62bf42b5350c08db60103ba2bab6cb5cbee74b40c95d3742cd2e346451cd5179

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
31-05-2024 06:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7b9b659a8deb0d70fbfc120326766e30_NeikiAnalytics.exe
Size

316KB
MD5

7b9b659a8deb0d70fbfc120326766e30
SHA1

929def45e95b47b710f57fa2a62d46df191a83e3
SHA256

62bf42b5350c08db60103ba2bab6cb5cbee74b40c95d3742cd2e346451cd5179
SHA512

b6b77da2d81e0543e86086b75f8051dc6452c02e31bfc81dd3b819e6d0436edaed9d73362c81b2dfa390b3335180d81c1f3a7281547587af04070c5ae2a0bf82
SSDEEP

3072:mYUb5QoJ4g+LsP9iGqT8ZjKIz1ZdW4SrOLVSVpe1GhpSBfm4:mY699qT8hKSZI4zLVSVpe1GvOfV

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2724	cmd.exe

Executes dropped EXE 56 IoCs

pid	Process
2580	wkngrt.exe
2452	woe.exe
2424	wrdrau.exe
2376	wjvau.exe
2872	whgnq.exe
300	wgp.exe
2992	wnjqamqoj.exe
688	wsiqh.exe
876	wdb.exe
2744	wxnspilfq.exe
2712	wbweevcba.exe
1876	wrec.exe
1532	wpgmbl.exe
2148	wpjxk.exe
1196	wvkd.exe
2236	woprtc.exe
1516	wsravudkd.exe
924	wuiw.exe
3060	wxvpwdr.exe
2604	weohyhv.exe
2668	wvxnnp.exe
2756	wdwimw.exe
2968	wdvkhb.exe
1104	wpw.exe
1332	wiqkab.exe
2944	wyjttr.exe
2760	wotyjapk.exe
2448	wttl.exe
2060	wldqdf.exe
1872	wowris.exe
2880	wgkmo.exe
2736	wvnkto.exe
288	wtqll.exe
644	wfuhvocd.exe
1276	wnj.exe
1940	wbpeyf.exe
2528	wtxptpb.exe
2604	wspfuwjrd.exe
2852	wnpfwp.exe
1488	wthmis.exe
2552	wjirs.exe
2204	wbvfcej.exe
2228	wbclgx.exe
3056	wikqkg.exe
2860	wkihhypj.exe
2592	wpcxt.exe
2280	whuhn.exe
2140	wbnlbd.exe
2444	wrbfednhh.exe
2820	wulprsce.exe
1788	wcgedah.exe
1916	wvafbcv.exe
1676	wlnyg.exe
1684	whfeqj.exe
2708	wouhnbn.exe
2860	wtywpj.exe

Loads dropped DLL 64 IoCs

pid	Process
1632	7b9b659a8deb0d70fbfc120326766e30_NeikiAnalytics.exe
1632	7b9b659a8deb0d70fbfc120326766e30_NeikiAnalytics.exe
1632	7b9b659a8deb0d70fbfc120326766e30_NeikiAnalytics.exe
1632	7b9b659a8deb0d70fbfc120326766e30_NeikiAnalytics.exe
2580	wkngrt.exe
2580	wkngrt.exe
2580	wkngrt.exe
2580	wkngrt.exe
2452	woe.exe
2452	woe.exe
2452	woe.exe
2452	woe.exe
2424	wrdrau.exe
2424	wrdrau.exe
2424	wrdrau.exe
2424	wrdrau.exe
2376	wjvau.exe
2376	wjvau.exe
2376	wjvau.exe
2376	wjvau.exe
2872	whgnq.exe
2872	whgnq.exe
2872	whgnq.exe
2872	whgnq.exe
300	wgp.exe
300	wgp.exe
300	wgp.exe
300	wgp.exe
2992	wnjqamqoj.exe
2992	wnjqamqoj.exe
2992	wnjqamqoj.exe
2992	wnjqamqoj.exe
688	wsiqh.exe
688	wsiqh.exe
688	wsiqh.exe
688	wsiqh.exe
876	wdb.exe
876	wdb.exe
876	wdb.exe
876	wdb.exe
2744	wxnspilfq.exe
2744	wxnspilfq.exe
2744	wxnspilfq.exe
2744	wxnspilfq.exe
2712	wbweevcba.exe
2712	wbweevcba.exe
2712	wbweevcba.exe
2712	wbweevcba.exe
1876	wrec.exe
1876	wrec.exe
1876	wrec.exe
1876	wrec.exe
1532	wpgmbl.exe
1532	wpgmbl.exe
1532	wpgmbl.exe
1532	wpgmbl.exe
2148	wpjxk.exe
2148	wpjxk.exe
2148	wpjxk.exe
2148	wpjxk.exe
1196	wvkd.exe
1196	wvkd.exe
1196	wvkd.exe
1196	wvkd.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\wgkmo.exe	wowris.exe
File opened for modification	C:\Windows\SysWOW64\whgnq.exe	wjvau.exe
File created	C:\Windows\SysWOW64\wnjqamqoj.exe	wgp.exe
File opened for modification	C:\Windows\SysWOW64\wttl.exe	wotyjapk.exe
File created	C:\Windows\SysWOW64\wouhnbn.exe	whfeqj.exe
File opened for modification	C:\Windows\SysWOW64\wkngrt.exe	7b9b659a8deb0d70fbfc120326766e30_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\wpgmbl.exe	wrec.exe
File opened for modification	C:\Windows\SysWOW64\wowris.exe	wldqdf.exe
File created	C:\Windows\SysWOW64\wbpeyf.exe	wnj.exe
File opened for modification	C:\Windows\SysWOW64\wbvfcej.exe	wjirs.exe
File opened for modification	C:\Windows\SysWOW64\wbclgx.exe	wbvfcej.exe
File opened for modification	C:\Windows\SysWOW64\wotyjapk.exe	wyjttr.exe
File created	C:\Windows\SysWOW64\wnj.exe	wfuhvocd.exe
File opened for modification	C:\Windows\SysWOW64\wrbfednhh.exe	wbnlbd.exe
File created	C:\Windows\SysWOW64\wcgedah.exe	wulprsce.exe
File opened for modification	C:\Windows\SysWOW64\wgp.exe	whgnq.exe
File opened for modification	C:\Windows\SysWOW64\wiqkab.exe	wpw.exe
File opened for modification	C:\Windows\SysWOW64\wcgedah.exe	wulprsce.exe
File created	C:\Windows\SysWOW64\whuhn.exe	wpcxt.exe
File created	C:\Windows\SysWOW64\woe.exe	wkngrt.exe
File opened for modification	C:\Windows\SysWOW64\wdb.exe	wsiqh.exe
File opened for modification	C:\Windows\SysWOW64\wspfuwjrd.exe	wtxptpb.exe
File created	C:\Windows\SysWOW64\wkihhypj.exe	wikqkg.exe
File created	C:\Windows\SysWOW64\wpcxt.exe	wkihhypj.exe
File created	C:\Windows\SysWOW64\wvafbcv.exe	wcgedah.exe
File opened for modification	C:\Windows\SysWOW64\whfeqj.exe	wlnyg.exe
File created	C:\Windows\SysWOW64\wxnspilfq.exe	wdb.exe
File opened for modification	C:\Windows\SysWOW64\wbweevcba.exe	wxnspilfq.exe
File opened for modification	C:\Windows\SysWOW64\wsravudkd.exe	woprtc.exe
File opened for modification	C:\Windows\SysWOW64\wkihhypj.exe	wikqkg.exe
File created	C:\Windows\SysWOW64\whgnq.exe	wjvau.exe
File opened for modification	C:\Windows\SysWOW64\wdwimw.exe	wvxnnp.exe
File created	C:\Windows\SysWOW64\wldqdf.exe	wttl.exe
File opened for modification	C:\Windows\SysWOW64\woe.exe	wkngrt.exe
File opened for modification	C:\Windows\SysWOW64\wrdrau.exe	woe.exe
File opened for modification	C:\Windows\SysWOW64\wrec.exe	wbweevcba.exe
File created	C:\Windows\SysWOW64\weohyhv.exe	wxvpwdr.exe
File opened for modification	C:\Windows\SysWOW64\wulprsce.exe	wrbfednhh.exe
File created	C:\Windows\SysWOW64\wehxkhab.exe	wtywpj.exe
File created	C:\Windows\SysWOW64\wsravudkd.exe	woprtc.exe
File opened for modification	C:\Windows\SysWOW64\wtqll.exe	wvnkto.exe
File created	C:\Windows\SysWOW64\wnpfwp.exe	wspfuwjrd.exe
File opened for modification	C:\Windows\SysWOW64\wtywpj.exe	wouhnbn.exe
File created	C:\Windows\SysWOW64\wtxptpb.exe	wbpeyf.exe
File created	C:\Windows\SysWOW64\wdwimw.exe	wvxnnp.exe
File opened for modification	C:\Windows\SysWOW64\wdvkhb.exe	wdwimw.exe
File created	C:\Windows\SysWOW64\wiqkab.exe	wpw.exe
File created	C:\Windows\SysWOW64\wotyjapk.exe	wyjttr.exe
File created	C:\Windows\SysWOW64\wvkd.exe	wpjxk.exe
File created	C:\Windows\SysWOW64\wyjttr.exe	wiqkab.exe
File opened for modification	C:\Windows\SysWOW64\wfuhvocd.exe	wtqll.exe
File opened for modification	C:\Windows\SysWOW64\wvnkto.exe	wgkmo.exe
File opened for modification	C:\Windows\SysWOW64\whuhn.exe	wpcxt.exe
File created	C:\Windows\SysWOW64\wjvau.exe	wrdrau.exe
File created	C:\Windows\SysWOW64\wsiqh.exe	wnjqamqoj.exe
File opened for modification	C:\Windows\SysWOW64\wxnspilfq.exe	wdb.exe
File opened for modification	C:\Windows\SysWOW64\wxvpwdr.exe	wuiw.exe
File created	C:\Windows\SysWOW64\wbnlbd.exe	whuhn.exe
File created	C:\Windows\SysWOW64\wuiw.exe	wsravudkd.exe
File created	C:\Windows\SysWOW64\wvxnnp.exe	weohyhv.exe
File opened for modification	C:\Windows\SysWOW64\wnpfwp.exe	wspfuwjrd.exe
File created	C:\Windows\SysWOW64\wbvfcej.exe	wjirs.exe
File opened for modification	C:\Windows\SysWOW64\wpjxk.exe	wpgmbl.exe
File created	C:\Windows\SysWOW64\wgkmo.exe	wowris.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1632 wrote to memory of 2580	1632	7b9b659a8deb0d70fbfc120326766e30_NeikiAnalytics.exe	28
PID 1632 wrote to memory of 2580	1632	7b9b659a8deb0d70fbfc120326766e30_NeikiAnalytics.exe	28
PID 1632 wrote to memory of 2580	1632	7b9b659a8deb0d70fbfc120326766e30_NeikiAnalytics.exe	28
PID 1632 wrote to memory of 2580	1632	7b9b659a8deb0d70fbfc120326766e30_NeikiAnalytics.exe	28
PID 1632 wrote to memory of 2724	1632	7b9b659a8deb0d70fbfc120326766e30_NeikiAnalytics.exe	29
PID 1632 wrote to memory of 2724	1632	7b9b659a8deb0d70fbfc120326766e30_NeikiAnalytics.exe	29
PID 1632 wrote to memory of 2724	1632	7b9b659a8deb0d70fbfc120326766e30_NeikiAnalytics.exe	29
PID 1632 wrote to memory of 2724	1632	7b9b659a8deb0d70fbfc120326766e30_NeikiAnalytics.exe	29
PID 2580 wrote to memory of 2452	2580	wkngrt.exe	31
PID 2580 wrote to memory of 2452	2580	wkngrt.exe	31
PID 2580 wrote to memory of 2452	2580	wkngrt.exe	31
PID 2580 wrote to memory of 2452	2580	wkngrt.exe	31
PID 2580 wrote to memory of 2032	2580	wkngrt.exe	32
PID 2580 wrote to memory of 2032	2580	wkngrt.exe	32
PID 2580 wrote to memory of 2032	2580	wkngrt.exe	32
PID 2580 wrote to memory of 2032	2580	wkngrt.exe	32
PID 2452 wrote to memory of 2424	2452	woe.exe	34
PID 2452 wrote to memory of 2424	2452	woe.exe	34
PID 2452 wrote to memory of 2424	2452	woe.exe	34
PID 2452 wrote to memory of 2424	2452	woe.exe	34
PID 2452 wrote to memory of 2104	2452	woe.exe	35
PID 2452 wrote to memory of 2104	2452	woe.exe	35
PID 2452 wrote to memory of 2104	2452	woe.exe	35
PID 2452 wrote to memory of 2104	2452	woe.exe	35
PID 2424 wrote to memory of 2376	2424	wrdrau.exe	37
PID 2424 wrote to memory of 2376	2424	wrdrau.exe	37
PID 2424 wrote to memory of 2376	2424	wrdrau.exe	37
PID 2424 wrote to memory of 2376	2424	wrdrau.exe	37
PID 2424 wrote to memory of 2096	2424	wrdrau.exe	38
PID 2424 wrote to memory of 2096	2424	wrdrau.exe	38
PID 2424 wrote to memory of 2096	2424	wrdrau.exe	38
PID 2424 wrote to memory of 2096	2424	wrdrau.exe	38
PID 2376 wrote to memory of 2872	2376	wjvau.exe	40
PID 2376 wrote to memory of 2872	2376	wjvau.exe	40
PID 2376 wrote to memory of 2872	2376	wjvau.exe	40
PID 2376 wrote to memory of 2872	2376	wjvau.exe	40
PID 2376 wrote to memory of 1196	2376	wjvau.exe	41
PID 2376 wrote to memory of 1196	2376	wjvau.exe	41
PID 2376 wrote to memory of 1196	2376	wjvau.exe	41
PID 2376 wrote to memory of 1196	2376	wjvau.exe	41
PID 2872 wrote to memory of 300	2872	whgnq.exe	43
PID 2872 wrote to memory of 300	2872	whgnq.exe	43
PID 2872 wrote to memory of 300	2872	whgnq.exe	43
PID 2872 wrote to memory of 300	2872	whgnq.exe	43
PID 2872 wrote to memory of 2412	2872	whgnq.exe	44
PID 2872 wrote to memory of 2412	2872	whgnq.exe	44
PID 2872 wrote to memory of 2412	2872	whgnq.exe	44
PID 2872 wrote to memory of 2412	2872	whgnq.exe	44
PID 300 wrote to memory of 2992	300	wgp.exe	46
PID 300 wrote to memory of 2992	300	wgp.exe	46
PID 300 wrote to memory of 2992	300	wgp.exe	46
PID 300 wrote to memory of 2992	300	wgp.exe	46
PID 300 wrote to memory of 1704	300	wgp.exe	47
PID 300 wrote to memory of 1704	300	wgp.exe	47
PID 300 wrote to memory of 1704	300	wgp.exe	47
PID 300 wrote to memory of 1704	300	wgp.exe	47
PID 2992 wrote to memory of 688	2992	wnjqamqoj.exe	49
PID 2992 wrote to memory of 688	2992	wnjqamqoj.exe	49
PID 2992 wrote to memory of 688	2992	wnjqamqoj.exe	49
PID 2992 wrote to memory of 688	2992	wnjqamqoj.exe	49
PID 2992 wrote to memory of 1968	2992	wnjqamqoj.exe	50
PID 2992 wrote to memory of 1968	2992	wnjqamqoj.exe	50
PID 2992 wrote to memory of 1968	2992	wnjqamqoj.exe	50
PID 2992 wrote to memory of 1968	2992	wnjqamqoj.exe	50

C:\Users\Admin\AppData\Local\Temp\7b9b659a8deb0d70fbfc120326766e30_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\7b9b659a8deb0d70fbfc120326766e30_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1632
- C:\Windows\SysWOW64\wkngrt.exe
  "C:\Windows\system32\wkngrt.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:2580
- - C:\Windows\SysWOW64\woe.exe
    "C:\Windows\system32\woe.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in System32 directory
    - Suspicious use of WriteProcessMemory
    PID:2452
  - - C:\Windows\SysWOW64\wrdrau.exe
      "C:\Windows\system32\wrdrau.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:2424
    - - C:\Windows\SysWOW64\wjvau.exe
        
        "C:\Windows\system32\wjvau.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2376
      - C:\Windows\SysWOW64\whgnq.exe
        
        "C:\Windows\system32\whgnq.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2872
        
        C:\Windows\SysWOW64\wgp.exe
        
        "C:\Windows\system32\wgp.exe"
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:300
        
        C:\Windows\SysWOW64\wnjqamqoj.exe
        
        "C:\Windows\system32\wnjqamqoj.exe"
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2992
        
        C:\Windows\SysWOW64\wsiqh.exe
        
        "C:\Windows\system32\wsiqh.exe"
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:688
        
        C:\Windows\SysWOW64\wdb.exe
        
        "C:\Windows\system32\wdb.exe"
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:876
        
        C:\Windows\SysWOW64\wxnspilfq.exe
        
        "C:\Windows\system32\wxnspilfq.exe"
        11⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:2744
        
        C:\Windows\SysWOW64\wbweevcba.exe
        
        "C:\Windows\system32\wbweevcba.exe"
        12⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:2712
        
        C:\Windows\SysWOW64\wrec.exe
        
        "C:\Windows\system32\wrec.exe"
        13⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:1876
        
        C:\Windows\SysWOW64\wpgmbl.exe
        
        "C:\Windows\system32\wpgmbl.exe"
        14⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:1532
        
        C:\Windows\SysWOW64\wpjxk.exe
        
        "C:\Windows\system32\wpjxk.exe"
        15⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        
        PID:2148
        
        C:\Windows\SysWOW64\wvkd.exe
        
        "C:\Windows\system32\wvkd.exe"
        16⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1196
        
        C:\Windows\SysWOW64\woprtc.exe
        
        "C:\Windows\system32\woprtc.exe"
        17⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2236
        
        C:\Windows\SysWOW64\wsravudkd.exe
        
        "C:\Windows\system32\wsravudkd.exe"
        18⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1516
        
        C:\Windows\SysWOW64\wuiw.exe
        
        "C:\Windows\system32\wuiw.exe"
        19⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:924
        
        C:\Windows\SysWOW64\wxvpwdr.exe
        
        "C:\Windows\system32\wxvpwdr.exe"
        20⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3060
        
        C:\Windows\SysWOW64\weohyhv.exe
        
        "C:\Windows\system32\weohyhv.exe"
        21⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2604
        
        C:\Windows\SysWOW64\wvxnnp.exe
        
        "C:\Windows\system32\wvxnnp.exe"
        22⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2668
        
        C:\Windows\SysWOW64\wdwimw.exe
        
        "C:\Windows\system32\wdwimw.exe"
        23⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2756
        
        C:\Windows\SysWOW64\wdvkhb.exe
        
        "C:\Windows\system32\wdvkhb.exe"
        24⤵
        Executes dropped EXE
        
        PID:2968
        
        C:\Windows\SysWOW64\wpw.exe
        
        "C:\Windows\system32\wpw.exe"
        25⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1104
        
        C:\Windows\SysWOW64\wiqkab.exe
        
        "C:\Windows\system32\wiqkab.exe"
        26⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1332
        
        C:\Windows\SysWOW64\wyjttr.exe
        
        "C:\Windows\system32\wyjttr.exe"
        27⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2944
        
        C:\Windows\SysWOW64\wotyjapk.exe
        
        "C:\Windows\system32\wotyjapk.exe"
        28⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2760
        
        C:\Windows\SysWOW64\wttl.exe
        
        "C:\Windows\system32\wttl.exe"
        29⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2448
        
        C:\Windows\SysWOW64\wldqdf.exe
        
        "C:\Windows\system32\wldqdf.exe"
        30⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2060
        
        C:\Windows\SysWOW64\wowris.exe
        
        "C:\Windows\system32\wowris.exe"
        31⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1872
        
        C:\Windows\SysWOW64\wgkmo.exe
        
        "C:\Windows\system32\wgkmo.exe"
        32⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2880
        
        C:\Windows\SysWOW64\wvnkto.exe
        
        "C:\Windows\system32\wvnkto.exe"
        33⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2736
        
        C:\Windows\SysWOW64\wtqll.exe
        
        "C:\Windows\system32\wtqll.exe"
        34⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:288
        
        C:\Windows\SysWOW64\wfuhvocd.exe
        
        "C:\Windows\system32\wfuhvocd.exe"
        35⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:644
        
        C:\Windows\SysWOW64\wnj.exe
        
        "C:\Windows\system32\wnj.exe"
        36⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1276
        
        C:\Windows\SysWOW64\wbpeyf.exe
        
        "C:\Windows\system32\wbpeyf.exe"
        37⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1940
        
        C:\Windows\SysWOW64\wtxptpb.exe
        
        "C:\Windows\system32\wtxptpb.exe"
        38⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2528
        
        C:\Windows\SysWOW64\wspfuwjrd.exe
        
        "C:\Windows\system32\wspfuwjrd.exe"
        39⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2604
        
        C:\Windows\SysWOW64\wnpfwp.exe
        
        "C:\Windows\system32\wnpfwp.exe"
        40⤵
        Executes dropped EXE
        
        PID:2852
        
        C:\Windows\SysWOW64\wthmis.exe
        
        "C:\Windows\system32\wthmis.exe"
        41⤵
        Executes dropped EXE
        
        PID:1488
        
        C:\Windows\SysWOW64\wjirs.exe
        
        "C:\Windows\system32\wjirs.exe"
        42⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2552
        
        C:\Windows\SysWOW64\wbvfcej.exe
        
        "C:\Windows\system32\wbvfcej.exe"
        43⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2204
        
        C:\Windows\SysWOW64\wbclgx.exe
        
        "C:\Windows\system32\wbclgx.exe"
        44⤵
        Executes dropped EXE
        
        PID:2228
        
        C:\Windows\SysWOW64\wikqkg.exe
        
        "C:\Windows\system32\wikqkg.exe"
        45⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:3056
        
        C:\Windows\SysWOW64\wkihhypj.exe
        
        "C:\Windows\system32\wkihhypj.exe"
        46⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2860
        
        C:\Windows\SysWOW64\wpcxt.exe
        
        "C:\Windows\system32\wpcxt.exe"
        47⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2592
        
        C:\Windows\SysWOW64\whuhn.exe
        
        "C:\Windows\system32\whuhn.exe"
        48⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2280
        
        C:\Windows\SysWOW64\wbnlbd.exe
        
        "C:\Windows\system32\wbnlbd.exe"
        49⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2140
        
        C:\Windows\SysWOW64\wrbfednhh.exe
        
        "C:\Windows\system32\wrbfednhh.exe"
        50⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2444
        
        C:\Windows\SysWOW64\wulprsce.exe
        
        "C:\Windows\system32\wulprsce.exe"
        51⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2820
        
        C:\Windows\SysWOW64\wcgedah.exe
        
        "C:\Windows\system32\wcgedah.exe"
        52⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1788
        
        C:\Windows\SysWOW64\wvafbcv.exe
        
        "C:\Windows\system32\wvafbcv.exe"
        53⤵
        Executes dropped EXE
        
        PID:1916
        
        C:\Windows\SysWOW64\wlnyg.exe
        
        "C:\Windows\system32\wlnyg.exe"
        54⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1676
        
        C:\Windows\SysWOW64\whfeqj.exe
        
        "C:\Windows\system32\whfeqj.exe"
        55⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1684
        
        C:\Windows\SysWOW64\wouhnbn.exe
        
        "C:\Windows\system32\wouhnbn.exe"
        56⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2708
        
        C:\Windows\SysWOW64\wtywpj.exe
        
        "C:\Windows\system32\wtywpj.exe"
        57⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2860
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wouhnbn.exe"
        57⤵
        
        PID:2892
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whfeqj.exe"
        56⤵
        
        PID:1924
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wlnyg.exe"
        55⤵
        
        PID:1928
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvafbcv.exe"
        54⤵
        
        PID:1832
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wcgedah.exe"
        53⤵
        
        PID:288
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wulprsce.exe"
        52⤵
        
        PID:1864
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrbfednhh.exe"
        51⤵
        
        PID:760
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbnlbd.exe"
        50⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whuhn.exe"
        49⤵
        
        PID:1836
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpcxt.exe"
        48⤵
        
        PID:2040
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkihhypj.exe"
        47⤵
        
        PID:2564
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wikqkg.exe"
        46⤵
        
        PID:2632
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbclgx.exe"
        45⤵
        
        PID:2272
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbvfcej.exe"
        44⤵
        
        PID:2288
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjirs.exe"
        43⤵
        
        PID:440
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wthmis.exe"
        42⤵
        
        PID:696
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnpfwp.exe"
        41⤵
        
        PID:1428
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wspfuwjrd.exe"
        40⤵
        
        PID:2132
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtxptpb.exe"
        39⤵
        
        PID:2988
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbpeyf.exe"
        38⤵
        
        PID:1500
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnj.exe"
        37⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wfuhvocd.exe"
        36⤵
        
        PID:2180
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wtqll.exe"
        35⤵
        
        PID:1920
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvnkto.exe"
        34⤵
        
        PID:404
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgkmo.exe"
        33⤵
        
        PID:1180
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wowris.exe"
        32⤵
        
        PID:1108
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wldqdf.exe"
        31⤵
        
        PID:2212
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wttl.exe"
        30⤵
        
        PID:2088
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wotyjapk.exe"
        29⤵
        
        PID:2904
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wyjttr.exe"
        28⤵
        
        PID:1904
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wiqkab.exe"
        27⤵
        
        PID:2676
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpw.exe"
        26⤵
        
        PID:2804
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdvkhb.exe"
        25⤵
        
        PID:2224
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdwimw.exe"
        24⤵
        
        PID:1380
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvxnnp.exe"
        23⤵
        
        PID:2140
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\weohyhv.exe"
        22⤵
        
        PID:2744
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxvpwdr.exe"
        21⤵
        
        PID:2028
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wuiw.exe"
        20⤵
        
        PID:1452
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wsravudkd.exe"
        19⤵
        
        PID:1920
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\woprtc.exe"
        18⤵
        
        PID:1220
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wvkd.exe"
        17⤵
        
        PID:2100
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpjxk.exe"
        16⤵
        
        PID:804
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wpgmbl.exe"
        15⤵
        
        PID:2208
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrec.exe"
        14⤵
        
        PID:1648
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wbweevcba.exe"
        13⤵
        
        PID:2748
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wxnspilfq.exe"
        12⤵
        
        PID:108
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wdb.exe"
        11⤵
        
        PID:2636
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wsiqh.exe"
        10⤵
        
        PID:1612
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wnjqamqoj.exe"
        9⤵
        
        PID:1968
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wgp.exe"
        8⤵
        
        PID:1704
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\whgnq.exe"
        7⤵
        
        PID:2412
      - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wjvau.exe"
        6⤵
        
        PID:1196
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wrdrau.exe"
        5⤵
        
        PID:2096
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\woe.exe"
      4⤵
      PID:2104
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c del "C:\Windows\system32\wkngrt.exe"
    3⤵
    PID:2032
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c del "C:\Users\Admin\AppData\Local\Temp\7b9b659a8deb0d70fbfc120326766e30_NeikiAnalytics.exe"
  2⤵
  - Deletes itself
  PID:2724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\ROPFZP23.txt

Filesize
98B

MD5
cbeb046ec8ba06e637f24fff501d6a34

SHA1
ea62cd07607959e5f28ddca341f651949b518a00

SHA256
5d69f0779633d4b38e81fa83a186b2da9203a208b25873569d13652777471a32

SHA512
ee7f6bee8a65a788fcf45af076a7ed3077125619da43255933daf4cfa38aa8aa5a953843b45a34d19c4cdad0abc6ddc0ea4004d559e0de23786df7d4c60a9146

Download Submit
C:\Windows\SysWOW64\whgnq.exe

Filesize
316KB

MD5
8e43e5b25fe7c1405f9cbcb9c88e06d5

SHA1
35ec8f048779e85a0b9a3d7b44466552f94d2790

SHA256
9dab3eb521b4a4d627127ccb4c0f8cfff64ed2c99fc2c77e51f70927e3d5ee76

SHA512
72f50b23b67c5c40cb7a35ebb096e3953a8067cddc6b69a69790aa25506054d97e8f43cd1190c894c867e6b075b3853734b28e4e6da25c0e5d83784ba6e9a5a5

Download Submit
\Windows\SysWOW64\wbweevcba.exe

Filesize
317KB

MD5
c34a91209e62687b5f82e6e4cae912a6

SHA1
43a34c6dd8bd9b088ceb384a3171b9995ed2e63f

SHA256
7ef74ed5a00ac4835ea6f22094d2c04b85472f6ade2455ca6e7d13813bdf67f7

SHA512
05d0a0f539eec6d8336dc2063bce8f5071693a5b5ad6c20cba2b768b5629a1366a2d04e59261ec2e379142b569043f9802ceeff273f6e760f226095a6cf31e9d

Download Submit
\Windows\SysWOW64\wdb.exe

Filesize
317KB

MD5
df4f114c61f7fafb5a871e9b3ae702b1

SHA1
c3c05c8446a2ff70047f5a7e6fac8a57e0a7fd41

SHA256
3998567e34034f8ee321eae0fedada43e327970cf8519d3a3e778d4fb99db486

SHA512
8d4b583425e02e2b46ad5c5357e580baa7ba31f60792222db3c6fab51abbc223a336f716f978f26cbef708b10e0be72fdec0b3ed0214d3f9fd08a60e0f5f1e97

Download Submit
\Windows\SysWOW64\wgp.exe

Filesize
316KB

MD5
5458f4772698f3caa54ec8fa641a767c

SHA1
b3ecb0d7877814e2ac9612b181fb45a771df3d70

SHA256
963554693bcc5a54468f1938d919f21e6f10477f5d99e1e628b94a6baa943103

SHA512
b709bbaa23bc96e60b5cba397dbb165aecdfc0388679a75ad3af8492fc5e872aaeae3e26130f90a814a6f68e21d165041ed58ed3618b799ec979196f4aa454eb

Download Submit
\Windows\SysWOW64\wjvau.exe

Filesize
316KB

MD5
4be7c6a0409c1b411861a1deb3e84aac

SHA1
72420b2a780063fc3062e89bf811b3c0bbe8b4ae

SHA256
6a020038e1ce4c0ed9b2c9441cda8dc35e48280be96d71af18716477302092aa

SHA512
22978cede527c0b507370d057586706060c967fa50eec325fa50d63bcef8406ba50c387d36fa692784752f745af74157deca56f5bdfc5dc6c75f845ad1ff006b

Download Submit
\Windows\SysWOW64\wkngrt.exe

Filesize
316KB

MD5
ea92c4eee06533e0da2d8b564080b315

SHA1
220483ffb404a5b1b00c7fb65393b7d29f4f190e

SHA256
129ad8557a0f1f0bf7a4c811e224b8f32e2218c2e7a68aec0dfd15744d83774c

SHA512
ded6b3ef06bdb17ca1d5dbfab9282b6a491fa9221a31345c7c70e238502189837e76178bc49a7a9dce679a90dd86df257f004387874178539e9e100d9bc2492a

Download Submit
\Windows\SysWOW64\wnjqamqoj.exe

Filesize
316KB

MD5
eae607d2a7a703a90465fbf284ea2d7a

SHA1
d13313335c0a62d2fc9ea4bf1e8a9c6dac10ae92

SHA256
e5abdce6afb69a381bbe14acf3731706d5cac538cd78a2f78b9d5a2e9b2804e2

SHA512
93acee6fd7c28ac03687a8341ca0d75edb2582b074129597fd6db5439a3f9d534ca4e61190168e5a2083279e3caf846913b19147215afc6548bb973fec572fd5

Download Submit
\Windows\SysWOW64\woe.exe

Filesize
316KB

MD5
ff1575d934985f161e7e838f5be4d77e

SHA1
7a6c67a2832a855a8f735be0f0ccf06e592fd0a6

SHA256
be80a74d6dc30a620cd27994fff5f319129f5e88bd4a9396df603c7a0986195e

SHA512
d8a9cbf6a46573088bbda9c34f3af30044da465383c1d118b744519d3e92213f116fb25a27384bbf9c04a5b2aec692dbf62b483cb1128abcf41abf395880ade3

Download Submit
\Windows\SysWOW64\wrdrau.exe

Filesize
316KB

MD5
34b2c1273d5949b10b72afb9e9ee852a

SHA1
22b56848a2384be5200eaab17c74662e82688e67

SHA256
62de6cc3a9381048793af6e514dd3e23a07fe452a3f1681180282034bbb5ead2

SHA512
96255e97b5f6fe7a835e676c9ab7d6989babfcf76a60cf3c39b4278d0cd0d1ba58db6d5513ae1769f7af7163ddcf9f7c58be31c4eba6a810af46c0e54e059c52

Download Submit
\Windows\SysWOW64\wsiqh.exe

Filesize
317KB

MD5
d4a3cc6c516a4b89114e423955bb7cdf

SHA1
ce511a857776ea71981c6ab99e1ce800526be16d

SHA256
f59d794d2b6a86ef695154506a18ee0fe0aac240a8767a40cc91fe826179103e

SHA512
d9b3cfd113da0e34b197f10522719393739688b28535553f1854f6d9dc8c7e620b360234ca22892c2ffb71b834f5f661a8f48f7f3c1dc2135a4838e462094210

Download Submit
\Windows\SysWOW64\wxnspilfq.exe

Filesize
317KB

MD5
e0760378c5105eb492e30e2f16a14fe3

SHA1
a52402b406bd57553844200ce5ff19f8107f4bba

SHA256
cea22fd442c50c166513f941ada8df9c8a067e7bca1b2e9b6e69e9d806131bc7

SHA512
4f5262a884172a0b6ebe96ef4640db2eaf3456033da12d5c11f2da85ca16709bc450a3c15cee6bbaf5431f39117608570a6036847527d8d0b834d22be52aba71

Download Submit
memory/300-148-0x0000000002490000-0x00000000024AE000-memory.dmp

Filesize
120KB

Download
memory/300-149-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/688-188-0x0000000003DC0000-0x0000000003DDE000-memory.dmp

Filesize
120KB

Download
memory/688-170-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/688-191-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/688-187-0x00000000031E0000-0x00000000031FE000-memory.dmp

Filesize
120KB

Download
memory/876-190-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/876-209-0x0000000002440000-0x000000000245E000-memory.dmp

Filesize
120KB

Download
memory/876-208-0x0000000002440000-0x000000000245E000-memory.dmp

Filesize
120KB

Download
memory/876-211-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/924-344-0x0000000003070000-0x000000000308E000-memory.dmp

Filesize
120KB

Download
memory/924-339-0x00000000005B0000-0x00000000005CE000-memory.dmp

Filesize
120KB

Download
memory/924-330-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/924-345-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/924-338-0x00000000005B0000-0x00000000005CE000-memory.dmp

Filesize
120KB

Download
memory/1104-434-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1104-433-0x00000000039E0000-0x00000000039FE000-memory.dmp

Filesize
120KB

Download
memory/1104-431-0x00000000039E0000-0x00000000039FE000-memory.dmp

Filesize
120KB

Download
memory/1104-432-0x00000000039E0000-0x00000000039FE000-memory.dmp

Filesize
120KB

Download
memory/1104-430-0x00000000039E0000-0x00000000039FE000-memory.dmp

Filesize
120KB

Download
memory/1196-299-0x0000000003DA0000-0x0000000003DBE000-memory.dmp

Filesize
120KB

Download
memory/1196-286-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1196-300-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1332-446-0x0000000003920000-0x000000000393E000-memory.dmp

Filesize
120KB

Download
memory/1516-314-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1516-328-0x0000000003970000-0x000000000398E000-memory.dmp

Filesize
120KB

Download
memory/1516-324-0x0000000003970000-0x000000000398E000-memory.dmp

Filesize
120KB

Download
memory/1516-329-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1532-273-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1532-272-0x0000000003F70000-0x0000000003F8E000-memory.dmp

Filesize
120KB

Download
memory/1632-0-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1632-23-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1632-6-0x0000000003E60000-0x0000000003E7E000-memory.dmp

Filesize
120KB

Download
memory/1632-19-0x0000000003E60000-0x0000000003E7E000-memory.dmp

Filesize
120KB

Download
memory/1632-18-0x0000000003E60000-0x0000000003E7E000-memory.dmp

Filesize
120KB

Download
memory/1876-259-0x0000000004020000-0x000000000403E000-memory.dmp

Filesize
120KB

Download
memory/1876-260-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1876-256-0x0000000004020000-0x000000000403E000-memory.dmp

Filesize
120KB

Download
memory/1876-257-0x0000000004020000-0x000000000403E000-memory.dmp

Filesize
120KB

Download
memory/1876-258-0x0000000004020000-0x000000000403E000-memory.dmp

Filesize
120KB

Download
memory/2148-274-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2148-287-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2236-315-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2236-301-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2236-313-0x0000000002460000-0x000000000247E000-memory.dmp

Filesize
120KB

Download
memory/2376-104-0x00000000036B0000-0x00000000036CE000-memory.dmp

Filesize
120KB

Download
memory/2376-110-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2376-85-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2376-106-0x00000000036B0000-0x00000000036CE000-memory.dmp

Filesize
120KB

Download
memory/2376-105-0x00000000036B0000-0x00000000036CE000-memory.dmp

Filesize
120KB

Download
memory/2376-103-0x00000000036B0000-0x00000000036CE000-memory.dmp

Filesize
120KB

Download
memory/2424-83-0x0000000004030000-0x000000000404E000-memory.dmp

Filesize
120KB

Download
memory/2424-86-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2424-77-0x0000000003CF0000-0x0000000003D0E000-memory.dmp

Filesize
120KB

Download
memory/2452-64-0x0000000004010000-0x000000000402E000-memory.dmp

Filesize
120KB

Download
memory/2452-45-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2452-65-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2580-41-0x0000000002510000-0x000000000252E000-memory.dmp

Filesize
120KB

Download
memory/2580-40-0x0000000002510000-0x000000000252E000-memory.dmp

Filesize
120KB

Download
memory/2580-42-0x0000000002510000-0x000000000252E000-memory.dmp

Filesize
120KB

Download
memory/2580-46-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2580-21-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2580-43-0x0000000002510000-0x000000000252E000-memory.dmp

Filesize
120KB

Download
memory/2604-359-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2604-374-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2604-373-0x0000000003EE0000-0x0000000003EFE000-memory.dmp

Filesize
120KB

Download
memory/2604-372-0x0000000003ED0000-0x0000000003EEE000-memory.dmp

Filesize
120KB

Download
memory/2668-386-0x00000000031D0000-0x00000000031EE000-memory.dmp

Filesize
120KB

Download
memory/2668-387-0x00000000031D0000-0x00000000031EE000-memory.dmp

Filesize
120KB

Download
memory/2668-388-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2712-229-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2712-242-0x0000000003B10000-0x0000000003B2E000-memory.dmp

Filesize
120KB

Download
memory/2712-243-0x0000000003B10000-0x0000000003B2E000-memory.dmp

Filesize
120KB

Download
memory/2712-244-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2744-230-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2744-227-0x00000000037A0000-0x00000000037BE000-memory.dmp

Filesize
120KB

Download
memory/2744-228-0x00000000037A0000-0x00000000037BE000-memory.dmp

Filesize
120KB

Download
memory/2756-389-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2756-402-0x0000000003470000-0x000000000348E000-memory.dmp

Filesize
120KB

Download
memory/2756-404-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2756-401-0x0000000003470000-0x000000000348E000-memory.dmp

Filesize
120KB

Download
memory/2872-127-0x0000000002280000-0x000000000229E000-memory.dmp

Filesize
120KB

Download
memory/2872-130-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2872-108-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2872-126-0x0000000002280000-0x000000000229E000-memory.dmp

Filesize
120KB

Download
memory/2872-128-0x0000000002280000-0x000000000229E000-memory.dmp

Filesize
120KB

Download
memory/2968-403-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2968-417-0x00000000031A0000-0x00000000031BE000-memory.dmp

Filesize
120KB

Download
memory/2968-416-0x00000000031A0000-0x00000000031BE000-memory.dmp

Filesize
120KB

Download
memory/2968-418-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2992-158-0x00000000034D0000-0x00000000034EE000-memory.dmp

Filesize
120KB

Download
memory/2992-161-0x00000000034D0000-0x00000000034EE000-memory.dmp

Filesize
120KB

Download
memory/2992-169-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3060-357-0x0000000003350000-0x000000000336E000-memory.dmp

Filesize
120KB

Download
memory/3060-360-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3060-358-0x0000000003360000-0x000000000337E000-memory.dmp

Filesize
120KB

Download