05a358f1344d1651249b4811963b692edc5db60fdfe1b6d1178a7c2ba2b62978

Analysis

max time kernel
20s
max time network
83s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
21/10/2023, 17:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
Size

1.5MB
MD5

045d39eec9584a990b27d096348f6f57
SHA1

62c1d171834a630f8f737cf6c092488ec66d5d89
SHA256

05a358f1344d1651249b4811963b692edc5db60fdfe1b6d1178a7c2ba2b62978
SHA512

da31ce8b3c4435224b1bcf014ec9ee53f49c4b701bb16b7ad14a517f0374fa8110b53bb612e6648caff8b960104500dbb3bd612451dc2d0ba66783ffdca39ea2
SSDEEP

24576:A8LCe0ehynTDBCNzMgoytu51ZuSvtRXDnULYrnwHmz8PNHITI4R2k0rb1PV4iefX:A20vTDBCNzJu513tRznrwHmz8tIM4rmM

Score

7^/10

persistence upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Control Panel\International\Geo\Nation	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Control Panel\International\Geo\Nation	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Control Panel\International\Geo\Nation	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1574508946-349927670-1185736483-1000\Control Panel\International\Geo\Nation	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe

UPX packed file 55 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/5084-0-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/files/0x00070000000230b1-5.dat	upx
behavioral2/memory/5084-6-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5084-8-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4332-12-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1092-14-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1884-13-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5116-16-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1984-17-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4332-18-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4512-19-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/712-20-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2132-21-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1224-23-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3892-24-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4556-25-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2272-26-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1884-27-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5084-29-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3752-31-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1092-30-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2760-32-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1984-34-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4772-33-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/776-36-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3824-38-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/748-37-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4512-39-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/116-41-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2308-43-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1300-45-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1604-42-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2520-47-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4996-57-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/468-53-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4492-48-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2256-59-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4848-58-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4772-61-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2056-60-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3744-64-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4100-66-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4544-65-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3356-67-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3120-70-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/324-74-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2776-79-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1704-83-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4316-82-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/496-85-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/984-102-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2476-105-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5160-112-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/224-108-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3768-99-0x0000000000400000-0x000000000041C000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\H:	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
File opened (read-only)	\??\V:	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
File opened (read-only)	\??\E:	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
File opened (read-only)	\??\L:	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
File opened (read-only)	\??\O:	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
File opened (read-only)	\??\R:	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
File opened (read-only)	\??\U:	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
File opened (read-only)	\??\I:	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
File opened (read-only)	\??\B:	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
File opened (read-only)	\??\K:	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
File opened (read-only)	\??\N:	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
File opened (read-only)	\??\P:	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
File opened (read-only)	\??\Q:	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
File opened (read-only)	\??\T:	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
File opened (read-only)	\??\Z:	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
File opened (read-only)	\??\A:	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
File opened (read-only)	\??\J:	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
File opened (read-only)	\??\M:	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
File opened (read-only)	\??\S:	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
File opened (read-only)	\??\W:	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
File opened (read-only)	\??\X:	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
File opened (read-only)	\??\Y:	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
File opened (read-only)	\??\G:	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe

Drops file in Program Files directory 10 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\canadian nude action [milf] hotel .rar.exe	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
File created	C:\Program Files\Microsoft Office\root\Templates\gay masturbation cock .mpg.exe	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\american porn masturbation glans bedroom (Sylvia,Britney).mpg.exe	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\horse uncut girly .zip.exe	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\canadian beastiality trambling big (Sonja,Christine).mpeg.exe	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\american lingerie catfight .mpg.exe	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\lesbian fucking girls bedroom .avi.exe	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\chinese nude [free] (Sylvia,Tatjana).avi.exe	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\german trambling lingerie uncut gorgeoushorny .zip.exe	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\chinese horse hot (!) .mpeg.exe	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\mssrv.exe	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
5084	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
5084	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
5116	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
5116	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
5084	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
5084	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
4332	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
4332	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
5084	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
5084	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
2132	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
2132	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
5116	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
5116	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
1224	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
1224	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
5084	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
5084	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 5084 wrote to memory of 5116	5084	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe	83
PID 5084 wrote to memory of 5116	5084	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe	83
PID 5084 wrote to memory of 5116	5084	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe	83
PID 5084 wrote to memory of 4332	5084	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe	84
PID 5084 wrote to memory of 4332	5084	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe	84
PID 5084 wrote to memory of 4332	5084	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe	84
PID 5116 wrote to memory of 2132	5116	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe	85
PID 5116 wrote to memory of 2132	5116	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe	85
PID 5116 wrote to memory of 2132	5116	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe	85
PID 5084 wrote to memory of 1224	5084	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe	86
PID 5084 wrote to memory of 1224	5084	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe	86
PID 5084 wrote to memory of 1224	5084	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe	86
PID 5116 wrote to memory of 2272	5116	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe	87
PID 5116 wrote to memory of 2272	5116	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe	87
PID 5116 wrote to memory of 2272	5116	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe	87
PID 4332 wrote to memory of 1884	4332	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe	88
PID 4332 wrote to memory of 1884	4332	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe	88
PID 4332 wrote to memory of 1884	4332	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe	88
PID 2132 wrote to memory of 1092	2132	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe	89
PID 2132 wrote to memory of 1092	2132	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe	89
PID 2132 wrote to memory of 1092	2132	NEAS.045d39eec9584a990b27d096348f6f57_JC.exe	89

C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:5084
- C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:5116
- - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2132
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
      4⤵
      PID:1092
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
        5⤵
        
        PID:4556
      - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
        6⤵
        
        PID:4996
      - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
        6⤵
        
        PID:5160
      - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
        6⤵
        
        PID:6588
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
        5⤵
        
        PID:116
      - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
        6⤵
        
        PID:5952
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
        5⤵
        
        PID:4316
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
        5⤵
        
        PID:5928
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
      4⤵
      PID:712
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
        5⤵
        
        PID:4284
      - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
        6⤵
        
        PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
        5⤵
        
        PID:224
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
        5⤵
        
        PID:6300
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
      4⤵
      PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
        5⤵
        
        PID:5616
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
      4⤵
      PID:324
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
      4⤵
      PID:5964
- - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
    3⤵
    PID:2272
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
      4⤵
      PID:3892
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
        5⤵
        
        PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
        5⤵
        
        PID:5248
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
      4⤵
      PID:556
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
        5⤵
        
        PID:6232
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
      4⤵
      PID:2776
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
      4⤵
      PID:5996
- - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
    3⤵
    PID:3824
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
      4⤵
      PID:4492
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
        5⤵
        
        PID:6692
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
      4⤵
      PID:984
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
      4⤵
      PID:6580
- - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
    3⤵
    PID:776
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
      4⤵
      PID:5608
- - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
    3⤵
    PID:4100
- - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
    3⤵
    PID:5700
- C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4332
- - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
    3⤵
    PID:1884
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
      4⤵
      PID:1300
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
        5⤵
        
        PID:468
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
        5⤵
        
        PID:3088
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
        5⤵
        
        PID:6468
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
      4⤵
      PID:2308
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
        5⤵
        
        PID:6096
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
      4⤵
      PID:6104
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
      4⤵
      PID:1704
- - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
    3⤵
    PID:4512
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
      4⤵
      PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
        5⤵
        
        PID:6596
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
      4⤵
      PID:3768
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
      4⤵
      PID:6308
- - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
    3⤵
    PID:4772
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
      4⤵
      PID:5200
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
      4⤵
      PID:6616
- - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
    3⤵
    PID:3356
- - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
    3⤵
    PID:5600
- C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1224
- - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
    3⤵
    PID:1984
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
      4⤵
      PID:748
    - - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
        
        "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
        5⤵
        
        PID:5624
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
      4⤵
      PID:3120
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
      4⤵
      PID:5708
- - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
    3⤵
    PID:3752
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
      4⤵
      PID:496
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
      4⤵
      PID:5480
- - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
    3⤵
    PID:4544
- - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
    3⤵
    PID:5540
- C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
  2⤵
  PID:2760
- - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
    3⤵
    PID:2056
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
      4⤵
      PID:2476
  - - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
      "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
      4⤵
      PID:6292
- - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
    3⤵
    PID:3744
- - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
    3⤵
    PID:5532
- C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
  2⤵
  PID:2520
- - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
    3⤵
    PID:1328
- - C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
    "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
    3⤵
    PID:6284
- C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
  2⤵
  PID:4848
- C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
  2⤵
  PID:5364
- C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\NEAS.045d39eec9584a990b27d096348f6f57_JC.exe"
  2⤵
  PID:6728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\chinese nude [free] (Sylvia,Tatjana).avi.exe

Filesize
1.2MB

MD5
3234e3a54bc2324355b3d881dd3f5c5c

SHA1
f6e84f86a551ac299a46ca70fe3db4680a9c5624

SHA256
bd60023df70a3293f1d6f433157b4aaa6c5b735b827a3cb16adf3972436bccc6

SHA512
828a9d54a431ef0281bfc6743640ea61b9efa14e8c4398ff889f4a555517bbdf61b2d4e1740f106801c84e543595f581376fcbafe752c468a151a8719946e7cb

Download Submit
memory/116-41-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/224-108-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/324-74-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/468-53-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/496-85-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/712-20-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/748-37-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/776-36-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/984-102-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1092-30-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1092-14-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1224-23-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1300-45-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1604-42-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1704-83-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1884-13-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1884-27-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1984-34-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1984-17-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2056-60-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2132-21-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2256-59-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2272-26-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2308-43-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2476-105-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2520-47-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2760-32-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2776-79-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3120-70-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3356-67-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3744-64-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3752-31-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3768-99-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3824-38-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3892-24-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4100-66-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4316-82-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4332-12-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4332-18-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4492-48-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4512-19-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4512-39-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4544-65-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4556-25-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4772-61-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4772-33-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4848-58-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4996-57-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5084-29-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5084-0-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5084-8-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5084-6-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5116-16-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5160-112-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download