buer | 57b2efd438bf6c7eb64a4a2d454f215361e2f96ac4bd50284b89c64742bc307a

Resubmissions

05-09-2021 20:33

210905-zbxjmshgf2 10

05-09-2021 19:15

210905-xx8gxschcr 10

Analysis

max time kernel
152s
max time network
114s
platform
windows10_x64
resource
win10v20210408
submitted
05-09-2021 19:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
Size

188KB
MD5

590459b833a0d6846c570d35e7f3344d
SHA1

b095954830b51651520990b275220bf50cc89a4b
SHA256

57b2efd438bf6c7eb64a4a2d454f215361e2f96ac4bd50284b89c64742bc307a
SHA512

cac850af0eefa7d3aede5556f9b1d9ed0c70aebfd5518ac80a5966f7900cea32a76534ea303e6def62b1ec78a942622359be01562d7dbb9e44a7c74a2bac20c7

Score

10^/10

buer agilenet loader

Malware Config

Signatures

Buer
Buer is a new modular loader first seen in August 2019.
loader buer

Executes dropped EXE 2 IoCs

pid	Process
2628	moduleName.exe
1448	moduleName.exe

Loads dropped DLL 3 IoCs

pid	Process
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
2628	moduleName.exe
1448	moduleName.exe

Obfuscated with Agile.Net obfuscator 3 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

resource	yara_rule
behavioral2/files/0x000100000001ab57-155.dat	agile_net
behavioral2/files/0x000100000001ab57-156.dat	agile_net
behavioral2/files/0x000100000001ab57-192.dat	agile_net

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Creates scheduled task(s) 1 TTPs 64 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task

T1053

pid	Process
3980	schtasks.exe
492	schtasks.exe
2320	schtasks.exe
2040	schtasks.exe
2432	schtasks.exe
2124	schtasks.exe
3580	schtasks.exe
3748	schtasks.exe
684	schtasks.exe
2220	schtasks.exe
2372	schtasks.exe
3236	schtasks.exe
1276	schtasks.exe
2096	schtasks.exe
4072	schtasks.exe
2172	schtasks.exe
1152	schtasks.exe
2124	schtasks.exe
2912	schtasks.exe
1276	schtasks.exe
4012	schtasks.exe
3248	schtasks.exe
1296	schtasks.exe
3440	schtasks.exe
3032	schtasks.exe
3476	schtasks.exe
3252	schtasks.exe
2284	schtasks.exe
3304	schtasks.exe
1276	schtasks.exe
4088	schtasks.exe
3236	schtasks.exe
2472	schtasks.exe
2284	schtasks.exe
2288	schtasks.exe
2484	schtasks.exe
1516	schtasks.exe
2888	schtasks.exe
3752	schtasks.exe
2876	schtasks.exe
3888	schtasks.exe
684	schtasks.exe
3876	schtasks.exe
3440	schtasks.exe
2716	schtasks.exe
2112	schtasks.exe
2040	schtasks.exe
1660	schtasks.exe
3248	schtasks.exe
904	schtasks.exe
3580	schtasks.exe
2200	schtasks.exe
3544	schtasks.exe
696	schtasks.exe
3040	schtasks.exe
3040	schtasks.exe
1676	schtasks.exe
1876	schtasks.exe
3804	schtasks.exe
3808	schtasks.exe
2844	schtasks.exe
3692	schtasks.exe
2372	schtasks.exe
3036	schtasks.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 808 wrote to memory of 3516	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	73
PID 808 wrote to memory of 3516	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	73
PID 808 wrote to memory of 3236	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	75
PID 808 wrote to memory of 3236	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	75
PID 808 wrote to memory of 2716	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	78
PID 808 wrote to memory of 2716	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	78
PID 808 wrote to memory of 2360	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	80
PID 808 wrote to memory of 2360	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	80
PID 808 wrote to memory of 1276	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	84
PID 808 wrote to memory of 1276	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	84
PID 808 wrote to memory of 3040	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	86
PID 808 wrote to memory of 3040	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	86
PID 808 wrote to memory of 1516	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	88
PID 808 wrote to memory of 1516	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	88
PID 808 wrote to memory of 4088	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	91
PID 808 wrote to memory of 4088	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	91
PID 808 wrote to memory of 4012	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	93
PID 808 wrote to memory of 4012	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	93
PID 808 wrote to memory of 2432	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	95
PID 808 wrote to memory of 2432	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	95
PID 808 wrote to memory of 2716	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	97
PID 808 wrote to memory of 2716	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	97
PID 808 wrote to memory of 940	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	99
PID 808 wrote to memory of 940	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	99
PID 808 wrote to memory of 2096	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	101
PID 808 wrote to memory of 2096	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	101
PID 808 wrote to memory of 3716	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	103
PID 808 wrote to memory of 3716	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	103
PID 808 wrote to memory of 2200	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	105
PID 808 wrote to memory of 2200	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	105
PID 808 wrote to memory of 3836	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	107
PID 808 wrote to memory of 3836	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	107
PID 808 wrote to memory of 1672	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	109
PID 808 wrote to memory of 1672	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	109
PID 808 wrote to memory of 2040	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	111
PID 808 wrote to memory of 2040	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	111
PID 808 wrote to memory of 3424	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	113
PID 808 wrote to memory of 3424	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	113
PID 808 wrote to memory of 4072	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	115
PID 808 wrote to memory of 4072	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	115
PID 808 wrote to memory of 2888	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	117
PID 808 wrote to memory of 2888	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	117
PID 808 wrote to memory of 3236	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	119
PID 808 wrote to memory of 3236	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	119
PID 808 wrote to memory of 2124	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	121
PID 808 wrote to memory of 2124	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	121
PID 808 wrote to memory of 1296	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	123
PID 808 wrote to memory of 1296	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	123
PID 808 wrote to memory of 3440	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	125
PID 808 wrote to memory of 3440	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	125
PID 808 wrote to memory of 3752	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	127
PID 808 wrote to memory of 3752	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	127
PID 808 wrote to memory of 2056	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	129
PID 808 wrote to memory of 2056	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	129
PID 808 wrote to memory of 3652	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	131
PID 808 wrote to memory of 3652	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	131
PID 808 wrote to memory of 3032	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	133
PID 808 wrote to memory of 3032	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	133
PID 808 wrote to memory of 3208	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	135
PID 808 wrote to memory of 3208	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	135
PID 808 wrote to memory of 3808	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	137
PID 808 wrote to memory of 3808	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	137
PID 808 wrote to memory of 3580	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	139
PID 808 wrote to memory of 3580	808	SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe	139

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.GenericKD.46929464.6664.11196.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:808
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  PID:3516
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:3236
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:2716
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  PID:2360
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:1276
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:3040
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:1516
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:4088
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:4012
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:2432
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  PID:2716
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  PID:940
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:2096
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  PID:3716
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:2200
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  PID:3836
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  PID:1672
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:2040
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  PID:3424
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:4072
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:2888
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:3236
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:2124
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:1296
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:3440
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:3752
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  PID:2056
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  PID:3652
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:3032
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  PID:3208
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:3808
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:3580
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:2844
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  PID:1448
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  PID:2280
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  PID:2484
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  PID:1860
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  PID:3820
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:3980
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:3748
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:3544
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:2876
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:3888
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:3476
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:2172
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:3252
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:1152
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:2124
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:1676
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  PID:3964
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:684
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  PID:2200
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  PID:1192
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:1876
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:3876
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:492
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  PID:508
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:3580
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:3804
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:2912
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:1276
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:2472
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:3440
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:696
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:1660
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:684
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:3692
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  PID:740
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:2372
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  PID:368
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  PID:736
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:2284
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  PID:916
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:3248
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:2220
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  PID:2488
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:2288
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:3040
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  PID:2060
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  PID:696
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  PID:1324
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  PID:684
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:2040
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:2372
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  PID:3376
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  PID:212
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:2284
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  PID:2432
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:3248
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  PID:1448
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:1276
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:2112
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:3036
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:904
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:2484
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:3304
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  PID:1324
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  - Creates scheduled task(s)
  PID:2320
- C:\Windows\System32\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN Windows\Framework\MicrosoftSecurityEssentials /XML "C:\ProgramData\1A60FBA9DF6219524D38\task"
  2⤵
  PID:684

C:\ProgramData\1A60FBA9DF6219524D38\moduleName.exe
C:\ProgramData\1A60FBA9DF6219524D38\moduleName.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2628

C:\ProgramData\1A60FBA9DF6219524D38\moduleName.exe
C:\ProgramData\1A60FBA9DF6219524D38\moduleName.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1448

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/808-114-0x00000000006E0000-0x00000000006E1000-memory.dmp

Filesize
4KB

Download
memory/808-116-0x000000001B380000-0x000000001B382000-memory.dmp

Filesize
8KB

Download
memory/808-118-0x00007FFA109E0000-0x00007FFA10B0C000-memory.dmp

Filesize
1.2MB

Download
memory/1448-197-0x00007FFA109E0000-0x00007FFA10B0C000-memory.dmp

Filesize
1.2MB

Download
memory/1448-198-0x000000001B320000-0x000000001B322000-memory.dmp

Filesize
8KB

Download
memory/2628-163-0x000000001B180000-0x000000001B182000-memory.dmp

Filesize
8KB

Download
memory/2628-161-0x00007FFA109E0000-0x00007FFA10B0C000-memory.dmp

Filesize
1.2MB

Download