eb8576af91f370e924bfefe2e618f351751563efda768517f937bc2cb1e6da87

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 01:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

691cb70e8509a4f1ce5e20ad271137a0_NeikiAnalytics.exe
Size

89KB
MD5

691cb70e8509a4f1ce5e20ad271137a0
SHA1

bad95b009ed12cb959758b3f610f14e875183af0
SHA256

eb8576af91f370e924bfefe2e618f351751563efda768517f937bc2cb1e6da87
SHA512

e6d21effa115d9802a35ed426cfc0cadc1a0f42040005a79e854af6b158329fabb3ce9f97a3e2bd3ae4460932c2689e165bc81c5c67140c8a6f471be54984f9d
SSDEEP

768:5vw9816thKQLroX4/wQkNrfrunMxVFA3v:lEG/0oXlbunMxVS3v

Score

8^/10

persistence

Malware Config

Signatures

Modifies Installed Components in the registry 2 TTPs 24 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

691cb70e8509a4f1ce5e20ad271137a0_NeikiAnalytics.exe{B103222F-480C-46c8-AF54-9DC922C5AA95}.exe{D5935C10-AABF-4264-A353-DFBE77795A7E}.exe{C80FAA43-BAB0-4172-9ED0-2E0829C6605C}.exe{2A572146-C6A0-4657-A8CA-2F3CCB1C8C03}.exe{E0F0D3EC-E4B9-4ae0-9465-A618DAC08BE0}.exe{3EDDC05B-769C-4b3e-BA23-A051C4B50C82}.exe{3305575A-ACC0-44d3-9DFF-2515A7B7C45D}.exe{6BA6BAAC-817F-43d5-9F5E-F7CAFFD7FE2D}.exe{B2D273B8-FDDD-45b3-A0DD-0E70B59482EF}.exe{E28CC931-2A4D-45ec-B3A2-D74381A2CE95}.exe{4EA01F6A-59E7-4c5b-BC7D-F7AD5F6C7B27}.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B103222F-480C-46c8-AF54-9DC922C5AA95}	691cb70e8509a4f1ce5e20ad271137a0_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D5935C10-AABF-4264-A353-DFBE77795A7E}\stubpath = "C:\\Windows\\{D5935C10-AABF-4264-A353-DFBE77795A7E}.exe"	{B103222F-480C-46c8-AF54-9DC922C5AA95}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C80FAA43-BAB0-4172-9ED0-2E0829C6605C}\stubpath = "C:\\Windows\\{C80FAA43-BAB0-4172-9ED0-2E0829C6605C}.exe"	{D5935C10-AABF-4264-A353-DFBE77795A7E}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2A572146-C6A0-4657-A8CA-2F3CCB1C8C03}	{C80FAA43-BAB0-4172-9ED0-2E0829C6605C}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E0F0D3EC-E4B9-4ae0-9465-A618DAC08BE0}	{2A572146-C6A0-4657-A8CA-2F3CCB1C8C03}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E0F0D3EC-E4B9-4ae0-9465-A618DAC08BE0}\stubpath = "C:\\Windows\\{E0F0D3EC-E4B9-4ae0-9465-A618DAC08BE0}.exe"	{2A572146-C6A0-4657-A8CA-2F3CCB1C8C03}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3305575A-ACC0-44d3-9DFF-2515A7B7C45D}	{E0F0D3EC-E4B9-4ae0-9465-A618DAC08BE0}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3305575A-ACC0-44d3-9DFF-2515A7B7C45D}\stubpath = "C:\\Windows\\{3305575A-ACC0-44d3-9DFF-2515A7B7C45D}.exe"	{E0F0D3EC-E4B9-4ae0-9465-A618DAC08BE0}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6AFD94B9-CE98-419e-B9BC-6A58F39654BD}	{3EDDC05B-769C-4b3e-BA23-A051C4B50C82}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B103222F-480C-46c8-AF54-9DC922C5AA95}\stubpath = "C:\\Windows\\{B103222F-480C-46c8-AF54-9DC922C5AA95}.exe"	691cb70e8509a4f1ce5e20ad271137a0_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{D5935C10-AABF-4264-A353-DFBE77795A7E}	{B103222F-480C-46c8-AF54-9DC922C5AA95}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C80FAA43-BAB0-4172-9ED0-2E0829C6605C}	{D5935C10-AABF-4264-A353-DFBE77795A7E}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2A572146-C6A0-4657-A8CA-2F3CCB1C8C03}\stubpath = "C:\\Windows\\{2A572146-C6A0-4657-A8CA-2F3CCB1C8C03}.exe"	{C80FAA43-BAB0-4172-9ED0-2E0829C6605C}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6BA6BAAC-817F-43d5-9F5E-F7CAFFD7FE2D}	{3305575A-ACC0-44d3-9DFF-2515A7B7C45D}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B2D273B8-FDDD-45b3-A0DD-0E70B59482EF}	{6BA6BAAC-817F-43d5-9F5E-F7CAFFD7FE2D}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6BA6BAAC-817F-43d5-9F5E-F7CAFFD7FE2D}\stubpath = "C:\\Windows\\{6BA6BAAC-817F-43d5-9F5E-F7CAFFD7FE2D}.exe"	{3305575A-ACC0-44d3-9DFF-2515A7B7C45D}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E28CC931-2A4D-45ec-B3A2-D74381A2CE95}\stubpath = "C:\\Windows\\{E28CC931-2A4D-45ec-B3A2-D74381A2CE95}.exe"	{B2D273B8-FDDD-45b3-A0DD-0E70B59482EF}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4EA01F6A-59E7-4c5b-BC7D-F7AD5F6C7B27}	{E28CC931-2A4D-45ec-B3A2-D74381A2CE95}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4EA01F6A-59E7-4c5b-BC7D-F7AD5F6C7B27}\stubpath = "C:\\Windows\\{4EA01F6A-59E7-4c5b-BC7D-F7AD5F6C7B27}.exe"	{E28CC931-2A4D-45ec-B3A2-D74381A2CE95}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{B2D273B8-FDDD-45b3-A0DD-0E70B59482EF}\stubpath = "C:\\Windows\\{B2D273B8-FDDD-45b3-A0DD-0E70B59482EF}.exe"	{6BA6BAAC-817F-43d5-9F5E-F7CAFFD7FE2D}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E28CC931-2A4D-45ec-B3A2-D74381A2CE95}	{B2D273B8-FDDD-45b3-A0DD-0E70B59482EF}.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3EDDC05B-769C-4b3e-BA23-A051C4B50C82}	{4EA01F6A-59E7-4c5b-BC7D-F7AD5F6C7B27}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3EDDC05B-769C-4b3e-BA23-A051C4B50C82}\stubpath = "C:\\Windows\\{3EDDC05B-769C-4b3e-BA23-A051C4B50C82}.exe"	{4EA01F6A-59E7-4c5b-BC7D-F7AD5F6C7B27}.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6AFD94B9-CE98-419e-B9BC-6A58F39654BD}\stubpath = "C:\\Windows\\{6AFD94B9-CE98-419e-B9BC-6A58F39654BD}.exe"	{3EDDC05B-769C-4b3e-BA23-A051C4B50C82}.exe

Executes dropped EXE 12 IoCs

Processes:

{B103222F-480C-46c8-AF54-9DC922C5AA95}.exe{D5935C10-AABF-4264-A353-DFBE77795A7E}.exe{C80FAA43-BAB0-4172-9ED0-2E0829C6605C}.exe{2A572146-C6A0-4657-A8CA-2F3CCB1C8C03}.exe{E0F0D3EC-E4B9-4ae0-9465-A618DAC08BE0}.exe{3305575A-ACC0-44d3-9DFF-2515A7B7C45D}.exe{6BA6BAAC-817F-43d5-9F5E-F7CAFFD7FE2D}.exe{B2D273B8-FDDD-45b3-A0DD-0E70B59482EF}.exe{E28CC931-2A4D-45ec-B3A2-D74381A2CE95}.exe{4EA01F6A-59E7-4c5b-BC7D-F7AD5F6C7B27}.exe{3EDDC05B-769C-4b3e-BA23-A051C4B50C82}.exe{6AFD94B9-CE98-419e-B9BC-6A58F39654BD}.exe

pid	process
2900	{B103222F-480C-46c8-AF54-9DC922C5AA95}.exe
3824	{D5935C10-AABF-4264-A353-DFBE77795A7E}.exe
3492	{C80FAA43-BAB0-4172-9ED0-2E0829C6605C}.exe
1212	{2A572146-C6A0-4657-A8CA-2F3CCB1C8C03}.exe
512	{E0F0D3EC-E4B9-4ae0-9465-A618DAC08BE0}.exe
988	{3305575A-ACC0-44d3-9DFF-2515A7B7C45D}.exe
3716	{6BA6BAAC-817F-43d5-9F5E-F7CAFFD7FE2D}.exe
2276	{B2D273B8-FDDD-45b3-A0DD-0E70B59482EF}.exe
376	{E28CC931-2A4D-45ec-B3A2-D74381A2CE95}.exe
4088	{4EA01F6A-59E7-4c5b-BC7D-F7AD5F6C7B27}.exe
448	{3EDDC05B-769C-4b3e-BA23-A051C4B50C82}.exe
1992	{6AFD94B9-CE98-419e-B9BC-6A58F39654BD}.exe

Drops file in Windows directory 12 IoCs

Processes:

{E28CC931-2A4D-45ec-B3A2-D74381A2CE95}.exe691cb70e8509a4f1ce5e20ad271137a0_NeikiAnalytics.exe{B103222F-480C-46c8-AF54-9DC922C5AA95}.exe{C80FAA43-BAB0-4172-9ED0-2E0829C6605C}.exe{3305575A-ACC0-44d3-9DFF-2515A7B7C45D}.exe{B2D273B8-FDDD-45b3-A0DD-0E70B59482EF}.exe{3EDDC05B-769C-4b3e-BA23-A051C4B50C82}.exe{D5935C10-AABF-4264-A353-DFBE77795A7E}.exe{2A572146-C6A0-4657-A8CA-2F3CCB1C8C03}.exe{E0F0D3EC-E4B9-4ae0-9465-A618DAC08BE0}.exe{6BA6BAAC-817F-43d5-9F5E-F7CAFFD7FE2D}.exe{4EA01F6A-59E7-4c5b-BC7D-F7AD5F6C7B27}.exe

description	ioc	process
File created	C:\Windows\{4EA01F6A-59E7-4c5b-BC7D-F7AD5F6C7B27}.exe	{E28CC931-2A4D-45ec-B3A2-D74381A2CE95}.exe
File created	C:\Windows\{B103222F-480C-46c8-AF54-9DC922C5AA95}.exe	691cb70e8509a4f1ce5e20ad271137a0_NeikiAnalytics.exe
File created	C:\Windows\{D5935C10-AABF-4264-A353-DFBE77795A7E}.exe	{B103222F-480C-46c8-AF54-9DC922C5AA95}.exe
File created	C:\Windows\{2A572146-C6A0-4657-A8CA-2F3CCB1C8C03}.exe	{C80FAA43-BAB0-4172-9ED0-2E0829C6605C}.exe
File created	C:\Windows\{6BA6BAAC-817F-43d5-9F5E-F7CAFFD7FE2D}.exe	{3305575A-ACC0-44d3-9DFF-2515A7B7C45D}.exe
File created	C:\Windows\{E28CC931-2A4D-45ec-B3A2-D74381A2CE95}.exe	{B2D273B8-FDDD-45b3-A0DD-0E70B59482EF}.exe
File created	C:\Windows\{6AFD94B9-CE98-419e-B9BC-6A58F39654BD}.exe	{3EDDC05B-769C-4b3e-BA23-A051C4B50C82}.exe
File created	C:\Windows\{C80FAA43-BAB0-4172-9ED0-2E0829C6605C}.exe	{D5935C10-AABF-4264-A353-DFBE77795A7E}.exe
File created	C:\Windows\{E0F0D3EC-E4B9-4ae0-9465-A618DAC08BE0}.exe	{2A572146-C6A0-4657-A8CA-2F3CCB1C8C03}.exe
File created	C:\Windows\{3305575A-ACC0-44d3-9DFF-2515A7B7C45D}.exe	{E0F0D3EC-E4B9-4ae0-9465-A618DAC08BE0}.exe
File created	C:\Windows\{B2D273B8-FDDD-45b3-A0DD-0E70B59482EF}.exe	{6BA6BAAC-817F-43d5-9F5E-F7CAFFD7FE2D}.exe
File created	C:\Windows\{3EDDC05B-769C-4b3e-BA23-A051C4B50C82}.exe	{4EA01F6A-59E7-4c5b-BC7D-F7AD5F6C7B27}.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

Processes:

691cb70e8509a4f1ce5e20ad271137a0_NeikiAnalytics.exe{B103222F-480C-46c8-AF54-9DC922C5AA95}.exe{D5935C10-AABF-4264-A353-DFBE77795A7E}.exe{C80FAA43-BAB0-4172-9ED0-2E0829C6605C}.exe{2A572146-C6A0-4657-A8CA-2F3CCB1C8C03}.exe{E0F0D3EC-E4B9-4ae0-9465-A618DAC08BE0}.exe{3305575A-ACC0-44d3-9DFF-2515A7B7C45D}.exe{6BA6BAAC-817F-43d5-9F5E-F7CAFFD7FE2D}.exe{B2D273B8-FDDD-45b3-A0DD-0E70B59482EF}.exe{E28CC931-2A4D-45ec-B3A2-D74381A2CE95}.exe{4EA01F6A-59E7-4c5b-BC7D-F7AD5F6C7B27}.exe{3EDDC05B-769C-4b3e-BA23-A051C4B50C82}.exe

description	pid	process
Token: SeIncBasePriorityPrivilege	4200	691cb70e8509a4f1ce5e20ad271137a0_NeikiAnalytics.exe
Token: SeIncBasePriorityPrivilege	2900	{B103222F-480C-46c8-AF54-9DC922C5AA95}.exe
Token: SeIncBasePriorityPrivilege	3824	{D5935C10-AABF-4264-A353-DFBE77795A7E}.exe
Token: SeIncBasePriorityPrivilege	3492	{C80FAA43-BAB0-4172-9ED0-2E0829C6605C}.exe
Token: SeIncBasePriorityPrivilege	1212	{2A572146-C6A0-4657-A8CA-2F3CCB1C8C03}.exe
Token: SeIncBasePriorityPrivilege	512	{E0F0D3EC-E4B9-4ae0-9465-A618DAC08BE0}.exe
Token: SeIncBasePriorityPrivilege	988	{3305575A-ACC0-44d3-9DFF-2515A7B7C45D}.exe
Token: SeIncBasePriorityPrivilege	3716	{6BA6BAAC-817F-43d5-9F5E-F7CAFFD7FE2D}.exe
Token: SeIncBasePriorityPrivilege	2276	{B2D273B8-FDDD-45b3-A0DD-0E70B59482EF}.exe
Token: SeIncBasePriorityPrivilege	376	{E28CC931-2A4D-45ec-B3A2-D74381A2CE95}.exe
Token: SeIncBasePriorityPrivilege	4088	{4EA01F6A-59E7-4c5b-BC7D-F7AD5F6C7B27}.exe
Token: SeIncBasePriorityPrivilege	448	{3EDDC05B-769C-4b3e-BA23-A051C4B50C82}.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

691cb70e8509a4f1ce5e20ad271137a0_NeikiAnalytics.exe{B103222F-480C-46c8-AF54-9DC922C5AA95}.exe{D5935C10-AABF-4264-A353-DFBE77795A7E}.exe{C80FAA43-BAB0-4172-9ED0-2E0829C6605C}.exe{2A572146-C6A0-4657-A8CA-2F3CCB1C8C03}.exe{E0F0D3EC-E4B9-4ae0-9465-A618DAC08BE0}.exe{3305575A-ACC0-44d3-9DFF-2515A7B7C45D}.exe{6BA6BAAC-817F-43d5-9F5E-F7CAFFD7FE2D}.exe{B2D273B8-FDDD-45b3-A0DD-0E70B59482EF}.exe{E28CC931-2A4D-45ec-B3A2-D74381A2CE95}.exe{4EA01F6A-59E7-4c5b-BC7D-F7AD5F6C7B27}.exe

description	pid	process	target process
PID 4200 wrote to memory of 2900	4200	691cb70e8509a4f1ce5e20ad271137a0_NeikiAnalytics.exe	{B103222F-480C-46c8-AF54-9DC922C5AA95}.exe
PID 4200 wrote to memory of 2900	4200	691cb70e8509a4f1ce5e20ad271137a0_NeikiAnalytics.exe	{B103222F-480C-46c8-AF54-9DC922C5AA95}.exe
PID 4200 wrote to memory of 2900	4200	691cb70e8509a4f1ce5e20ad271137a0_NeikiAnalytics.exe	{B103222F-480C-46c8-AF54-9DC922C5AA95}.exe
PID 4200 wrote to memory of 2728	4200	691cb70e8509a4f1ce5e20ad271137a0_NeikiAnalytics.exe	cmd.exe
PID 4200 wrote to memory of 2728	4200	691cb70e8509a4f1ce5e20ad271137a0_NeikiAnalytics.exe	cmd.exe
PID 4200 wrote to memory of 2728	4200	691cb70e8509a4f1ce5e20ad271137a0_NeikiAnalytics.exe	cmd.exe
PID 2900 wrote to memory of 3824	2900	{B103222F-480C-46c8-AF54-9DC922C5AA95}.exe	{D5935C10-AABF-4264-A353-DFBE77795A7E}.exe
PID 2900 wrote to memory of 3824	2900	{B103222F-480C-46c8-AF54-9DC922C5AA95}.exe	{D5935C10-AABF-4264-A353-DFBE77795A7E}.exe
PID 2900 wrote to memory of 3824	2900	{B103222F-480C-46c8-AF54-9DC922C5AA95}.exe	{D5935C10-AABF-4264-A353-DFBE77795A7E}.exe
PID 2900 wrote to memory of 4504	2900	{B103222F-480C-46c8-AF54-9DC922C5AA95}.exe	cmd.exe
PID 2900 wrote to memory of 4504	2900	{B103222F-480C-46c8-AF54-9DC922C5AA95}.exe	cmd.exe
PID 2900 wrote to memory of 4504	2900	{B103222F-480C-46c8-AF54-9DC922C5AA95}.exe	cmd.exe
PID 3824 wrote to memory of 3492	3824	{D5935C10-AABF-4264-A353-DFBE77795A7E}.exe	{C80FAA43-BAB0-4172-9ED0-2E0829C6605C}.exe
PID 3824 wrote to memory of 3492	3824	{D5935C10-AABF-4264-A353-DFBE77795A7E}.exe	{C80FAA43-BAB0-4172-9ED0-2E0829C6605C}.exe
PID 3824 wrote to memory of 3492	3824	{D5935C10-AABF-4264-A353-DFBE77795A7E}.exe	{C80FAA43-BAB0-4172-9ED0-2E0829C6605C}.exe
PID 3824 wrote to memory of 2028	3824	{D5935C10-AABF-4264-A353-DFBE77795A7E}.exe	cmd.exe
PID 3824 wrote to memory of 2028	3824	{D5935C10-AABF-4264-A353-DFBE77795A7E}.exe	cmd.exe
PID 3824 wrote to memory of 2028	3824	{D5935C10-AABF-4264-A353-DFBE77795A7E}.exe	cmd.exe
PID 3492 wrote to memory of 1212	3492	{C80FAA43-BAB0-4172-9ED0-2E0829C6605C}.exe	{2A572146-C6A0-4657-A8CA-2F3CCB1C8C03}.exe
PID 3492 wrote to memory of 1212	3492	{C80FAA43-BAB0-4172-9ED0-2E0829C6605C}.exe	{2A572146-C6A0-4657-A8CA-2F3CCB1C8C03}.exe
PID 3492 wrote to memory of 1212	3492	{C80FAA43-BAB0-4172-9ED0-2E0829C6605C}.exe	{2A572146-C6A0-4657-A8CA-2F3CCB1C8C03}.exe
PID 3492 wrote to memory of 4204	3492	{C80FAA43-BAB0-4172-9ED0-2E0829C6605C}.exe	cmd.exe
PID 3492 wrote to memory of 4204	3492	{C80FAA43-BAB0-4172-9ED0-2E0829C6605C}.exe	cmd.exe
PID 3492 wrote to memory of 4204	3492	{C80FAA43-BAB0-4172-9ED0-2E0829C6605C}.exe	cmd.exe
PID 1212 wrote to memory of 512	1212	{2A572146-C6A0-4657-A8CA-2F3CCB1C8C03}.exe	{E0F0D3EC-E4B9-4ae0-9465-A618DAC08BE0}.exe
PID 1212 wrote to memory of 512	1212	{2A572146-C6A0-4657-A8CA-2F3CCB1C8C03}.exe	{E0F0D3EC-E4B9-4ae0-9465-A618DAC08BE0}.exe
PID 1212 wrote to memory of 512	1212	{2A572146-C6A0-4657-A8CA-2F3CCB1C8C03}.exe	{E0F0D3EC-E4B9-4ae0-9465-A618DAC08BE0}.exe
PID 1212 wrote to memory of 4428	1212	{2A572146-C6A0-4657-A8CA-2F3CCB1C8C03}.exe	cmd.exe
PID 1212 wrote to memory of 4428	1212	{2A572146-C6A0-4657-A8CA-2F3CCB1C8C03}.exe	cmd.exe
PID 1212 wrote to memory of 4428	1212	{2A572146-C6A0-4657-A8CA-2F3CCB1C8C03}.exe	cmd.exe
PID 512 wrote to memory of 988	512	{E0F0D3EC-E4B9-4ae0-9465-A618DAC08BE0}.exe	{3305575A-ACC0-44d3-9DFF-2515A7B7C45D}.exe
PID 512 wrote to memory of 988	512	{E0F0D3EC-E4B9-4ae0-9465-A618DAC08BE0}.exe	{3305575A-ACC0-44d3-9DFF-2515A7B7C45D}.exe
PID 512 wrote to memory of 988	512	{E0F0D3EC-E4B9-4ae0-9465-A618DAC08BE0}.exe	{3305575A-ACC0-44d3-9DFF-2515A7B7C45D}.exe
PID 512 wrote to memory of 2564	512	{E0F0D3EC-E4B9-4ae0-9465-A618DAC08BE0}.exe	cmd.exe
PID 512 wrote to memory of 2564	512	{E0F0D3EC-E4B9-4ae0-9465-A618DAC08BE0}.exe	cmd.exe
PID 512 wrote to memory of 2564	512	{E0F0D3EC-E4B9-4ae0-9465-A618DAC08BE0}.exe	cmd.exe
PID 988 wrote to memory of 3716	988	{3305575A-ACC0-44d3-9DFF-2515A7B7C45D}.exe	{6BA6BAAC-817F-43d5-9F5E-F7CAFFD7FE2D}.exe
PID 988 wrote to memory of 3716	988	{3305575A-ACC0-44d3-9DFF-2515A7B7C45D}.exe	{6BA6BAAC-817F-43d5-9F5E-F7CAFFD7FE2D}.exe
PID 988 wrote to memory of 3716	988	{3305575A-ACC0-44d3-9DFF-2515A7B7C45D}.exe	{6BA6BAAC-817F-43d5-9F5E-F7CAFFD7FE2D}.exe
PID 988 wrote to memory of 2608	988	{3305575A-ACC0-44d3-9DFF-2515A7B7C45D}.exe	cmd.exe
PID 988 wrote to memory of 2608	988	{3305575A-ACC0-44d3-9DFF-2515A7B7C45D}.exe	cmd.exe
PID 988 wrote to memory of 2608	988	{3305575A-ACC0-44d3-9DFF-2515A7B7C45D}.exe	cmd.exe
PID 3716 wrote to memory of 2276	3716	{6BA6BAAC-817F-43d5-9F5E-F7CAFFD7FE2D}.exe	{B2D273B8-FDDD-45b3-A0DD-0E70B59482EF}.exe
PID 3716 wrote to memory of 2276	3716	{6BA6BAAC-817F-43d5-9F5E-F7CAFFD7FE2D}.exe	{B2D273B8-FDDD-45b3-A0DD-0E70B59482EF}.exe
PID 3716 wrote to memory of 2276	3716	{6BA6BAAC-817F-43d5-9F5E-F7CAFFD7FE2D}.exe	{B2D273B8-FDDD-45b3-A0DD-0E70B59482EF}.exe
PID 3716 wrote to memory of 2344	3716	{6BA6BAAC-817F-43d5-9F5E-F7CAFFD7FE2D}.exe	cmd.exe
PID 3716 wrote to memory of 2344	3716	{6BA6BAAC-817F-43d5-9F5E-F7CAFFD7FE2D}.exe	cmd.exe
PID 3716 wrote to memory of 2344	3716	{6BA6BAAC-817F-43d5-9F5E-F7CAFFD7FE2D}.exe	cmd.exe
PID 2276 wrote to memory of 376	2276	{B2D273B8-FDDD-45b3-A0DD-0E70B59482EF}.exe	{E28CC931-2A4D-45ec-B3A2-D74381A2CE95}.exe
PID 2276 wrote to memory of 376	2276	{B2D273B8-FDDD-45b3-A0DD-0E70B59482EF}.exe	{E28CC931-2A4D-45ec-B3A2-D74381A2CE95}.exe
PID 2276 wrote to memory of 376	2276	{B2D273B8-FDDD-45b3-A0DD-0E70B59482EF}.exe	{E28CC931-2A4D-45ec-B3A2-D74381A2CE95}.exe
PID 2276 wrote to memory of 5008	2276	{B2D273B8-FDDD-45b3-A0DD-0E70B59482EF}.exe	cmd.exe
PID 2276 wrote to memory of 5008	2276	{B2D273B8-FDDD-45b3-A0DD-0E70B59482EF}.exe	cmd.exe
PID 2276 wrote to memory of 5008	2276	{B2D273B8-FDDD-45b3-A0DD-0E70B59482EF}.exe	cmd.exe
PID 376 wrote to memory of 4088	376	{E28CC931-2A4D-45ec-B3A2-D74381A2CE95}.exe	{4EA01F6A-59E7-4c5b-BC7D-F7AD5F6C7B27}.exe
PID 376 wrote to memory of 4088	376	{E28CC931-2A4D-45ec-B3A2-D74381A2CE95}.exe	{4EA01F6A-59E7-4c5b-BC7D-F7AD5F6C7B27}.exe
PID 376 wrote to memory of 4088	376	{E28CC931-2A4D-45ec-B3A2-D74381A2CE95}.exe	{4EA01F6A-59E7-4c5b-BC7D-F7AD5F6C7B27}.exe
PID 376 wrote to memory of 212	376	{E28CC931-2A4D-45ec-B3A2-D74381A2CE95}.exe	cmd.exe
PID 376 wrote to memory of 212	376	{E28CC931-2A4D-45ec-B3A2-D74381A2CE95}.exe	cmd.exe
PID 376 wrote to memory of 212	376	{E28CC931-2A4D-45ec-B3A2-D74381A2CE95}.exe	cmd.exe
PID 4088 wrote to memory of 448	4088	{4EA01F6A-59E7-4c5b-BC7D-F7AD5F6C7B27}.exe	{3EDDC05B-769C-4b3e-BA23-A051C4B50C82}.exe
PID 4088 wrote to memory of 448	4088	{4EA01F6A-59E7-4c5b-BC7D-F7AD5F6C7B27}.exe	{3EDDC05B-769C-4b3e-BA23-A051C4B50C82}.exe
PID 4088 wrote to memory of 448	4088	{4EA01F6A-59E7-4c5b-BC7D-F7AD5F6C7B27}.exe	{3EDDC05B-769C-4b3e-BA23-A051C4B50C82}.exe
PID 4088 wrote to memory of 3588	4088	{4EA01F6A-59E7-4c5b-BC7D-F7AD5F6C7B27}.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\691cb70e8509a4f1ce5e20ad271137a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\691cb70e8509a4f1ce5e20ad271137a0_NeikiAnalytics.exe"
1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4200

C:\Windows\{B103222F-480C-46c8-AF54-9DC922C5AA95}.exe
C:\Windows\{B103222F-480C-46c8-AF54-9DC922C5AA95}.exe
2⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2900

C:\Windows\{D5935C10-AABF-4264-A353-DFBE77795A7E}.exe
C:\Windows\{D5935C10-AABF-4264-A353-DFBE77795A7E}.exe
3⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3824

C:\Windows\{C80FAA43-BAB0-4172-9ED0-2E0829C6605C}.exe
C:\Windows\{C80FAA43-BAB0-4172-9ED0-2E0829C6605C}.exe
4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3492

C:\Windows\{2A572146-C6A0-4657-A8CA-2F3CCB1C8C03}.exe
C:\Windows\{2A572146-C6A0-4657-A8CA-2F3CCB1C8C03}.exe
5⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1212

C:\Windows\{E0F0D3EC-E4B9-4ae0-9465-A618DAC08BE0}.exe
C:\Windows\{E0F0D3EC-E4B9-4ae0-9465-A618DAC08BE0}.exe
6⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:512

C:\Windows\{3305575A-ACC0-44d3-9DFF-2515A7B7C45D}.exe
C:\Windows\{3305575A-ACC0-44d3-9DFF-2515A7B7C45D}.exe
7⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:988

C:\Windows\{6BA6BAAC-817F-43d5-9F5E-F7CAFFD7FE2D}.exe
C:\Windows\{6BA6BAAC-817F-43d5-9F5E-F7CAFFD7FE2D}.exe
8⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3716

C:\Windows\{B2D273B8-FDDD-45b3-A0DD-0E70B59482EF}.exe
C:\Windows\{B2D273B8-FDDD-45b3-A0DD-0E70B59482EF}.exe
9⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2276

C:\Windows\{E28CC931-2A4D-45ec-B3A2-D74381A2CE95}.exe
C:\Windows\{E28CC931-2A4D-45ec-B3A2-D74381A2CE95}.exe
10⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:376

C:\Windows\{4EA01F6A-59E7-4c5b-BC7D-F7AD5F6C7B27}.exe
C:\Windows\{4EA01F6A-59E7-4c5b-BC7D-F7AD5F6C7B27}.exe
11⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4088

C:\Windows\{3EDDC05B-769C-4b3e-BA23-A051C4B50C82}.exe
C:\Windows\{3EDDC05B-769C-4b3e-BA23-A051C4B50C82}.exe
12⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:448

C:\Windows\{6AFD94B9-CE98-419e-B9BC-6A58F39654BD}.exe
C:\Windows\{6AFD94B9-CE98-419e-B9BC-6A58F39654BD}.exe
13⤵
- Executes dropped EXE
PID:1992

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{3EDDC~1.EXE > nul
13⤵
PID:3976

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{4EA01~1.EXE > nul
12⤵
PID:3588

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{E28CC~1.EXE > nul
11⤵
PID:212

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B2D27~1.EXE > nul
10⤵
PID:5008

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{6BA6B~1.EXE > nul
9⤵
PID:2344

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{33055~1.EXE > nul
8⤵
PID:2608

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{E0F0D~1.EXE > nul
7⤵
PID:2564

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{2A572~1.EXE > nul
6⤵
PID:4428

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{C80FA~1.EXE > nul
5⤵
PID:4204

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{D5935~1.EXE > nul
4⤵
PID:2028

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Windows\{B1032~1.EXE > nul
3⤵
PID:4504

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\691CB7~1.EXE > nul
2⤵
PID:2728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\{2A572146-C6A0-4657-A8CA-2F3CCB1C8C03}.exe

Filesize
89KB

MD5
4e890b33766b4eb87c298665c3459fe3

SHA1
01f5cbfc982086379ca151a0a6f15641de91a9a1

SHA256
fab4af51bfebe3c91dcbe9940c5c609a4b9ee77f0e210ee8d60605b5ef9fb995

SHA512
60df19c28e924df49f59fd02907de8652fc0e26b058a3fe06f1638339558a54337a7678c8476cf50c16310e8701757fb23e324a2decc2a169e28a868ea3d413a

Download Submit
C:\Windows\{3305575A-ACC0-44d3-9DFF-2515A7B7C45D}.exe

Filesize
89KB

MD5
85e83a7bb3fcec0f208186669bef3385

SHA1
c7a8fc77eecec24bde24e98c2fb1286c4b150598

SHA256
0ec221fb41582564ab2063dab81429824c50fe4355dc0b4cd983f4412181af45

SHA512
6bced10f7e372de4ed7c33e04d6235a0fb993777b0f7cd50693d59afab09b477d77a532bae0106ca99e1bdd1342132114d6cb51214c05954e4a76fefe0927288

Download Submit
C:\Windows\{3EDDC05B-769C-4b3e-BA23-A051C4B50C82}.exe

Filesize
89KB

MD5
7696ee18c9c06be1831113c83c59f4e1

SHA1
4446865e9689010ae069c828a3b2ede9e6caee61

SHA256
d3a8450b90807b0e944ad4dc6c573f89a755156aae6e255b802e1e4569d81a4e

SHA512
8026feea56e5022c584261572e289906a76f2d446398226145afd9e7a931198a866cadd0e208dd9d54c650c68a1b7d7dfaed014546e399f77ceaa0457c3a76cf

Download Submit
C:\Windows\{4EA01F6A-59E7-4c5b-BC7D-F7AD5F6C7B27}.exe

Filesize
89KB

MD5
40c96a92b6b84c76bc1357faa093730f

SHA1
c7876533c45fb4f1ac850f2ceb2d05a200f5f03b

SHA256
0d78158e901cf1b026854f359709ad9313de286cc951a03bb8b7497f12d10454

SHA512
d4b40050c7abb333938b5987caf29668bbcf8efc059130575970ff4f7893f2c4aabe2fcea2946b7ce2357219177fecf0e90e8d93aef09ea206a1e571e88e0074

Download Submit
C:\Windows\{6AFD94B9-CE98-419e-B9BC-6A58F39654BD}.exe

Filesize
89KB

MD5
b150ef137c80417238d2dc21e7da8b3e

SHA1
e7810058898d8e88dcfc14178a8c16f9bac04b33

SHA256
c1d921186204262023aaaccb4bf83f323efdec5f48dab891206e9ca9b1b940ce

SHA512
564eccea75187e9356be4cbc7086bbc6fdad18644b89bda3ea9bd3dcbb9236e52b22abcad1e12b97014753fa24bb5e19b24308f1a71b971b833f240ff1f12912

Download Submit
C:\Windows\{6BA6BAAC-817F-43d5-9F5E-F7CAFFD7FE2D}.exe

Filesize
89KB

MD5
52284f5fdb212c908282e243501a7be7

SHA1
f04c1c52d69294740984a064e52daa6475c5c269

SHA256
0268ab2fddd8ac19f8a440c802e2c110e887254e67b20bc55546d53f12a18be1

SHA512
45679c9a7db22ed730a3951edff8eadec9fa6a0c1fbb4f36c6ca5fc1d532ee59a78dfb885d919786e6aa684f1c9737f751f9074f2ca0c1a1537683cdf570e0f1

Download Submit
C:\Windows\{B103222F-480C-46c8-AF54-9DC922C5AA95}.exe

Filesize
89KB

MD5
086f97956636cd290959e7b28dc75ab3

SHA1
4a9fc0e58beb716f1032e13e865161122687be47

SHA256
4d07db81b07b6d58f06d07a4a5da1e21317e3e7832e367bac0e920902d79cb06

SHA512
8539e8951c04ea30aa0e19330fc7a9fa42a30a99e82210cf1f3013a55fb0802965d233071502a7f8c13382983d66b03850e31dda9368751c770966a473de75ca

Download Submit
C:\Windows\{B2D273B8-FDDD-45b3-A0DD-0E70B59482EF}.exe

Filesize
89KB

MD5
1696c588cc6318bf405fbe5ab4ab7e72

SHA1
7fcf1cb839d171c9b7f38d2ea5a5f6c8a08aee34

SHA256
67330e6514cfd4599a734c83205ef39b4222f6ceaf8b2126c3d225163d2ca4cd

SHA512
010c3c367f7abfaa63930c819101a740436b9a65ceea19c2ed600c67085547d156eee5e25b7e717e1eb9cd1d23a073409fd07f3ca73c91a4c7ffb64f5b2a41b5

Download Submit
C:\Windows\{C80FAA43-BAB0-4172-9ED0-2E0829C6605C}.exe

Filesize
89KB

MD5
e7ad78ddd1d4cca1c12849ef42629160

SHA1
55e66a1eb421072c3011d8e78a12942506be0ef9

SHA256
b8cf9f551f49f102a6a899488563c7ca5bcc70dac7f33c7d45f1db046ee919f4

SHA512
60d15161a690a041be3f3687dfe40688a647fdb7a3e142ecd0feab398308eaef7c60cb80a420c71aa18ee7c107c48854b9ad7bcb1f9ff2d1fa31ca1f0e121baa

Download Submit
C:\Windows\{D5935C10-AABF-4264-A353-DFBE77795A7E}.exe

Filesize
89KB

MD5
f0d6a0f891f15dfb0b0baa60bbbbf516

SHA1
f6e51bf354c20624e2bb6dc2a5978d4a7f9051d9

SHA256
819e09d95df4836b318b302925cb64a931e75b8bfecf634d9fb76f21295bb48c

SHA512
f38f6e1c4267eaa2f22dd05ec9eefb3a3aa4fac2ce93f5dcc70fda54812a7551df8b81a1cf0cf2c8ad02770dac21eb876ebde3a1b860ce690ff91439a98a92e7

Download Submit
C:\Windows\{E0F0D3EC-E4B9-4ae0-9465-A618DAC08BE0}.exe

Filesize
89KB

MD5
e53614985e61c8283d15f6140387d533

SHA1
98d2ca70219ef8081da68ed12497e4c4dd0a3bf8

SHA256
0405d3e457d0ab38f3965655a924af2894dcf8d20ef7313d12de52646a67c847

SHA512
49a2f486c2aae33da45f9774f4f5aca3a43aaebd35b1edf95d87c91f3366f8a021b129b1b3c776e128e1ee8cf085cafe76fdba412de5013f1af8311967c83edc

Download Submit
C:\Windows\{E28CC931-2A4D-45ec-B3A2-D74381A2CE95}.exe

Filesize
89KB

MD5
a9e43f1e8b699d97059808fc39df58f6

SHA1
391b00f72ad9c07301b1a19806194ff7a07b1cde

SHA256
189994881cac8186cea119e57439344bee307604aec88c893bb895eb5a3e8e32

SHA512
d61346d15a31f8fbe237268ede83fffec9b8f5d76eae55be21e77f80d784eef13e4506308098674aac88a4e2f28865287fc60cf055641b0314808c8dfd1c96bc

Download Submit
memory/376-58-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/376-54-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/448-66-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/448-70-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/512-30-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/512-35-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/988-36-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/988-40-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/1212-28-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/1212-24-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/1992-72-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/2276-47-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/2276-52-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/2900-5-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/2900-10-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/3492-18-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/3492-22-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/3716-46-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/3716-42-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/3824-11-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/3824-17-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/4088-60-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/4088-65-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/4200-6-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download
memory/4200-0-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download