d0e01a5a6a926c591875940d3fd24c3abe818416159102e7ee5d006e5345d00e

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
11/05/2024, 05:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

878bd11b714be8dc7fd95d26f4120450_NeikiAnalytics.exe
Size

41KB
MD5

878bd11b714be8dc7fd95d26f4120450
SHA1

28e9e5c2f6ac8dab217303bcf7c49284c87ec3c8
SHA256

d0e01a5a6a926c591875940d3fd24c3abe818416159102e7ee5d006e5345d00e
SHA512

984ba4a08a893afe558260978f14411292841d773d4b8d3b986cb86c9e087fad47f9ca9effe9857dff52d8fc8db7628aa23f008591e173b5dac4ea10cfaf70fe
SSDEEP

768:yiYoIfHbL8KatMHv+7dwwaleRp2OuyamBlabCY787fsBaJxy1xQM:XbyYt7LagG3N13oDWiM

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2364	cmd.exe

Executes dropped EXE 64 IoCs

pid	Process
2220	wux.exe
2800	weba.exe
1704	woeadf.exe
3060	waiadbl.exe
2076	wkbov.exe
2236	wech.exe
1620	wxtpggm.exe
2840	wwgn.exe
2540	wljjeq.exe
2544	wvcy.exe
1228	wdu.exe
2740	wbwg.exe
1664	wtkiotgd.exe
1688	wob.exe
2400	wlopvvlu.exe
2028	wfqiedov.exe
2860	wwhqfg.exe
1972	wjlpg.exe
2584	whmef.exe
2456	wsrefww.exe
1944	whiqp.exe
1652	wevpvg.exe
2056	wxxgelcxm.exe
2404	wrop.exe
1508	wgr.exe
3056	wifgutiqc.exe
2928	wkqarjc.exe
2516	wvx.exe
948	woeggle.exe
1484	wehcxy.exe
1184	wqphk.exe
2228	wnagqr.exe
808	wcsrc.exe
1104	wrvo.exe
2144	wpinyqrkd.exe
844	wdmtj.exe
2472	waaspg.exe
2220	wlrjibm.exe
2452	wfjqkg.exe
1528	wewp.exe
764	wsobb.exe
488	wulhfhka.exe
904	wrnufdop.exe
1868	whf.exe
2716	wsx.exe
2188	whmdhb.exe
2024	wwdnrngu.exe
2440	wjvelk.exe
1532	wwxacxno.exe
1108	wlch.exe
1512	wiogsmbxy.exe
356	wxgr.exe
1320	wrutqgyl.exe
2848	wthpou.exe
2208	waoxkynli.exe
2608	wprtcmlv.exe
1484	witlkrl.exe
540	wdstjxjb.exe
856	wxvkqcld.exe
2412	wwwaqypt.exe
1028	wxjtpoj.exe
2936	wmcgx.exe
1960	wcec.exe
2632	wureeuh.exe

Loads dropped DLL 64 IoCs

pid	Process
1736	878bd11b714be8dc7fd95d26f4120450_NeikiAnalytics.exe
1736	878bd11b714be8dc7fd95d26f4120450_NeikiAnalytics.exe
1736	878bd11b714be8dc7fd95d26f4120450_NeikiAnalytics.exe
1736	878bd11b714be8dc7fd95d26f4120450_NeikiAnalytics.exe
2220	wux.exe
2220	wux.exe
2220	wux.exe
2220	wux.exe
2220	wux.exe
2800	weba.exe
2800	weba.exe
2800	weba.exe
2800	weba.exe
2800	weba.exe
1704	woeadf.exe
1704	woeadf.exe
1704	woeadf.exe
1704	woeadf.exe
1704	woeadf.exe
3060	waiadbl.exe
3060	waiadbl.exe
3060	waiadbl.exe
3060	waiadbl.exe
3060	waiadbl.exe
2076	wkbov.exe
2076	wkbov.exe
2076	wkbov.exe
2076	wkbov.exe
2076	wkbov.exe
2236	wech.exe
2236	wech.exe
2236	wech.exe
2236	wech.exe
2236	wech.exe
1620	wxtpggm.exe
1620	wxtpggm.exe
1620	wxtpggm.exe
1620	wxtpggm.exe
1620	wxtpggm.exe
2840	wwgn.exe
2840	wwgn.exe
2840	wwgn.exe
2840	wwgn.exe
2840	wwgn.exe
2540	wljjeq.exe
2540	wljjeq.exe
2540	wljjeq.exe
2540	wljjeq.exe
2540	wljjeq.exe
2544	wvcy.exe
2544	wvcy.exe
2544	wvcy.exe
2544	wvcy.exe
2544	wvcy.exe
1228	wdu.exe
1228	wdu.exe
1228	wdu.exe
1228	wdu.exe
1228	wdu.exe
2740	wbwg.exe
2740	wbwg.exe
2740	wbwg.exe
2740	wbwg.exe
2740	wbwg.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1736-0-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral1/memory/1736-6-0x00000000035D0000-0x00000000035EA000-memory.dmp	upx
behavioral1/files/0x0009000000016176-5.dat	upx
behavioral1/memory/2220-21-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral1/memory/1736-25-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral1/files/0x0009000000016be2-32.dat	upx
behavioral1/memory/2220-52-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral1/memory/2800-48-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral1/files/0x0008000000016bfb-56.dat	upx
behavioral1/memory/2800-77-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral1/memory/1704-74-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral1/files/0x000a000000016176-84.dat	upx
behavioral1/memory/1704-94-0x0000000003360000-0x000000000337A000-memory.dmp	upx
behavioral1/memory/1704-99-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral1/files/0x000a000000016be2-116.dat	upx
behavioral1/memory/2076-121-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral1/memory/3060-119-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral1/files/0x0009000000016bfb-128.dat	upx
behavioral1/memory/2076-144-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral1/memory/2236-141-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral1/files/0x000b000000016176-151.dat	upx
behavioral1/memory/2236-156-0x0000000003440000-0x000000000345A000-memory.dmp	upx
behavioral1/memory/2236-168-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral1/files/0x000b000000016be2-172.dat	upx
behavioral1/memory/1620-186-0x0000000004120000-0x000000000413A000-memory.dmp	upx
behavioral1/memory/1620-185-0x0000000004020000-0x000000000403A000-memory.dmp	upx
behavioral1/memory/1620-190-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral1/files/0x000a000000016bfb-195.dat	upx
behavioral1/memory/2840-208-0x0000000001E90000-0x0000000001EAA000-memory.dmp	upx
behavioral1/memory/2840-212-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral1/memory/2540-226-0x0000000002230000-0x000000000224A000-memory.dmp	upx
behavioral1/files/0x000c000000016176-217.dat	upx
behavioral1/memory/2540-229-0x0000000002300000-0x000000000231A000-memory.dmp	upx
behavioral1/memory/2540-227-0x0000000002230000-0x000000000224A000-memory.dmp	upx
behavioral1/memory/2544-232-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral1/memory/2540-231-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral1/memory/2544-245-0x0000000003630000-0x000000000364A000-memory.dmp	upx
behavioral1/memory/1228-246-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral1/memory/2544-249-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral1/memory/1228-266-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral1/memory/1228-264-0x0000000003EE0000-0x0000000003EEB000-memory.dmp	upx
behavioral1/memory/2740-263-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral1/memory/2740-279-0x0000000002360000-0x000000000237A000-memory.dmp	upx
behavioral1/memory/1664-280-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral1/memory/2740-283-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral1/memory/1664-298-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral1/memory/1688-299-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral1/memory/1688-312-0x00000000035A0000-0x00000000035BA000-memory.dmp	upx
behavioral1/memory/2400-313-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral1/memory/1688-316-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral1/memory/2400-329-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral1/memory/2028-330-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral1/memory/2860-345-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral1/memory/2028-347-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral1/memory/2860-363-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral1/memory/1972-361-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral1/memory/1972-372-0x0000000003D60000-0x0000000003D7A000-memory.dmp	upx
behavioral1/memory/1972-377-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral1/memory/2584-378-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral1/memory/2584-393-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral1/memory/2456-394-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral1/memory/1944-410-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral1/memory/2456-409-0x0000000000400000-0x000000000041A000-memory.dmp	upx
behavioral1/memory/2056-457-0x0000000000400000-0x000000000041A000-memory.dmp	upx

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\wnyymedj.exe	wtlv.exe
File opened for modification	C:\Windows\SysWOW64\wifgutiqc.exe	wgr.exe
File created	C:\Windows\SysWOW64\wpivmd.exe	wsww.exe
File created	C:\Windows\SysWOW64\whiqp.exe	wsrefww.exe
File opened for modification	C:\Windows\SysWOW64\wwxacxno.exe	wjvelk.exe
File opened for modification	C:\Windows\SysWOW64\wfqiedov.exe	wlopvvlu.exe
File created	C:\Windows\SysWOW64\wpinyqrkd.exe	wrvo.exe
File created	C:\Windows\SysWOW64\wxjtpoj.exe	wwwaqypt.exe
File opened for modification	C:\Windows\SysWOW64\wfpsn.exe	whneojkv.exe
File opened for modification	C:\Windows\SysWOW64\wqjk.exe	woqnm.exe
File created	C:\Windows\SysWOW64\wrvsew.exe	whste.exe
File opened for modification	C:\Windows\SysWOW64\wfjqkg.exe	wlrjibm.exe
File opened for modification	C:\Windows\SysWOW64\wjvelk.exe	wwdnrngu.exe
File created	C:\Windows\SysWOW64\wrutqgyl.exe	wxgr.exe
File created	C:\Windows\SysWOW64\wdu.exe	wvcy.exe
File opened for modification	C:\Windows\SysWOW64\wgr.exe	wrop.exe
File opened for modification	C:\Windows\SysWOW64\wmcgx.exe	wxjtpoj.exe
File created	C:\Windows\SysWOW64\wcctcsa.exe	wnyymedj.exe
File opened for modification	C:\Windows\SysWOW64\wemrxn.exe	wjkaoi.exe
File created	C:\Windows\SysWOW64\wxtpggm.exe	wech.exe
File created	C:\Windows\SysWOW64\wrnufdop.exe	wulhfhka.exe
File created	C:\Windows\SysWOW64\wureeuh.exe	wcec.exe
File created	C:\Windows\SysWOW64\wnyymedj.exe	wtlv.exe
File created	C:\Windows\SysWOW64\wxewclkd.exe	war.exe
File created	C:\Windows\SysWOW64\woqnm.exe	wpoyn.exe
File created	C:\Windows\SysWOW64\wfynucu.exe	wemrxn.exe
File opened for modification	C:\Windows\SysWOW64\wfynucu.exe	wemrxn.exe
File opened for modification	C:\Windows\SysWOW64\wob.exe	wtkiotgd.exe
File opened for modification	C:\Windows\SysWOW64\wrvo.exe	wcsrc.exe
File opened for modification	C:\Windows\SysWOW64\wxgr.exe	wiogsmbxy.exe
File opened for modification	C:\Windows\SysWOW64\wnwkmy.exe	wxewclkd.exe
File created	C:\Windows\SysWOW64\wdfkur.exe	wralu.exe
File opened for modification	C:\Windows\SysWOW64\wjlpg.exe	wwhqfg.exe
File created	C:\Windows\SysWOW64\wtpntff.exe	wbclgx.exe
File opened for modification	C:\Windows\SysWOW64\woeggle.exe	wvx.exe
File opened for modification	C:\Windows\SysWOW64\wulhfhka.exe	wsobb.exe
File created	C:\Windows\SysWOW64\wcjbkjb.exe	wisqiekf.exe
File opened for modification	C:\Windows\SysWOW64\wxxgelcxm.exe	wevpvg.exe
File opened for modification	C:\Windows\SysWOW64\wbclgx.exe	wpivmd.exe
File created	C:\Windows\SysWOW64\wehcxy.exe	woeggle.exe
File opened for modification	C:\Windows\SysWOW64\wdmtj.exe	wpinyqrkd.exe
File opened for modification	C:\Windows\SysWOW64\wlrjibm.exe	waaspg.exe
File created	C:\Windows\SysWOW64\whmdhb.exe	wsx.exe
File opened for modification	C:\Windows\SysWOW64\wkhyerrjy.exe	wtpntff.exe
File created	C:\Windows\SysWOW64\weba.exe	wux.exe
File created	C:\Windows\SysWOW64\wbclgx.exe	wpivmd.exe
File opened for modification	C:\Windows\SysWOW64\woeadf.exe	weba.exe
File created	C:\Windows\SysWOW64\wsww.exe	wdfkur.exe
File opened for modification	C:\Windows\SysWOW64\wdu.exe	wvcy.exe
File created	C:\Windows\SysWOW64\waoxkynli.exe	wthpou.exe
File opened for modification	C:\Windows\SysWOW64\waoxkynli.exe	wthpou.exe
File created	C:\Windows\SysWOW64\wjlpg.exe	wwhqfg.exe
File created	C:\Windows\SysWOW64\wgr.exe	wrop.exe
File opened for modification	C:\Windows\SysWOW64\wehcxy.exe	woeggle.exe
File created	C:\Windows\SysWOW64\wfpsn.exe	whneojkv.exe
File created	C:\Windows\SysWOW64\wwgn.exe	wxtpggm.exe
File created	C:\Windows\SysWOW64\wvx.exe	wkqarjc.exe
File created	C:\Windows\SysWOW64\whf.exe	wrnufdop.exe
File opened for modification	C:\Windows\SysWOW64\wlch.exe	wwxacxno.exe
File opened for modification	C:\Windows\SysWOW64\wjkaoi.exe	wxdtd.exe
File opened for modification	C:\Windows\SysWOW64\wrnufdop.exe	wulhfhka.exe
File opened for modification	C:\Windows\SysWOW64\wvx.exe	wkqarjc.exe
File opened for modification	C:\Windows\SysWOW64\wnagqr.exe	wqphk.exe
File opened for modification	C:\Windows\SysWOW64\wewp.exe	wfjqkg.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1928	2220	WerFault.exe	141

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 2220	1736	878bd11b714be8dc7fd95d26f4120450_NeikiAnalytics.exe	28
PID 1736 wrote to memory of 2220	1736	878bd11b714be8dc7fd95d26f4120450_NeikiAnalytics.exe	28
PID 1736 wrote to memory of 2220	1736	878bd11b714be8dc7fd95d26f4120450_NeikiAnalytics.exe	28
PID 1736 wrote to memory of 2220	1736	878bd11b714be8dc7fd95d26f4120450_NeikiAnalytics.exe	28
PID 1736 wrote to memory of 2364	1736	878bd11b714be8dc7fd95d26f4120450_NeikiAnalytics.exe	29
PID 1736 wrote to memory of 2364	1736	878bd11b714be8dc7fd95d26f4120450_NeikiAnalytics.exe	29
PID 1736 wrote to memory of 2364	1736	878bd11b714be8dc7fd95d26f4120450_NeikiAnalytics.exe	29
PID 1736 wrote to memory of 2364	1736	878bd11b714be8dc7fd95d26f4120450_NeikiAnalytics.exe	29
PID 2220 wrote to memory of 2800	2220	wux.exe	31
PID 2220 wrote to memory of 2800	2220	wux.exe	31
PID 2220 wrote to memory of 2800	2220	wux.exe	31
PID 2220 wrote to memory of 2800	2220	wux.exe	31
PID 2220 wrote to memory of 2484	2220	wux.exe	32
PID 2220 wrote to memory of 2484	2220	wux.exe	32
PID 2220 wrote to memory of 2484	2220	wux.exe	32
PID 2220 wrote to memory of 2484	2220	wux.exe	32
PID 2800 wrote to memory of 1704	2800	weba.exe	34
PID 2800 wrote to memory of 1704	2800	weba.exe	34
PID 2800 wrote to memory of 1704	2800	weba.exe	34
PID 2800 wrote to memory of 1704	2800	weba.exe	34
PID 2800 wrote to memory of 1204	2800	weba.exe	35
PID 2800 wrote to memory of 1204	2800	weba.exe	35
PID 2800 wrote to memory of 1204	2800	weba.exe	35
PID 2800 wrote to memory of 1204	2800	weba.exe	35
PID 1704 wrote to memory of 3060	1704	woeadf.exe	37
PID 1704 wrote to memory of 3060	1704	woeadf.exe	37
PID 1704 wrote to memory of 3060	1704	woeadf.exe	37
PID 1704 wrote to memory of 3060	1704	woeadf.exe	37
PID 1704 wrote to memory of 1652	1704	woeadf.exe	38
PID 1704 wrote to memory of 1652	1704	woeadf.exe	38
PID 1704 wrote to memory of 1652	1704	woeadf.exe	38
PID 1704 wrote to memory of 1652	1704	woeadf.exe	38
PID 3060 wrote to memory of 2076	3060	waiadbl.exe	40
PID 3060 wrote to memory of 2076	3060	waiadbl.exe	40
PID 3060 wrote to memory of 2076	3060	waiadbl.exe	40
PID 3060 wrote to memory of 2076	3060	waiadbl.exe	40
PID 3060 wrote to memory of 2232	3060	waiadbl.exe	41
PID 3060 wrote to memory of 2232	3060	waiadbl.exe	41
PID 3060 wrote to memory of 2232	3060	waiadbl.exe	41
PID 3060 wrote to memory of 2232	3060	waiadbl.exe	41
PID 2076 wrote to memory of 2236	2076	wkbov.exe	43
PID 2076 wrote to memory of 2236	2076	wkbov.exe	43
PID 2076 wrote to memory of 2236	2076	wkbov.exe	43
PID 2076 wrote to memory of 2236	2076	wkbov.exe	43
PID 2076 wrote to memory of 1304	2076	wkbov.exe	44
PID 2076 wrote to memory of 1304	2076	wkbov.exe	44
PID 2076 wrote to memory of 1304	2076	wkbov.exe	44
PID 2076 wrote to memory of 1304	2076	wkbov.exe	44
PID 2236 wrote to memory of 1620	2236	wech.exe	46
PID 2236 wrote to memory of 1620	2236	wech.exe	46
PID 2236 wrote to memory of 1620	2236	wech.exe	46
PID 2236 wrote to memory of 1620	2236	wech.exe	46
PID 2236 wrote to memory of 404	2236	wech.exe	47
PID 2236 wrote to memory of 404	2236	wech.exe	47
PID 2236 wrote to memory of 404	2236	wech.exe	47
PID 2236 wrote to memory of 404	2236	wech.exe	47
PID 1620 wrote to memory of 2840	1620	wxtpggm.exe	49
PID 1620 wrote to memory of 2840	1620	wxtpggm.exe	49
PID 1620 wrote to memory of 2840	1620	wxtpggm.exe	49
PID 1620 wrote to memory of 2840	1620	wxtpggm.exe	49
PID 1620 wrote to memory of 1596	1620	wxtpggm.exe	50
PID 1620 wrote to memory of 1596	1620	wxtpggm.exe	50
PID 1620 wrote to memory of 1596	1620	wxtpggm.exe	50
PID 1620 wrote to memory of 1596	1620	wxtpggm.exe	50

C:\Users\Admin\AppData\Local\Temp\878bd11b714be8dc7fd95d26f4120450_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\878bd11b714be8dc7fd95d26f4120450_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Windows\SysWOW64\wux.exe
  "C:\Windows\system32\wux.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:2220
- - C:\Windows\SysWOW64\weba.exe
    "C:\Windows\system32\weba.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in System32 directory
    - Suspicious use of WriteProcessMemory
    PID:2800
  - - C:\Windows\SysWOW64\woeadf.exe
      "C:\Windows\system32\woeadf.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:1704
    - - C:\Windows\SysWOW64\waiadbl.exe
        
        "C:\Windows\system32\waiadbl.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:3060
      - C:\Windows\SysWOW64\wkbov.exe
        
        "C:\Windows\system32\wkbov.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2076
        
        C:\Windows\SysWOW64\wech.exe
        
        "C:\Windows\system32\wech.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2236
        
        C:\Windows\SysWOW64\wxtpggm.exe
        
        "C:\Windows\system32\wxtpggm.exe"
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1620
        
        C:\Windows\SysWOW64\wwgn.exe
        
        "C:\Windows\system32\wwgn.exe"
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2840
        
        C:\Windows\SysWOW64\wljjeq.exe
        
        "C:\Windows\system32\wljjeq.exe"
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2540
        
        C:\Windows\SysWOW64\wvcy.exe
        
        "C:\Windows\system32\wvcy.exe"
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:2544
        
        C:\Windows\SysWOW64\wdu.exe
        
        "C:\Windows\system32\wdu.exe"
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1228
        
        C:\Windows\SysWOW64\wbwg.exe
        
        "C:\Windows\system32\wbwg.exe"
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2740
        
        C:\Windows\SysWOW64\wtkiotgd.exe
        
        "C:\Windows\system32\wtkiotgd.exe"
        14⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1664
        
        C:\Windows\SysWOW64\wob.exe
        
        "C:\Windows\system32\wob.exe"
        15⤵
        Executes dropped EXE
        
        PID:1688
        
        C:\Windows\SysWOW64\wlopvvlu.exe
        
        "C:\Windows\system32\wlopvvlu.exe"
        16⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2400
        
        C:\Windows\SysWOW64\wfqiedov.exe
        
        "C:\Windows\system32\wfqiedov.exe"
        17⤵
        Executes dropped EXE
        
        PID:2028
        
        C:\Windows\SysWOW64\wwhqfg.exe
        
        "C:\Windows\system32\wwhqfg.exe"
        18⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2860
        
        C:\Windows\SysWOW64\wjlpg.exe
        
        "C:\Windows\system32\wjlpg.exe"
        19⤵
        Executes dropped EXE
        
        PID:1972
        
        C:\Windows\SysWOW64\whmef.exe
        
        "C:\Windows\system32\whmef.exe"
        20⤵
        Executes dropped EXE
        
        PID:2584
        
        C:\Windows\SysWOW64\wsrefww.exe
        
        "C:\Windows\system32\wsrefww.exe"
        21⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2456
        
        C:\Windows\SysWOW64\whiqp.exe
        
        "C:\Windows\system32\whiqp.exe"
        22⤵
        Executes dropped EXE
        
        PID:1944
        
        C:\Windows\SysWOW64\wevpvg.exe
        
        "C:\Windows\system32\wevpvg.exe"
        23⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1652
        
        C:\Windows\SysWOW64\wxxgelcxm.exe
        
        "C:\Windows\system32\wxxgelcxm.exe"
        24⤵
        Executes dropped EXE
        
        PID:2056
        
        C:\Windows\SysWOW64\wrop.exe
        
        "C:\Windows\system32\wrop.exe"
        25⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2404
        
        C:\Windows\SysWOW64\wgr.exe
        
        "C:\Windows\system32\wgr.exe"
        26⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1508
        
        C:\Windows\SysWOW64\wifgutiqc.exe
        
        "C:\Windows\system32\wifgutiqc.exe"
        27⤵
        Executes dropped EXE
        
        PID:3056
        
        C:\Windows\SysWOW64\wkqarjc.exe
        
        "C:\Windows\system32\wkqarjc.exe"
        28⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2928
        
        C:\Windows\SysWOW64\wvx.exe
        
        "C:\Windows\system32\wvx.exe"
        29⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2516
        
        C:\Windows\SysWOW64\woeggle.exe
        
        "C:\Windows\system32\woeggle.exe"
        30⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:948
        
        C:\Windows\SysWOW64\wehcxy.exe
        
        "C:\Windows\system32\wehcxy.exe"
        31⤵
        Executes dropped EXE
        
        PID:1484
        
        C:\Windows\SysWOW64\wqphk.exe
        
        "C:\Windows\system32\wqphk.exe"
        32⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1184
        
        C:\Windows\SysWOW64\wnagqr.exe
        
        "C:\Windows\system32\wnagqr.exe"
        33⤵
        Executes dropped EXE
        
        PID:2228
        
        C:\Windows\SysWOW64\wcsrc.exe
        
        "C:\Windows\system32\wcsrc.exe"
        34⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:808
        
        C:\Windows\SysWOW64\wrvo.exe
        
        "C:\Windows\system32\wrvo.exe"
        35⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1104
        
        C:\Windows\SysWOW64\wpinyqrkd.exe
        
        "C:\Windows\system32\wpinyqrkd.exe"
        36⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2144
        
        C:\Windows\SysWOW64\wdmtj.exe
        
        "C:\Windows\system32\wdmtj.exe"
        37⤵
        Executes dropped EXE
        
        PID:844
        
        C:\Windows\SysWOW64\waaspg.exe
        
        "C:\Windows\system32\waaspg.exe"
        38⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2472
        
        C:\Windows\SysWOW64\wlrjibm.exe
        
        "C:\Windows\system32\wlrjibm.exe"
        39⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2220
        
        C:\Windows\SysWOW64\wfjqkg.exe
        
        "C:\Windows\system32\wfjqkg.exe"
        40⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2452
        
        C:\Windows\SysWOW64\wewp.exe
        
        "C:\Windows\system32\wewp.exe"
        41⤵
        Executes dropped EXE
        
        PID:1528
        
        C:\Windows\SysWOW64\wsobb.exe
        
        "C:\Windows\system32\wsobb.exe"
        42⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:764
        
        C:\Windows\SysWOW64\wulhfhka.exe
        
        "C:\Windows\system32\wulhfhka.exe"
        43⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:488
        
        C:\Windows\SysWOW64\wrnufdop.exe
        
        "C:\Windows\system32\wrnufdop.exe"
        44⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:904
        
        C:\Windows\SysWOW64\whf.exe
        
        "C:\Windows\system32\whf.exe"
        45⤵
        Executes dropped EXE
        
        PID:1868
        
        C:\Windows\SysWOW64\wsx.exe
        
        "C:\Windows\system32\wsx.exe"
        46⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2716
        
        C:\Windows\SysWOW64\whmdhb.exe
        
        "C:\Windows\system32\whmdhb.exe"
        47⤵
        Executes dropped EXE
        
        PID:2188
        
        C:\Windows\SysWOW64\wwdnrngu.exe
        
        "C:\Windows\system32\wwdnrngu.exe"
        48⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2024
        
        C:\Windows\SysWOW64\wjvelk.exe
        
        "C:\Windows\system32\wjvelk.exe"
        49⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2440
        
        C:\Windows\SysWOW64\wwxacxno.exe
        
        "C:\Windows\system32\wwxacxno.exe"
        50⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1532
        
        C:\Windows\SysWOW64\wlch.exe
        
        "C:\Windows\system32\wlch.exe"
        51⤵
        Executes dropped EXE
        
        PID:1108
        
        C:\Windows\SysWOW64\wiogsmbxy.exe
        
        "C:\Windows\system32\wiogsmbxy.exe"
        52⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1512
        
        C:\Windows\SysWOW64\wxgr.exe
        
        "C:\Windows\system32\wxgr.exe"
        53⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:356
        
        C:\Windows\SysWOW64\wrutqgyl.exe
        
        "C:\Windows\system32\wrutqgyl.exe"
        54⤵
        Executes dropped EXE
        
        PID:1320
        
        C:\Windows\SysWOW64\wthpou.exe
        
        "C:\Windows\system32\wthpou.exe"
        55⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2848
        
        C:\Windows\SysWOW64\waoxkynli.exe
        
        "C:\Windows\system32\waoxkynli.exe"
        56⤵
        Executes dropped EXE
        
        PID:2208
        
        C:\Windows\SysWOW64\wprtcmlv.exe
        
        "C:\Windows\system32\wprtcmlv.exe"
        57⤵
        Executes dropped EXE
        
        PID:2608
        
        C:\Windows\SysWOW64\witlkrl.exe
        
        "C:\Windows\system32\witlkrl.exe"
        58⤵
        Executes dropped EXE
        
        PID:1484
        
        C:\Windows\SysWOW64\wdstjxjb.exe
        
        "C:\Windows\system32\wdstjxjb.exe"
        59⤵
        Executes dropped EXE
        
        PID:540
        
        C:\Windows\SysWOW64\wxvkqcld.exe
        
        "C:\Windows\system32\wxvkqcld.exe"
        60⤵
        Executes dropped EXE
        
        PID:856
        
        C:\Windows\SysWOW64\wwwaqypt.exe
        
        "C:\Windows\system32\wwwaqypt.exe"
        61⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2412
        
        C:\Windows\SysWOW64\wxjtpoj.exe
        
        "C:\Windows\system32\wxjtpoj.exe"
        62⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1028
        
        C:\Windows\SysWOW64\wmcgx.exe
        
        "C:\Windows\system32\wmcgx.exe"
        63⤵
        Executes dropped EXE
        
        PID:2936
        
        C:\Windows\SysWOW64\wcec.exe
        
        "C:\Windows\system32\wcec.exe"
        64⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1960
        
        C:\Windows\SysWOW64\wureeuh.exe
        
        "C:\Windows\system32\wureeuh.exe"
        65⤵
        Executes dropped EXE
        
        PID:2632
        
        C:\Windows\SysWOW64\wfltyqpuu.exe
        
        "C:\Windows\system32\wfltyqpuu.exe"
        66⤵
        
        PID:2640
        
        C:\Windows\SysWOW64\wqciqn.exe
        
        "C:\Windows\system32\wqciqn.exe"
        67⤵
        
        PID:2676
        
        C:\Windows\SysWOW64\wtlv.exe
        
        "C:\Windows\system32\wtlv.exe"
        68⤵
        Drops file in System32 directory
        
        PID:1904
        
        C:\Windows\SysWOW64\wnyymedj.exe
        
        "C:\Windows\system32\wnyymedj.exe"
        69⤵
        Drops file in System32 directory
        
        PID:1184
        
        C:\Windows\SysWOW64\wcctcsa.exe
        
        "C:\Windows\system32\wcctcsa.exe"
        70⤵
        
        PID:2416
        
        C:\Windows\SysWOW64\war.exe
        
        "C:\Windows\system32\war.exe"
        71⤵
        Drops file in System32 directory
        
        PID:788
        
        C:\Windows\SysWOW64\wxewclkd.exe
        
        "C:\Windows\system32\wxewclkd.exe"
        72⤵
        Drops file in System32 directory
        
        PID:2852
        
        C:\Windows\SysWOW64\wnwkmy.exe
        
        "C:\Windows\system32\wnwkmy.exe"
        73⤵
        
        PID:888
        
        C:\Windows\SysWOW64\wdafdmun.exe
        
        "C:\Windows\system32\wdafdmun.exe"
        74⤵
        
        PID:2928
        
        C:\Windows\SysWOW64\wvdwlrwm.exe
        
        "C:\Windows\system32\wvdwlrwm.exe"
        75⤵
        
        PID:2756
        
        C:\Windows\SysWOW64\wletdgs.exe
        
        "C:\Windows\system32\wletdgs.exe"
        76⤵
        
        PID:1572
        
        C:\Windows\SysWOW64\wisqiekf.exe
        
        "C:\Windows\system32\wisqiekf.exe"
        77⤵
        Drops file in System32 directory
        
        PID:2256
        
        C:\Windows\SysWOW64\wcjbkjb.exe
        
        "C:\Windows\system32\wcjbkjb.exe"
        78⤵
        
        PID:2292
        
        C:\Windows\SysWOW64\wralu.exe
        
        "C:\Windows\system32\wralu.exe"
        79⤵
        Drops file in System32 directory
        
        PID:1072
        
        C:\Windows\SysWOW64\wdfkur.exe
        
        "C:\Windows\system32\wdfkur.exe"
        80⤵
        Drops file in System32 directory
        
        PID:1816
        
        C:\Windows\SysWOW64\wsww.exe
        
        "C:\Windows\system32\wsww.exe"
        81⤵
        Drops file in System32 directory
        
        PID:2124
        
        C:\Windows\SysWOW64\wpivmd.exe
        
        "C:\Windows\system32\wpivmd.exe"
        82⤵
        Drops file in System32 directory
        
        PID:1868
        
        C:\Windows\SysWOW64\wbclgx.exe
        
        "C:\Windows\system32\wbclgx.exe"
        83⤵
        Drops file in System32 directory
        
        PID:108
        
        C:\Windows\SysWOW64\wtpntff.exe
        
        "C:\Windows\system32\wtpntff.exe"
        84⤵
        Drops file in System32 directory
        
        PID:2496
        
        C:\Windows\SysWOW64\wkhyerrjy.exe
        
        "C:\Windows\system32\wkhyerrjy.exe"
        85⤵
        
        PID:2636
        
        C:\Windows\SysWOW64\wxykof.exe
        
        "C:\Windows\system32\wxykof.exe"
        86⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\wpoyn.exe
        
        "C:\Windows\system32\wpoyn.exe"
        87⤵
        Drops file in System32 directory
        
        PID:2676
        
        C:\Windows\SysWOW64\woqnm.exe
        
        "C:\Windows\system32\woqnm.exe"
        88⤵
        Drops file in System32 directory
        
        PID:1664
        
        C:\Windows\SysWOW64\wqjk.exe
        
        "C:\Windows\system32\wqjk.exe"
        89⤵
        
        PID:2732
        
        C:\Windows\SysWOW64\wjncgydq.exe
        
        "C:\Windows\system32\wjncgydq.exe"
        90⤵
        
        PID:1788
        
        C:\Windows\SysWOW64\wrfvieik.exe
        
        "C:\Windows\system32\wrfvieik.exe"
        91⤵
        
        PID:2380
        
        C:\Windows\SysWOW64\wkinqjk.exe
        
        "C:\Windows\system32\wkinqjk.exe"
        92⤵
        
        PID:2052
        
        C:\Windows\SysWOW64\wvpseej.exe
        
        "C:\Windows\system32\wvpseej.exe"
        93⤵
        
        PID:2148
        
        C:\Windows\SysWOW64\whste.exe
        
        "C:\Windows\system32\whste.exe"
        94⤵
        Drops file in System32 directory
        
        PID:1996
        
        C:\Windows\SysWOW64\wrvsew.exe
        
        "C:\Windows\system32\wrvsew.exe"
        95⤵
        
        PID:2680
        
        C:\Windows\SysWOW64\whneojkv.exe
        
        "C:\Windows\system32\whneojkv.exe"
        96⤵
        Drops file in System32 directory
        
        PID:1216
        
        C:\Windows\SysWOW64\wfpsn.exe
        
        "C:\Windows\system32\wfpsn.exe"
        97⤵
        
        PID:1428
        
        C:\Windows\SysWOW64\wxdtd.exe
        
        "C:\Windows\system32\wxdtd.exe"
        98⤵
        Drops file in System32 directory
        
        PID:1444
        
        C:\Windows\SysWOW64\wjkaoi.exe
        
        "C:\Windows\system32\wjkaoi.exe"
        99⤵
        Drops file in System32 directory
        
        PID:1492
        
        C:\Windows\SysWOW64\wemrxn.exe
        
        "C:\Windows\system32\wemrxn.exe"
        100⤵
        Drops file in System32 directory
        
        PID:2796
        
        C:\Windows\SysWOW64\wfynucu.exe
        
        "C:\Windows\system32\wfynucu.exe"
        101⤵
        
        PID:1508
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wemrxn.exe"
        101⤵
        
        PID:2652
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjkaoi.exe"
        100⤵
        
        PID:2952
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxdtd.exe"
        99⤵
        
        PID:2376
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfpsn.exe"
        98⤵
        
        PID:1324
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whneojkv.exe"
        97⤵
        
        PID:2692
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrvsew.exe"
        96⤵
        
        PID:2024
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whste.exe"
        95⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvpseej.exe"
        94⤵
        
        PID:2524
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkinqjk.exe"
        93⤵
        
        PID:896
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrfvieik.exe"
        92⤵
        
        PID:1884
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjncgydq.exe"
        91⤵
        
        PID:1716
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqjk.exe"
        90⤵
        
        PID:488
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\woqnm.exe"
        89⤵
        
        PID:1712
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpoyn.exe"
        88⤵
        
        PID:632
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxykof.exe"
        87⤵
        
        PID:2440
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkhyerrjy.exe"
        86⤵
        
        PID:112
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtpntff.exe"
        85⤵
        
        PID:1160
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbclgx.exe"
        84⤵
        
        PID:2764
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpivmd.exe"
        83⤵
        
        PID:2288
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wsww.exe"
        82⤵
        
        PID:2316
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdfkur.exe"
        81⤵
        
        PID:1564
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wralu.exe"
        80⤵
        
        PID:1788
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wcjbkjb.exe"
        79⤵
        
        PID:1644
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wisqiekf.exe"
        78⤵
        
        PID:796
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wletdgs.exe"
        77⤵
        
        PID:2260
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvdwlrwm.exe"
        76⤵
        
        PID:1804
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdafdmun.exe"
        75⤵
        
        PID:2012
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnwkmy.exe"
        74⤵
        
        PID:1924
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxewclkd.exe"
        73⤵
        
        PID:2980
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\war.exe"
        72⤵
        
        PID:960
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wcctcsa.exe"
        71⤵
        
        PID:2412
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnyymedj.exe"
        70⤵
        
        PID:856
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtlv.exe"
        69⤵
        
        PID:2296
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqciqn.exe"
        68⤵
        
        PID:2192
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfltyqpuu.exe"
        67⤵
        
        PID:2552
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wureeuh.exe"
        66⤵
        
        PID:1668
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wcec.exe"
        65⤵
        
        PID:844
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wmcgx.exe"
        64⤵
        
        PID:1508
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxjtpoj.exe"
        63⤵
        
        PID:2040
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwwaqypt.exe"
        62⤵
        
        PID:1040
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxvkqcld.exe"
        61⤵
        
        PID:728
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdstjxjb.exe"
        60⤵
        
        PID:1756
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\witlkrl.exe"
        59⤵
        
        PID:2112
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wprtcmlv.exe"
        58⤵
        
        PID:2568
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\waoxkynli.exe"
        57⤵
        
        PID:2888
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wthpou.exe"
        56⤵
        
        PID:1448
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrutqgyl.exe"
        55⤵
        
        PID:1064
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxgr.exe"
        54⤵
        
        PID:944
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wiogsmbxy.exe"
        53⤵
        
        PID:2832
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlch.exe"
        52⤵
        
        PID:1172
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwxacxno.exe"
        51⤵
        
        PID:2088
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjvelk.exe"
        50⤵
        
        PID:2264
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwdnrngu.exe"
        49⤵
        
        PID:2508
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whmdhb.exe"
        48⤵
        
        PID:2484
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wsx.exe"
        47⤵
        
        PID:1448
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whf.exe"
        46⤵
        
        PID:2212
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrnufdop.exe"
        45⤵
        
        PID:1036
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wulhfhka.exe"
        44⤵
        
        PID:808
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wsobb.exe"
        43⤵
        
        PID:1428
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wewp.exe"
        42⤵
        
        PID:2732
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfjqkg.exe"
        41⤵
        
        PID:2504
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlrjibm.exe"
        40⤵
        
        PID:2968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 820
        40⤵
        Program crash
        
        PID:1928
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\waaspg.exe"
        39⤵
        
        PID:2308
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdmtj.exe"
        38⤵
        
        PID:2176
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpinyqrkd.exe"
        37⤵
        
        PID:2316
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrvo.exe"
        36⤵
        
        PID:960
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wcsrc.exe"
        35⤵
        
        PID:1028
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnagqr.exe"
        34⤵
        
        PID:1316
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wqphk.exe"
        33⤵
        
        PID:2528
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wehcxy.exe"
        32⤵
        
        PID:1204
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\woeggle.exe"
        31⤵
        
        PID:2508
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvx.exe"
        30⤵
        
        PID:2168
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkqarjc.exe"
        29⤵
        
        PID:2580
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wifgutiqc.exe"
        28⤵
        
        PID:1064
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgr.exe"
        27⤵
        
        PID:2848
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrop.exe"
        26⤵
        
        PID:2236
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxxgelcxm.exe"
        25⤵
        
        PID:1296
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wevpvg.exe"
        24⤵
        
        PID:544
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whiqp.exe"
        23⤵
        
        PID:2520
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wsrefww.exe"
        22⤵
        
        PID:2768
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whmef.exe"
        21⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjlpg.exe"
        20⤵
        
        PID:2780
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwhqfg.exe"
        19⤵
        
        PID:2516
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfqiedov.exe"
        18⤵
        
        PID:1620
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlopvvlu.exe"
        17⤵
        
        PID:3056
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wob.exe"
        16⤵
        
        PID:1508
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtkiotgd.exe"
        15⤵
        
        PID:632
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbwg.exe"
        14⤵
        
        PID:668
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdu.exe"
        13⤵
        
        PID:1612
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvcy.exe"
        12⤵
        
        PID:2508
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wljjeq.exe"
        11⤵
        
        PID:2712
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wwgn.exe"
        10⤵
        
        PID:2632
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxtpggm.exe"
        9⤵
        
        PID:1596
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wech.exe"
        8⤵
        
        PID:404
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkbov.exe"
        7⤵
        
        PID:1304
      - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\waiadbl.exe"
        6⤵
        
        PID:2232
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\woeadf.exe"
        5⤵
        
        PID:1652
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\weba.exe"
      4⤵
      PID:1204
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wux.exe"
    3⤵
    PID:2484
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c del "C:\Users\Admin\AppData\Local\Temp\878bd11b714be8dc7fd95d26f4120450_NeikiAnalytics.exe"
  2⤵
  - Deletes itself
  PID:2364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\WZ11Y3N7.txt

Filesize
97B

MD5
79bbd0cbfd9340a0ed40730808833b85

SHA1
4abb39052558cad3358bd85b29bc207e01bf2b40

SHA256
027fe6f9f326e4b9a7f8740767af56e210ff404f224c5374ac0103fa77bfbb0d

SHA512
f9df2f657041c6431ad5a9ae2e92d397456dd215135c4970edd294677e5a9d090961de5a450b9afe7209937f15f96de278f9f016fbe536190bf8eecc10df0fef

Download Submit
C:\Windows\SysWOW64\wkbov.exe

Filesize
41KB

MD5
6acc4da065c256c5ff4eb179ff440c0e

SHA1
1980e54064611e5a513ae93d6137c8981ab92c99

SHA256
2ffc9fbaf8e4c3fd7862488e1446297cddf4eb4f43a4ba0ee93b083436169474

SHA512
bb4682d50e0ee55f171aac3d23da36c544fc92a9f265def002004f7ce30881d3236550d5ed1a6bcce0a49d0dabfb08e75e73c4ad93bfea637fcbb98e1c1450bd

Download Submit
\Windows\SysWOW64\waiadbl.exe

Filesize
41KB

MD5
d7ce02d8b53b1334634d9d3b59044431

SHA1
94c2879074d3356628737b1558f018b49cc7497c

SHA256
b6f3a7cce5c77541340a7d99956355d2be549603cbb246392bc3bdfd40e6d55b

SHA512
e8525433c0f93d8ba53fe7bebaf1bff7b4f9b5c0b5e7e7f3295f7ef89404f5ab992c3ea41769721b47e5b0cd0c9886bd463edfa5a7004a8574654b82c7836b12

Download Submit
\Windows\SysWOW64\weba.exe

Filesize
41KB

MD5
40ee6921e89b691fd5ec3013a3f210ed

SHA1
134e77c4eeb7b74798016a6e0aeae3d209991688

SHA256
100587424e7dc47f1ac03cb25c9a0909c4b914fc821778e4f43887cf544b23d2

SHA512
476eac52cfc0d6984d8a49fe8168b83d41e9acb57032881bb9bc90c5d0488e020e795cfc4e602603a3f330aa98a168525945d4a4b2ea6e898a9b3332124e9608

Download Submit
\Windows\SysWOW64\wech.exe

Filesize
41KB

MD5
f95a332be49393949340fac4d2f830f9

SHA1
57a771bdb68529ff06042c1012da36c956d9d217

SHA256
20f8c9c0506ba4ed6b1e554a41d407351e3718e3c3fa0eb80bb4907d436026ec

SHA512
1a21bbba09eb5bb18383a3620c5a6f456c6774a33c9d86cd9daae8da6da3650154bd2b6ad1637c1aaa877a1a0e2fca5763c93edf067415ffdbc97c202ae40b70

Download Submit
\Windows\SysWOW64\wljjeq.exe

Filesize
41KB

MD5
91b7ea442d3ea28dfeee15dd327ab46b

SHA1
9f4dc7b778f65b81922db40efdcf82a6ea92ee0e

SHA256
d2f69625207db5b6f7c7632ee323240f686c1eea81607b882cd0cdd1258a1f8c

SHA512
179a0bff88049968b40e98dc00e330689ff6361aecf8f9ab151ff1142e0213b3c7cec1ba4108cb384baee44d11d8c501d177992b600d9d0d18d060f598c4285a

Download Submit
\Windows\SysWOW64\woeadf.exe

Filesize
41KB

MD5
4f2b635b537ac5815ed5fb731b1c7171

SHA1
08b020cc108df363331be247cca32d93a068cd10

SHA256
4e7ee942f1dc82a2a8679178052c04d95dc8fe60540f313c76b8ad414f8d144b

SHA512
87a2ca1233c1e27a065b68d71e773b952b9cba05488c0474c270d7ca623c105f14d71278babcb7d203277191879f5ca6b9927813328a6584d17f853276d2c908

Download Submit
\Windows\SysWOW64\wux.exe

Filesize
41KB

MD5
569080212bb73dc87850cca6aef0d7bc

SHA1
38ab1f2ddb58b143af6e75af4b3dfb8d20249815

SHA256
4c04a04a95eee83b105bb79ec078b72369f566ef2747078694ac19b52297728d

SHA512
c8aeb8d346b4bca9924f0657753294d7f58288cfc361bf493a4b94ab03b692438b4592d9e6d561141199cab048a34b8460b4f5116a70cf4976d0ffeae8f2a5d7

Download Submit
\Windows\SysWOW64\wvcy.exe

Filesize
41KB

MD5
cd944066d0790e7db115b04b596df1a2

SHA1
8ad9db3dc0396abd52657faeccd5e572ae11bff0

SHA256
2d8c78a1f5325ef24fbda0d600a337286ab7908bbc0424088462b1492805f16d

SHA512
5c8d18ad9dae492f2abfcd9154c5679ca00aea64491543635534f963ed7c36fb011f8ec6204504b27494f011943738527840406df9158d000d8115c5df0147d0

Download Submit
\Windows\SysWOW64\wwgn.exe

Filesize
41KB

MD5
622b0e45fd74f1bcaa7d5396d2b596a2

SHA1
24da55b5bcd4387122c265caccc346f69ab9214b

SHA256
4a4e86f162853bcdc96c11a58cb13886ea6b1e02e23009237e13023dbb873529

SHA512
0841ff9089b3352d2b1534afc66a4a54de181d40322ef2c9e8e1177e4249a0ba13f801f0d60ceec8279bb88ce66ba488ae2bbb981837058e4a4141ed62ff68fc

Download Submit
\Windows\SysWOW64\wxtpggm.exe

Filesize
41KB

MD5
51abc0c2206d5350a34c2280c07667f0

SHA1
bc24251155accc508ba6edf479a85412e8b7681b

SHA256
f8cae99a9f517a749d164682ee01bb4cda59adf4102edde7d77c12328ea66a51

SHA512
ecbb033505c3d519f9401ab52c39810f6d2720cd6e3a2648d57e01976152cb6a43e467b200821803915b99900614ac3afc6372279dc30b1c651d78a933679aca

Download Submit
memory/1228-264-0x0000000003EE0000-0x0000000003EEB000-memory.dmp

Filesize
44KB

Download
memory/1228-259-0x0000000003ED0000-0x0000000003EEA000-memory.dmp

Filesize
104KB

Download
memory/1228-246-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1228-266-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1228-260-0x0000000003ED0000-0x0000000003EEA000-memory.dmp

Filesize
104KB

Download
memory/1508-489-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1620-186-0x0000000004120000-0x000000000413A000-memory.dmp

Filesize
104KB

Download
memory/1620-190-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1620-185-0x0000000004020000-0x000000000403A000-memory.dmp

Filesize
104KB

Download
memory/1620-184-0x0000000004020000-0x000000000403A000-memory.dmp

Filesize
104KB

Download
memory/1664-296-0x0000000004020000-0x000000000403A000-memory.dmp

Filesize
104KB

Download
memory/1664-298-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1664-295-0x0000000004020000-0x000000000403A000-memory.dmp

Filesize
104KB

Download
memory/1664-280-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1688-299-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1688-311-0x00000000035A0000-0x00000000035BA000-memory.dmp

Filesize
104KB

Download
memory/1688-312-0x00000000035A0000-0x00000000035BA000-memory.dmp

Filesize
104KB

Download
memory/1688-316-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1688-314-0x0000000003B60000-0x0000000003B6B000-memory.dmp

Filesize
44KB

Download
memory/1704-94-0x0000000003360000-0x000000000337A000-memory.dmp

Filesize
104KB

Download
memory/1704-99-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1704-74-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1704-95-0x0000000003360000-0x000000000337A000-memory.dmp

Filesize
104KB

Download
memory/1736-0-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1736-6-0x00000000035D0000-0x00000000035EA000-memory.dmp

Filesize
104KB

Download
memory/1736-18-0x0000000004180000-0x000000000419A000-memory.dmp

Filesize
104KB

Download
memory/1736-19-0x0000000004180000-0x000000000419A000-memory.dmp

Filesize
104KB

Download
memory/1736-25-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1736-23-0x00000000035E0000-0x00000000035EB000-memory.dmp

Filesize
44KB

Download
memory/1944-410-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1944-423-0x0000000003170000-0x000000000318A000-memory.dmp

Filesize
104KB

Download
memory/1972-372-0x0000000003D60000-0x0000000003D7A000-memory.dmp

Filesize
104KB

Download
memory/1972-377-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1972-361-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2028-347-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2028-330-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2028-342-0x0000000000580000-0x000000000059A000-memory.dmp

Filesize
104KB

Download
memory/2028-346-0x0000000000580000-0x000000000058B000-memory.dmp

Filesize
44KB

Download
memory/2028-344-0x0000000000580000-0x000000000059A000-memory.dmp

Filesize
104KB

Download
memory/2056-457-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2076-142-0x00000000035A0000-0x00000000035AB000-memory.dmp

Filesize
44KB

Download
memory/2076-144-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2076-138-0x0000000003880000-0x000000000389A000-memory.dmp

Filesize
104KB

Download
memory/2076-121-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2220-45-0x0000000003E30000-0x0000000003E4A000-memory.dmp

Filesize
104KB

Download
memory/2220-44-0x0000000003E30000-0x0000000003E4A000-memory.dmp

Filesize
104KB

Download
memory/2220-42-0x0000000003E30000-0x0000000003E4A000-memory.dmp

Filesize
104KB

Download
memory/2220-52-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2220-43-0x0000000003E30000-0x0000000003E4A000-memory.dmp

Filesize
104KB

Download
memory/2220-21-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2220-49-0x0000000003E30000-0x0000000003E3B000-memory.dmp

Filesize
44KB

Download
memory/2236-166-0x0000000003130000-0x000000000313B000-memory.dmp

Filesize
44KB

Download
memory/2236-168-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2236-156-0x0000000003440000-0x000000000345A000-memory.dmp

Filesize
104KB

Download
memory/2236-141-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2236-160-0x0000000003440000-0x000000000345A000-memory.dmp

Filesize
104KB

Download
memory/2400-329-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2400-313-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2456-394-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2456-408-0x0000000003350000-0x000000000336A000-memory.dmp

Filesize
104KB

Download
memory/2456-407-0x0000000003350000-0x000000000336A000-memory.dmp

Filesize
104KB

Download
memory/2456-406-0x0000000003350000-0x000000000336A000-memory.dmp

Filesize
104KB

Download
memory/2456-409-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2456-411-0x0000000001F20000-0x0000000001F2B000-memory.dmp

Filesize
44KB

Download
memory/2540-228-0x0000000002300000-0x000000000231A000-memory.dmp

Filesize
104KB

Download
memory/2540-231-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2540-226-0x0000000002230000-0x000000000224A000-memory.dmp

Filesize
104KB

Download
memory/2540-229-0x0000000002300000-0x000000000231A000-memory.dmp

Filesize
104KB

Download
memory/2540-227-0x0000000002230000-0x000000000224A000-memory.dmp

Filesize
104KB

Download
memory/2544-232-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2544-249-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2544-245-0x0000000003630000-0x000000000364A000-memory.dmp

Filesize
104KB

Download
memory/2544-244-0x0000000003630000-0x000000000364A000-memory.dmp

Filesize
104KB

Download
memory/2544-247-0x0000000003630000-0x000000000363B000-memory.dmp

Filesize
44KB

Download
memory/2584-378-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2584-393-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2584-387-0x0000000003530000-0x000000000354A000-memory.dmp

Filesize
104KB

Download
memory/2584-388-0x0000000003530000-0x000000000354A000-memory.dmp

Filesize
104KB

Download
memory/2740-279-0x0000000002360000-0x000000000237A000-memory.dmp

Filesize
104KB

Download
memory/2740-281-0x0000000000710000-0x000000000071B000-memory.dmp

Filesize
44KB

Download
memory/2740-263-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2740-278-0x0000000000700000-0x000000000071A000-memory.dmp

Filesize
104KB

Download
memory/2740-283-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2800-70-0x0000000003440000-0x000000000345A000-memory.dmp

Filesize
104KB

Download
memory/2800-71-0x0000000003440000-0x000000000345A000-memory.dmp

Filesize
104KB

Download
memory/2800-72-0x0000000003440000-0x000000000345A000-memory.dmp

Filesize
104KB

Download
memory/2800-73-0x0000000003440000-0x000000000345A000-memory.dmp

Filesize
104KB

Download
memory/2800-75-0x0000000003440000-0x000000000344B000-memory.dmp

Filesize
44KB

Download
memory/2800-48-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2800-77-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2840-205-0x0000000001E90000-0x0000000001EAA000-memory.dmp

Filesize
104KB

Download
memory/2840-212-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2840-208-0x0000000001E90000-0x0000000001EAA000-memory.dmp

Filesize
104KB

Download
memory/2860-356-0x0000000003250000-0x000000000326A000-memory.dmp

Filesize
104KB

Download
memory/2860-360-0x0000000003260000-0x000000000327A000-memory.dmp

Filesize
104KB

Download
memory/2860-363-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2860-345-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/3060-119-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/3060-120-0x0000000004020000-0x000000000403A000-memory.dmp

Filesize
104KB

Download