefea806f8415467d378e2bbf88fb907

SHA1
f837cec295c7155fe7b404e5b8be741029a0e847

SHA256
6f662988f3806d6465ee64adfc4c366080ac1602cfe5c3a09a362dbf16d06643

SHA512
fb62f1e977842945eb2f23320033f067d01c88a453347635b22f492be225e5c82a22462f69d27885f3d2e1dc882f1e0b726efadcf823a0fb04d20c34034ec33e

Download Submit
memory/216-560-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/640-535-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/640-544-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/716-511-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/716-501-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/724-134-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/724-123-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/864-0-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/864-11-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/892-51-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/892-62-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/912-289-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/912-277-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/924-493-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1028-366-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1028-356-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1044-257-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1200-578-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1200-568-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1200-365-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1200-375-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1440-113-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1548-502-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1632-206-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1736-477-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1764-41-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1908-52-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1964-451-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1964-460-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1964-309-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2136-410-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2136-418-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2176-288-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2176-299-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2200-392-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2200-383-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2244-577-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2244-587-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2252-320-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2360-102-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2368-452-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2384-164-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2392-247-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2604-339-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2652-510-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2652-519-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2684-319-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2684-330-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2756-569-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2952-604-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2952-595-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3316-476-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3316-485-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3316-267-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3316-621-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3444-374-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3444-384-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3536-227-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3536-216-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3616-348-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3616-338-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3656-443-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3656-434-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3768-10-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3768-21-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3968-237-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3984-426-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4004-612-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4192-144-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4192-278-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4340-112-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4340-124-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4344-409-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4368-92-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4380-393-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4380-401-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4396-82-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4540-347-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4540-357-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4568-527-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4592-205-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4592-72-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4592-217-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4628-468-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4632-536-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4848-552-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4892-613-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4900-435-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/4924-175-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5020-185-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5020-174-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5028-195-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5104-154-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5108-586-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5108-596-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/5112-31-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download