cobaltstrike | 9a24860c4a8c791a661373b8a30d2d723e5694b7ce500df24667c856807140b5

Analysis

max time kernel
31s
max time network
42s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
22-09-2024 07:51

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

41428579072cebebf641f834b18fb265
SHA1

5fbe5e6f12135f1885fd4e9fefcd55d4efd13397
SHA256

9a24860c4a8c791a661373b8a30d2d723e5694b7ce500df24667c856807140b5
SHA512

14b6385a25ae20db70576d8f441b57bcb0db6f0958475d0ca6f8b8af12560aae300d3dc9622b18ef11ac33e924208c7deb7540390f649608005da3ddece7ba23
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUS:T+q56utgpPF8u/7S

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0008000000023458-4.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002345c-10.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002345d-11.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002345e-25.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023459-33.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002345f-35.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023461-41.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023462-47.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023463-52.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023464-60.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023465-66.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023466-72.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023468-87.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023469-91.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023467-85.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002346a-102.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002346b-108.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002346c-116.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002346d-123.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002346e-131.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002346f-135.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023470-149.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023471-152.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023472-157.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023473-163.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023474-170.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023475-183.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023477-189.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023476-187.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023478-198.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023479-203.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002347b-206.dat	cobalt_reflective_dll
behavioral2/files/0x000700000002347c-211.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2980-0-0x00007FF6ED660000-0x00007FF6ED9B4000-memory.dmp	xmrig
behavioral2/files/0x0008000000023458-4.dat	xmrig
behavioral2/memory/4360-8-0x00007FF7A7D20000-0x00007FF7A8074000-memory.dmp	xmrig
behavioral2/files/0x000700000002345c-10.dat	xmrig
behavioral2/memory/2828-12-0x00007FF7A5700000-0x00007FF7A5A54000-memory.dmp	xmrig
behavioral2/files/0x000700000002345d-11.dat	xmrig
behavioral2/files/0x000700000002345e-25.dat	xmrig
behavioral2/memory/1272-24-0x00007FF61EBA0000-0x00007FF61EEF4000-memory.dmp	xmrig
behavioral2/memory/4736-18-0x00007FF60E360000-0x00007FF60E6B4000-memory.dmp	xmrig
behavioral2/files/0x0008000000023459-33.dat	xmrig
behavioral2/memory/3004-34-0x00007FF609E80000-0x00007FF60A1D4000-memory.dmp	xmrig
behavioral2/files/0x000700000002345f-35.dat	xmrig
behavioral2/memory/2580-30-0x00007FF796AD0000-0x00007FF796E24000-memory.dmp	xmrig
behavioral2/files/0x0007000000023461-41.dat	xmrig
behavioral2/memory/3236-44-0x00007FF7C25D0000-0x00007FF7C2924000-memory.dmp	xmrig
behavioral2/files/0x0007000000023462-47.dat	xmrig
behavioral2/memory/2492-48-0x00007FF7A2E30000-0x00007FF7A3184000-memory.dmp	xmrig
behavioral2/files/0x0007000000023463-52.dat	xmrig
behavioral2/memory/2980-54-0x00007FF6ED660000-0x00007FF6ED9B4000-memory.dmp	xmrig
behavioral2/memory/4556-56-0x00007FF6757A0000-0x00007FF675AF4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023464-60.dat	xmrig
behavioral2/memory/4360-63-0x00007FF7A7D20000-0x00007FF7A8074000-memory.dmp	xmrig
behavioral2/files/0x0007000000023465-66.dat	xmrig
behavioral2/memory/2828-68-0x00007FF7A5700000-0x00007FF7A5A54000-memory.dmp	xmrig
behavioral2/memory/1504-73-0x00007FF781290000-0x00007FF7815E4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023466-72.dat	xmrig
behavioral2/memory/1784-67-0x00007FF722080000-0x00007FF7223D4000-memory.dmp	xmrig
behavioral2/memory/4736-74-0x00007FF60E360000-0x00007FF60E6B4000-memory.dmp	xmrig
behavioral2/memory/2072-75-0x00007FF78B5A0000-0x00007FF78B8F4000-memory.dmp	xmrig
behavioral2/memory/1672-86-0x00007FF76CF30000-0x00007FF76D284000-memory.dmp	xmrig
behavioral2/files/0x0007000000023468-87.dat	xmrig
behavioral2/files/0x0007000000023469-91.dat	xmrig
behavioral2/memory/1272-82-0x00007FF61EBA0000-0x00007FF61EEF4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023467-85.dat	xmrig
behavioral2/memory/2580-96-0x00007FF796AD0000-0x00007FF796E24000-memory.dmp	xmrig
behavioral2/memory/3004-99-0x00007FF609E80000-0x00007FF60A1D4000-memory.dmp	xmrig
behavioral2/files/0x000700000002346a-102.dat	xmrig
behavioral2/memory/3468-103-0x00007FF6FA620000-0x00007FF6FA974000-memory.dmp	xmrig
behavioral2/memory/4956-98-0x00007FF718BC0000-0x00007FF718F14000-memory.dmp	xmrig
behavioral2/memory/2000-97-0x00007FF7369E0000-0x00007FF736D34000-memory.dmp	xmrig
behavioral2/files/0x000700000002346b-108.dat	xmrig
behavioral2/memory/2492-110-0x00007FF7A2E30000-0x00007FF7A3184000-memory.dmp	xmrig
behavioral2/files/0x000700000002346c-116.dat	xmrig
behavioral2/memory/3332-118-0x00007FF687B80000-0x00007FF687ED4000-memory.dmp	xmrig
behavioral2/files/0x000700000002346d-123.dat	xmrig
behavioral2/memory/4556-122-0x00007FF6757A0000-0x00007FF675AF4000-memory.dmp	xmrig
behavioral2/files/0x000700000002346e-131.dat	xmrig
behavioral2/memory/4512-129-0x00007FF641F00000-0x00007FF642254000-memory.dmp	xmrig
behavioral2/memory/2708-126-0x00007FF65BFC0000-0x00007FF65C314000-memory.dmp	xmrig
behavioral2/memory/1504-124-0x00007FF781290000-0x00007FF7815E4000-memory.dmp	xmrig
behavioral2/memory/3856-117-0x00007FF6F75D0000-0x00007FF6F7924000-memory.dmp	xmrig
behavioral2/memory/3236-109-0x00007FF7C25D0000-0x00007FF7C2924000-memory.dmp	xmrig
behavioral2/files/0x000700000002346f-135.dat	xmrig
behavioral2/memory/2072-136-0x00007FF78B5A0000-0x00007FF78B8F4000-memory.dmp	xmrig
behavioral2/memory/3420-138-0x00007FF76B020000-0x00007FF76B374000-memory.dmp	xmrig
behavioral2/memory/1672-144-0x00007FF76CF30000-0x00007FF76D284000-memory.dmp	xmrig
behavioral2/files/0x0007000000023470-149.dat	xmrig
behavioral2/files/0x0007000000023471-152.dat	xmrig
behavioral2/memory/4084-151-0x00007FF6D0AA0000-0x00007FF6D0DF4000-memory.dmp	xmrig
behavioral2/memory/264-145-0x00007FF664A80000-0x00007FF664DD4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023472-157.dat	xmrig
behavioral2/memory/3468-159-0x00007FF6FA620000-0x00007FF6FA974000-memory.dmp	xmrig
behavioral2/files/0x0007000000023473-163.dat	xmrig
behavioral2/memory/436-165-0x00007FF612730000-0x00007FF612A84000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4360	qXyOexV.exe
2828	iepJFpt.exe
4736	KyhZtHW.exe
1272	BIuSaaV.exe
2580	eAJNBwt.exe
3004	jCaNEKc.exe
3236	buLfhBO.exe
2492	PkcEdcQ.exe
4556	HJKVIgJ.exe
1784	kEHphxt.exe
1504	ELUsaRF.exe
2072	aXGIPoJ.exe
1672	kLHOZOE.exe
2000	GWWNBTk.exe
4956	imuPRvS.exe
3468	mFqqtTd.exe
3856	zvsmxSm.exe
3332	BDCpdJt.exe
2708	sLjwEKn.exe
4512	QYdOvOy.exe
3420	vrIlfOt.exe
264	gHVsfWz.exe
4084	qHyDcir.exe
1668	adcsypp.exe
436	YYmJJOa.exe
1524	BHMgYIJ.exe
448	LWedxzj.exe
3488	tBxNubn.exe
740	sTjSIWD.exe
4192	hdkMBOw.exe
1208	eioNJIM.exe
4684	Lwrzukp.exe
400	rZUILQu.exe
4756	HlqezUZ.exe
1752	LKinMom.exe
4732	vtMKHrh.exe
4912	qezDBEF.exe
2644	KuJvyID.exe
4888	oAKtkxP.exe
1196	gqFUZPX.exe
4904	rtkGvNO.exe
2176	CKsGRVb.exe
2408	xyqpZTX.exe
3912	SGMOgDe.exe
1056	PocHBHB.exe
2016	kqIIZqj.exe
4812	jlkzrTq.exe
1108	qWlITwU.exe
1628	hrzKkYX.exe
384	LZmCejJ.exe
4916	DPRXyvz.exe
3116	nkYNfrP.exe
4304	QxtUyLQ.exe
3200	IRBIebZ.exe
4628	HyrNZfd.exe
2588	paKztzU.exe
4544	HoopoiN.exe
1472	EXHONII.exe
1408	NsGeCkn.exe
4068	oXHVwyP.exe
220	gLQvDOv.exe
336	sOwoLuX.exe
1004	kjjXRAM.exe
4140	nuijPFi.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2980-0-0x00007FF6ED660000-0x00007FF6ED9B4000-memory.dmp	upx
behavioral2/files/0x0008000000023458-4.dat	upx
behavioral2/memory/4360-8-0x00007FF7A7D20000-0x00007FF7A8074000-memory.dmp	upx
behavioral2/files/0x000700000002345c-10.dat	upx
behavioral2/memory/2828-12-0x00007FF7A5700000-0x00007FF7A5A54000-memory.dmp	upx
behavioral2/files/0x000700000002345d-11.dat	upx
behavioral2/files/0x000700000002345e-25.dat	upx
behavioral2/memory/1272-24-0x00007FF61EBA0000-0x00007FF61EEF4000-memory.dmp	upx
behavioral2/memory/4736-18-0x00007FF60E360000-0x00007FF60E6B4000-memory.dmp	upx
behavioral2/files/0x0008000000023459-33.dat	upx
behavioral2/memory/3004-34-0x00007FF609E80000-0x00007FF60A1D4000-memory.dmp	upx
behavioral2/files/0x000700000002345f-35.dat	upx
behavioral2/memory/2580-30-0x00007FF796AD0000-0x00007FF796E24000-memory.dmp	upx
behavioral2/files/0x0007000000023461-41.dat	upx
behavioral2/memory/3236-44-0x00007FF7C25D0000-0x00007FF7C2924000-memory.dmp	upx
behavioral2/files/0x0007000000023462-47.dat	upx
behavioral2/memory/2492-48-0x00007FF7A2E30000-0x00007FF7A3184000-memory.dmp	upx
behavioral2/files/0x0007000000023463-52.dat	upx
behavioral2/memory/2980-54-0x00007FF6ED660000-0x00007FF6ED9B4000-memory.dmp	upx
behavioral2/memory/4556-56-0x00007FF6757A0000-0x00007FF675AF4000-memory.dmp	upx
behavioral2/files/0x0007000000023464-60.dat	upx
behavioral2/memory/4360-63-0x00007FF7A7D20000-0x00007FF7A8074000-memory.dmp	upx
behavioral2/files/0x0007000000023465-66.dat	upx
behavioral2/memory/2828-68-0x00007FF7A5700000-0x00007FF7A5A54000-memory.dmp	upx
behavioral2/memory/1504-73-0x00007FF781290000-0x00007FF7815E4000-memory.dmp	upx
behavioral2/files/0x0007000000023466-72.dat	upx
behavioral2/memory/1784-67-0x00007FF722080000-0x00007FF7223D4000-memory.dmp	upx
behavioral2/memory/4736-74-0x00007FF60E360000-0x00007FF60E6B4000-memory.dmp	upx
behavioral2/memory/2072-75-0x00007FF78B5A0000-0x00007FF78B8F4000-memory.dmp	upx
behavioral2/memory/1672-86-0x00007FF76CF30000-0x00007FF76D284000-memory.dmp	upx
behavioral2/files/0x0007000000023468-87.dat	upx
behavioral2/files/0x0007000000023469-91.dat	upx
behavioral2/memory/1272-82-0x00007FF61EBA0000-0x00007FF61EEF4000-memory.dmp	upx
behavioral2/files/0x0007000000023467-85.dat	upx
behavioral2/memory/2580-96-0x00007FF796AD0000-0x00007FF796E24000-memory.dmp	upx
behavioral2/memory/3004-99-0x00007FF609E80000-0x00007FF60A1D4000-memory.dmp	upx
behavioral2/files/0x000700000002346a-102.dat	upx
behavioral2/memory/3468-103-0x00007FF6FA620000-0x00007FF6FA974000-memory.dmp	upx
behavioral2/memory/4956-98-0x00007FF718BC0000-0x00007FF718F14000-memory.dmp	upx
behavioral2/memory/2000-97-0x00007FF7369E0000-0x00007FF736D34000-memory.dmp	upx
behavioral2/files/0x000700000002346b-108.dat	upx
behavioral2/memory/2492-110-0x00007FF7A2E30000-0x00007FF7A3184000-memory.dmp	upx
behavioral2/files/0x000700000002346c-116.dat	upx
behavioral2/memory/3332-118-0x00007FF687B80000-0x00007FF687ED4000-memory.dmp	upx
behavioral2/files/0x000700000002346d-123.dat	upx
behavioral2/memory/4556-122-0x00007FF6757A0000-0x00007FF675AF4000-memory.dmp	upx
behavioral2/files/0x000700000002346e-131.dat	upx
behavioral2/memory/4512-129-0x00007FF641F00000-0x00007FF642254000-memory.dmp	upx
behavioral2/memory/2708-126-0x00007FF65BFC0000-0x00007FF65C314000-memory.dmp	upx
behavioral2/memory/1504-124-0x00007FF781290000-0x00007FF7815E4000-memory.dmp	upx
behavioral2/memory/3856-117-0x00007FF6F75D0000-0x00007FF6F7924000-memory.dmp	upx
behavioral2/memory/3236-109-0x00007FF7C25D0000-0x00007FF7C2924000-memory.dmp	upx
behavioral2/files/0x000700000002346f-135.dat	upx
behavioral2/memory/2072-136-0x00007FF78B5A0000-0x00007FF78B8F4000-memory.dmp	upx
behavioral2/memory/3420-138-0x00007FF76B020000-0x00007FF76B374000-memory.dmp	upx
behavioral2/memory/1672-144-0x00007FF76CF30000-0x00007FF76D284000-memory.dmp	upx
behavioral2/files/0x0007000000023470-149.dat	upx
behavioral2/files/0x0007000000023471-152.dat	upx
behavioral2/memory/4084-151-0x00007FF6D0AA0000-0x00007FF6D0DF4000-memory.dmp	upx
behavioral2/memory/264-145-0x00007FF664A80000-0x00007FF664DD4000-memory.dmp	upx
behavioral2/files/0x0007000000023472-157.dat	upx
behavioral2/memory/3468-159-0x00007FF6FA620000-0x00007FF6FA974000-memory.dmp	upx
behavioral2/files/0x0007000000023473-163.dat	upx
behavioral2/memory/436-165-0x00007FF612730000-0x00007FF612A84000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\SqiItRW.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oWHZNuk.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nGoZUVN.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\febHgJp.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BIuSaaV.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jCaNEKc.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jjYhGsr.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GzZzsOe.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aBNgZTv.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zGerraJ.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\whIfxYm.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MzWWkOu.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qvHJqWN.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qXyOexV.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GWWNBTk.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LZmCejJ.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rjTrfEC.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OjdGYCk.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xArBCjq.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PkcEdcQ.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KHBBsLy.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OtjDVti.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RsyvlgJ.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\asBUHwD.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VNFGYga.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\njgUWrI.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wKqukUk.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NWDkusl.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YYmJJOa.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vtMKHrh.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rtkGvNO.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\buLfhBO.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\isuhmjR.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CEMqMsv.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QlzQTTm.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EXHONII.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jJRFOvO.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mCXckqH.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kEHphxt.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MfetTSe.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HdudzUD.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zYffXtQ.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hWCWnQE.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SGMOgDe.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qDlyCVQ.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UxjMYld.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MxLmGEO.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xiMaGJh.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\segIUCZ.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uxotCGR.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wAkcMxR.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qHyDcir.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jNZQtMB.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EYZHxnd.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FieLcgV.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zHQSgNL.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\idpwxYS.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NsGeCkn.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zAvgVQQ.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eyDkVjM.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ekTWdtZ.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oAKtkxP.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HDgsAmL.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mwNdiPH.exe	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 4360	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	83
PID 2980 wrote to memory of 4360	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	83
PID 2980 wrote to memory of 2828	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 2980 wrote to memory of 2828	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 2980 wrote to memory of 4736	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 2980 wrote to memory of 4736	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 2980 wrote to memory of 1272	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 2980 wrote to memory of 1272	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 2980 wrote to memory of 2580	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 2980 wrote to memory of 2580	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 2980 wrote to memory of 3004	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 2980 wrote to memory of 3004	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 2980 wrote to memory of 3236	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 2980 wrote to memory of 3236	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 2980 wrote to memory of 2492	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 2980 wrote to memory of 2492	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 2980 wrote to memory of 4556	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 2980 wrote to memory of 4556	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 2980 wrote to memory of 1784	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 2980 wrote to memory of 1784	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 2980 wrote to memory of 1504	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 2980 wrote to memory of 1504	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 2980 wrote to memory of 2072	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 2980 wrote to memory of 2072	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 2980 wrote to memory of 1672	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 2980 wrote to memory of 1672	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 2980 wrote to memory of 2000	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 2980 wrote to memory of 2000	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 2980 wrote to memory of 4956	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 2980 wrote to memory of 4956	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 2980 wrote to memory of 3468	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 2980 wrote to memory of 3468	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 2980 wrote to memory of 3856	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 2980 wrote to memory of 3856	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 2980 wrote to memory of 3332	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 2980 wrote to memory of 3332	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 2980 wrote to memory of 2708	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 2980 wrote to memory of 2708	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 2980 wrote to memory of 4512	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 2980 wrote to memory of 4512	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 2980 wrote to memory of 3420	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 2980 wrote to memory of 3420	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 2980 wrote to memory of 264	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 2980 wrote to memory of 264	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 2980 wrote to memory of 4084	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 2980 wrote to memory of 4084	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 2980 wrote to memory of 1668	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 2980 wrote to memory of 1668	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 2980 wrote to memory of 436	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 2980 wrote to memory of 436	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 2980 wrote to memory of 1524	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 2980 wrote to memory of 1524	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 2980 wrote to memory of 448	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 2980 wrote to memory of 448	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 2980 wrote to memory of 3488	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 2980 wrote to memory of 3488	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 2980 wrote to memory of 740	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 2980 wrote to memory of 740	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 2980 wrote to memory of 4192	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 2980 wrote to memory of 4192	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 2980 wrote to memory of 1208	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 2980 wrote to memory of 1208	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	116
PID 2980 wrote to memory of 4684	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	118
PID 2980 wrote to memory of 4684	2980	2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe	118

C:\Users\Admin\AppData\Local\Temp\2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-22_41428579072cebebf641f834b18fb265_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Windows\System\qXyOexV.exe
  C:\Windows\System\qXyOexV.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\iepJFpt.exe
  C:\Windows\System\iepJFpt.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\KyhZtHW.exe
  C:\Windows\System\KyhZtHW.exe
  2⤵
  - Executes dropped EXE
  PID:4736
- C:\Windows\System\BIuSaaV.exe
  C:\Windows\System\BIuSaaV.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\eAJNBwt.exe
  C:\Windows\System\eAJNBwt.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\jCaNEKc.exe
  C:\Windows\System\jCaNEKc.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\buLfhBO.exe
  C:\Windows\System\buLfhBO.exe
  2⤵
  - Executes dropped EXE
  PID:3236
- C:\Windows\System\PkcEdcQ.exe
  C:\Windows\System\PkcEdcQ.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\HJKVIgJ.exe
  C:\Windows\System\HJKVIgJ.exe
  2⤵
  - Executes dropped EXE
  PID:4556
- C:\Windows\System\kEHphxt.exe
  C:\Windows\System\kEHphxt.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\ELUsaRF.exe
  C:\Windows\System\ELUsaRF.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\aXGIPoJ.exe
  C:\Windows\System\aXGIPoJ.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\kLHOZOE.exe
  C:\Windows\System\kLHOZOE.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\GWWNBTk.exe
  C:\Windows\System\GWWNBTk.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\imuPRvS.exe
  C:\Windows\System\imuPRvS.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System\mFqqtTd.exe
  C:\Windows\System\mFqqtTd.exe
  2⤵
  - Executes dropped EXE
  PID:3468
- C:\Windows\System\zvsmxSm.exe
  C:\Windows\System\zvsmxSm.exe
  2⤵
  - Executes dropped EXE
  PID:3856
- C:\Windows\System\BDCpdJt.exe
  C:\Windows\System\BDCpdJt.exe
  2⤵
  - Executes dropped EXE
  PID:3332
- C:\Windows\System\sLjwEKn.exe
  C:\Windows\System\sLjwEKn.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\QYdOvOy.exe
  C:\Windows\System\QYdOvOy.exe
  2⤵
  - Executes dropped EXE
  PID:4512
- C:\Windows\System\vrIlfOt.exe
  C:\Windows\System\vrIlfOt.exe
  2⤵
  - Executes dropped EXE
  PID:3420
- C:\Windows\System\gHVsfWz.exe
  C:\Windows\System\gHVsfWz.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\qHyDcir.exe
  C:\Windows\System\qHyDcir.exe
  2⤵
  - Executes dropped EXE
  PID:4084
- C:\Windows\System\adcsypp.exe
  C:\Windows\System\adcsypp.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\YYmJJOa.exe
  C:\Windows\System\YYmJJOa.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System\BHMgYIJ.exe
  C:\Windows\System\BHMgYIJ.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\LWedxzj.exe
  C:\Windows\System\LWedxzj.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\tBxNubn.exe
  C:\Windows\System\tBxNubn.exe
  2⤵
  - Executes dropped EXE
  PID:3488
- C:\Windows\System\sTjSIWD.exe
  C:\Windows\System\sTjSIWD.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System\hdkMBOw.exe
  C:\Windows\System\hdkMBOw.exe
  2⤵
  - Executes dropped EXE
  PID:4192
- C:\Windows\System\eioNJIM.exe
  C:\Windows\System\eioNJIM.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\Lwrzukp.exe
  C:\Windows\System\Lwrzukp.exe
  2⤵
  - Executes dropped EXE
  PID:4684
- C:\Windows\System\rZUILQu.exe
  C:\Windows\System\rZUILQu.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\HlqezUZ.exe
  C:\Windows\System\HlqezUZ.exe
  2⤵
  - Executes dropped EXE
  PID:4756
- C:\Windows\System\LKinMom.exe
  C:\Windows\System\LKinMom.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\vtMKHrh.exe
  C:\Windows\System\vtMKHrh.exe
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Windows\System\qezDBEF.exe
  C:\Windows\System\qezDBEF.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\KuJvyID.exe
  C:\Windows\System\KuJvyID.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\oAKtkxP.exe
  C:\Windows\System\oAKtkxP.exe
  2⤵
  - Executes dropped EXE
  PID:4888
- C:\Windows\System\gqFUZPX.exe
  C:\Windows\System\gqFUZPX.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\rtkGvNO.exe
  C:\Windows\System\rtkGvNO.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\CKsGRVb.exe
  C:\Windows\System\CKsGRVb.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\xyqpZTX.exe
  C:\Windows\System\xyqpZTX.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\SGMOgDe.exe
  C:\Windows\System\SGMOgDe.exe
  2⤵
  - Executes dropped EXE
  PID:3912
- C:\Windows\System\PocHBHB.exe
  C:\Windows\System\PocHBHB.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\kqIIZqj.exe
  C:\Windows\System\kqIIZqj.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\jlkzrTq.exe
  C:\Windows\System\jlkzrTq.exe
  2⤵
  - Executes dropped EXE
  PID:4812
- C:\Windows\System\qWlITwU.exe
  C:\Windows\System\qWlITwU.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\hrzKkYX.exe
  C:\Windows\System\hrzKkYX.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\LZmCejJ.exe
  C:\Windows\System\LZmCejJ.exe
  2⤵
  - Executes dropped EXE
  PID:384
- C:\Windows\System\DPRXyvz.exe
  C:\Windows\System\DPRXyvz.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\nkYNfrP.exe
  C:\Windows\System\nkYNfrP.exe
  2⤵
  - Executes dropped EXE
  PID:3116
- C:\Windows\System\QxtUyLQ.exe
  C:\Windows\System\QxtUyLQ.exe
  2⤵
  - Executes dropped EXE
  PID:4304
- C:\Windows\System\IRBIebZ.exe
  C:\Windows\System\IRBIebZ.exe
  2⤵
  - Executes dropped EXE
  PID:3200
- C:\Windows\System\HyrNZfd.exe
  C:\Windows\System\HyrNZfd.exe
  2⤵
  - Executes dropped EXE
  PID:4628
- C:\Windows\System\paKztzU.exe
  C:\Windows\System\paKztzU.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\HoopoiN.exe
  C:\Windows\System\HoopoiN.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System\EXHONII.exe
  C:\Windows\System\EXHONII.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\NsGeCkn.exe
  C:\Windows\System\NsGeCkn.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\oXHVwyP.exe
  C:\Windows\System\oXHVwyP.exe
  2⤵
  - Executes dropped EXE
  PID:4068
- C:\Windows\System\gLQvDOv.exe
  C:\Windows\System\gLQvDOv.exe
  2⤵
  - Executes dropped EXE
  PID:220
- C:\Windows\System\sOwoLuX.exe
  C:\Windows\System\sOwoLuX.exe
  2⤵
  - Executes dropped EXE
  PID:336
- C:\Windows\System\kjjXRAM.exe
  C:\Windows\System\kjjXRAM.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\nuijPFi.exe
  C:\Windows\System\nuijPFi.exe
  2⤵
  - Executes dropped EXE
  PID:4140
- C:\Windows\System\elYbkZY.exe
  C:\Windows\System\elYbkZY.exe
  2⤵
  PID:3812
- C:\Windows\System\segIUCZ.exe
  C:\Windows\System\segIUCZ.exe
  2⤵
  PID:2476
- C:\Windows\System\cNULhYF.exe
  C:\Windows\System\cNULhYF.exe
  2⤵
  PID:5040
- C:\Windows\System\HDgsAmL.exe
  C:\Windows\System\HDgsAmL.exe
  2⤵
  PID:1812
- C:\Windows\System\ldwuAGA.exe
  C:\Windows\System\ldwuAGA.exe
  2⤵
  PID:2020
- C:\Windows\System\vrGitlX.exe
  C:\Windows\System\vrGitlX.exe
  2⤵
  PID:4436
- C:\Windows\System\dTfjZPp.exe
  C:\Windows\System\dTfjZPp.exe
  2⤵
  PID:4132
- C:\Windows\System\xQajiCE.exe
  C:\Windows\System\xQajiCE.exe
  2⤵
  PID:4284
- C:\Windows\System\bVZBfZU.exe
  C:\Windows\System\bVZBfZU.exe
  2⤵
  PID:3972
- C:\Windows\System\ezuKtMZ.exe
  C:\Windows\System\ezuKtMZ.exe
  2⤵
  PID:1012
- C:\Windows\System\SSPCOmD.exe
  C:\Windows\System\SSPCOmD.exe
  2⤵
  PID:1040
- C:\Windows\System\fOInNco.exe
  C:\Windows\System\fOInNco.exe
  2⤵
  PID:5112
- C:\Windows\System\KHBBsLy.exe
  C:\Windows\System\KHBBsLy.exe
  2⤵
  PID:3080
- C:\Windows\System\toaxSYj.exe
  C:\Windows\System\toaxSYj.exe
  2⤵
  PID:4728
- C:\Windows\System\xwOxLpw.exe
  C:\Windows\System\xwOxLpw.exe
  2⤵
  PID:1060
- C:\Windows\System\GnTypQX.exe
  C:\Windows\System\GnTypQX.exe
  2⤵
  PID:2712
- C:\Windows\System\SERNxRG.exe
  C:\Windows\System\SERNxRG.exe
  2⤵
  PID:1568
- C:\Windows\System\MzWWkOu.exe
  C:\Windows\System\MzWWkOu.exe
  2⤵
  PID:944
- C:\Windows\System\qDlyCVQ.exe
  C:\Windows\System\qDlyCVQ.exe
  2⤵
  PID:1516
- C:\Windows\System\zAvgVQQ.exe
  C:\Windows\System\zAvgVQQ.exe
  2⤵
  PID:1164
- C:\Windows\System\fDYLtTD.exe
  C:\Windows\System\fDYLtTD.exe
  2⤵
  PID:3392
- C:\Windows\System\HHJzFMb.exe
  C:\Windows\System\HHJzFMb.exe
  2⤵
  PID:4868
- C:\Windows\System\kkvenwZ.exe
  C:\Windows\System\kkvenwZ.exe
  2⤵
  PID:2656
- C:\Windows\System\ddclXQu.exe
  C:\Windows\System\ddclXQu.exe
  2⤵
  PID:1916
- C:\Windows\System\nMCZvAA.exe
  C:\Windows\System\nMCZvAA.exe
  2⤵
  PID:1376
- C:\Windows\System\SqiItRW.exe
  C:\Windows\System\SqiItRW.exe
  2⤵
  PID:924
- C:\Windows\System\IycOiVf.exe
  C:\Windows\System\IycOiVf.exe
  2⤵
  PID:2324
- C:\Windows\System\qYDrzIs.exe
  C:\Windows\System\qYDrzIs.exe
  2⤵
  PID:4948
- C:\Windows\System\PfXvHfk.exe
  C:\Windows\System\PfXvHfk.exe
  2⤵
  PID:3816
- C:\Windows\System\UXZXUbV.exe
  C:\Windows\System\UXZXUbV.exe
  2⤵
  PID:4440
- C:\Windows\System\oWHZNuk.exe
  C:\Windows\System\oWHZNuk.exe
  2⤵
  PID:3784
- C:\Windows\System\jNZQtMB.exe
  C:\Windows\System\jNZQtMB.exe
  2⤵
  PID:544
- C:\Windows\System\rzbjSYf.exe
  C:\Windows\System\rzbjSYf.exe
  2⤵
  PID:5060
- C:\Windows\System\lCCMrLc.exe
  C:\Windows\System\lCCMrLc.exe
  2⤵
  PID:2804
- C:\Windows\System\eyDkVjM.exe
  C:\Windows\System\eyDkVjM.exe
  2⤵
  PID:2152
- C:\Windows\System\RsyvlgJ.exe
  C:\Windows\System\RsyvlgJ.exe
  2⤵
  PID:2604
- C:\Windows\System\oeeFEuQ.exe
  C:\Windows\System\oeeFEuQ.exe
  2⤵
  PID:5132
- C:\Windows\System\nqOKMck.exe
  C:\Windows\System\nqOKMck.exe
  2⤵
  PID:5164
- C:\Windows\System\MfetTSe.exe
  C:\Windows\System\MfetTSe.exe
  2⤵
  PID:5188
- C:\Windows\System\XzFlULy.exe
  C:\Windows\System\XzFlULy.exe
  2⤵
  PID:5216
- C:\Windows\System\ZACfdVV.exe
  C:\Windows\System\ZACfdVV.exe
  2⤵
  PID:5248
- C:\Windows\System\sHucmYU.exe
  C:\Windows\System\sHucmYU.exe
  2⤵
  PID:5276
- C:\Windows\System\qYdPaTN.exe
  C:\Windows\System\qYdPaTN.exe
  2⤵
  PID:5304
- C:\Windows\System\VLdZtaw.exe
  C:\Windows\System\VLdZtaw.exe
  2⤵
  PID:5332
- C:\Windows\System\uxotCGR.exe
  C:\Windows\System\uxotCGR.exe
  2⤵
  PID:5360
- C:\Windows\System\QKUYMRF.exe
  C:\Windows\System\QKUYMRF.exe
  2⤵
  PID:5388
- C:\Windows\System\uSEDrGt.exe
  C:\Windows\System\uSEDrGt.exe
  2⤵
  PID:5420
- C:\Windows\System\MrGuIsy.exe
  C:\Windows\System\MrGuIsy.exe
  2⤵
  PID:5456
- C:\Windows\System\EYZHxnd.exe
  C:\Windows\System\EYZHxnd.exe
  2⤵
  PID:5528
- C:\Windows\System\sOcHHuA.exe
  C:\Windows\System\sOcHHuA.exe
  2⤵
  PID:5576
- C:\Windows\System\mwNdiPH.exe
  C:\Windows\System\mwNdiPH.exe
  2⤵
  PID:5636
- C:\Windows\System\uUnWRKn.exe
  C:\Windows\System\uUnWRKn.exe
  2⤵
  PID:5672
- C:\Windows\System\HUIMYjm.exe
  C:\Windows\System\HUIMYjm.exe
  2⤵
  PID:5688
- C:\Windows\System\bdZJqyc.exe
  C:\Windows\System\bdZJqyc.exe
  2⤵
  PID:5736
- C:\Windows\System\HdudzUD.exe
  C:\Windows\System\HdudzUD.exe
  2⤵
  PID:5772
- C:\Windows\System\lOLbMrz.exe
  C:\Windows\System\lOLbMrz.exe
  2⤵
  PID:5800
- C:\Windows\System\Uyelpnn.exe
  C:\Windows\System\Uyelpnn.exe
  2⤵
  PID:5828
- C:\Windows\System\kGEQXYa.exe
  C:\Windows\System\kGEQXYa.exe
  2⤵
  PID:5856
- C:\Windows\System\JbwUbWn.exe
  C:\Windows\System\JbwUbWn.exe
  2⤵
  PID:5884
- C:\Windows\System\zYffXtQ.exe
  C:\Windows\System\zYffXtQ.exe
  2⤵
  PID:5912
- C:\Windows\System\FHJYoEL.exe
  C:\Windows\System\FHJYoEL.exe
  2⤵
  PID:5936
- C:\Windows\System\pGYXVdY.exe
  C:\Windows\System\pGYXVdY.exe
  2⤵
  PID:5972
- C:\Windows\System\qvHJqWN.exe
  C:\Windows\System\qvHJqWN.exe
  2⤵
  PID:5996
- C:\Windows\System\LZnuekD.exe
  C:\Windows\System\LZnuekD.exe
  2⤵
  PID:6028
- C:\Windows\System\uPDItFy.exe
  C:\Windows\System\uPDItFy.exe
  2⤵
  PID:6052
- C:\Windows\System\jJRFOvO.exe
  C:\Windows\System\jJRFOvO.exe
  2⤵
  PID:6092
- C:\Windows\System\FieLcgV.exe
  C:\Windows\System\FieLcgV.exe
  2⤵
  PID:6116
- C:\Windows\System\hWCWnQE.exe
  C:\Windows\System\hWCWnQE.exe
  2⤵
  PID:5124
- C:\Windows\System\yZjFzoc.exe
  C:\Windows\System\yZjFzoc.exe
  2⤵
  PID:5200
- C:\Windows\System\wAkcMxR.exe
  C:\Windows\System\wAkcMxR.exe
  2⤵
  PID:5256
- C:\Windows\System\zgNsUWz.exe
  C:\Windows\System\zgNsUWz.exe
  2⤵
  PID:5324
- C:\Windows\System\cOwjUId.exe
  C:\Windows\System\cOwjUId.exe
  2⤵
  PID:5416
- C:\Windows\System\ydSjgRH.exe
  C:\Windows\System\ydSjgRH.exe
  2⤵
  PID:5520
- C:\Windows\System\jjYhGsr.exe
  C:\Windows\System\jjYhGsr.exe
  2⤵
  PID:5648
- C:\Windows\System\nXqWLeK.exe
  C:\Windows\System\nXqWLeK.exe
  2⤵
  PID:5708
- C:\Windows\System\MdnjZih.exe
  C:\Windows\System\MdnjZih.exe
  2⤵
  PID:5784
- C:\Windows\System\WivjrAM.exe
  C:\Windows\System\WivjrAM.exe
  2⤵
  PID:5852
- C:\Windows\System\nGoZUVN.exe
  C:\Windows\System\nGoZUVN.exe
  2⤵
  PID:5896
- C:\Windows\System\UxjMYld.exe
  C:\Windows\System\UxjMYld.exe
  2⤵
  PID:5968
- C:\Windows\System\srGgOsu.exe
  C:\Windows\System\srGgOsu.exe
  2⤵
  PID:6040
- C:\Windows\System\dAsILdK.exe
  C:\Windows\System\dAsILdK.exe
  2⤵
  PID:6100
- C:\Windows\System\KFRfLKT.exe
  C:\Windows\System\KFRfLKT.exe
  2⤵
  PID:5196
- C:\Windows\System\aBvHvbT.exe
  C:\Windows\System\aBvHvbT.exe
  2⤵
  PID:5380
- C:\Windows\System\KYLPYgN.exe
  C:\Windows\System\KYLPYgN.exe
  2⤵
  PID:5560
- C:\Windows\System\wlLovzG.exe
  C:\Windows\System\wlLovzG.exe
  2⤵
  PID:5808
- C:\Windows\System\LXtPxQj.exe
  C:\Windows\System\LXtPxQj.exe
  2⤵
  PID:5932
- C:\Windows\System\VNFGYga.exe
  C:\Windows\System\VNFGYga.exe
  2⤵
  PID:6048
- C:\Windows\System\mCXckqH.exe
  C:\Windows\System\mCXckqH.exe
  2⤵
  PID:5372
- C:\Windows\System\rAXxqQC.exe
  C:\Windows\System\rAXxqQC.exe
  2⤵
  PID:5664
- C:\Windows\System\dvnIPpV.exe
  C:\Windows\System\dvnIPpV.exe
  2⤵
  PID:6128
- C:\Windows\System\fHBlUWr.exe
  C:\Windows\System\fHBlUWr.exe
  2⤵
  PID:5228
- C:\Windows\System\bXriVWJ.exe
  C:\Windows\System\bXriVWJ.exe
  2⤵
  PID:5240
- C:\Windows\System\htmwWvz.exe
  C:\Windows\System\htmwWvz.exe
  2⤵
  PID:6164
- C:\Windows\System\OtjDVti.exe
  C:\Windows\System\OtjDVti.exe
  2⤵
  PID:6204
- C:\Windows\System\SSQmzRP.exe
  C:\Windows\System\SSQmzRP.exe
  2⤵
  PID:6232
- C:\Windows\System\eDBsFTT.exe
  C:\Windows\System\eDBsFTT.exe
  2⤵
  PID:6260
- C:\Windows\System\rASSQpm.exe
  C:\Windows\System\rASSQpm.exe
  2⤵
  PID:6288
- C:\Windows\System\ShhdoKU.exe
  C:\Windows\System\ShhdoKU.exe
  2⤵
  PID:6344
- C:\Windows\System\UwvgOBW.exe
  C:\Windows\System\UwvgOBW.exe
  2⤵
  PID:6376
- C:\Windows\System\njgUWrI.exe
  C:\Windows\System\njgUWrI.exe
  2⤵
  PID:6404
- C:\Windows\System\MREtbTZ.exe
  C:\Windows\System\MREtbTZ.exe
  2⤵
  PID:6420
- C:\Windows\System\zHQSgNL.exe
  C:\Windows\System\zHQSgNL.exe
  2⤵
  PID:6436
- C:\Windows\System\wKqukUk.exe
  C:\Windows\System\wKqukUk.exe
  2⤵
  PID:6492
- C:\Windows\System\wiphQbu.exe
  C:\Windows\System\wiphQbu.exe
  2⤵
  PID:6516
- C:\Windows\System\aBNgZTv.exe
  C:\Windows\System\aBNgZTv.exe
  2⤵
  PID:6536
- C:\Windows\System\jPgFWHO.exe
  C:\Windows\System\jPgFWHO.exe
  2⤵
  PID:6584
- C:\Windows\System\isuhmjR.exe
  C:\Windows\System\isuhmjR.exe
  2⤵
  PID:6612
- C:\Windows\System\cTbJcnG.exe
  C:\Windows\System\cTbJcnG.exe
  2⤵
  PID:6644
- C:\Windows\System\TQjWQQO.exe
  C:\Windows\System\TQjWQQO.exe
  2⤵
  PID:6672
- C:\Windows\System\BeAkOiu.exe
  C:\Windows\System\BeAkOiu.exe
  2⤵
  PID:6712
- C:\Windows\System\dzioFvY.exe
  C:\Windows\System\dzioFvY.exe
  2⤵
  PID:6736
- C:\Windows\System\RiphwoS.exe
  C:\Windows\System\RiphwoS.exe
  2⤵
  PID:6776
- C:\Windows\System\fxnJggK.exe
  C:\Windows\System\fxnJggK.exe
  2⤵
  PID:6812
- C:\Windows\System\igBSgMY.exe
  C:\Windows\System\igBSgMY.exe
  2⤵
  PID:6836
- C:\Windows\System\MbQBBXk.exe
  C:\Windows\System\MbQBBXk.exe
  2⤵
  PID:6868
- C:\Windows\System\ZYXvliS.exe
  C:\Windows\System\ZYXvliS.exe
  2⤵
  PID:6892
- C:\Windows\System\MxLmGEO.exe
  C:\Windows\System\MxLmGEO.exe
  2⤵
  PID:6920
- C:\Windows\System\SdOfQKt.exe
  C:\Windows\System\SdOfQKt.exe
  2⤵
  PID:6952
- C:\Windows\System\DIPxTfb.exe
  C:\Windows\System\DIPxTfb.exe
  2⤵
  PID:6984
- C:\Windows\System\YUwKjHv.exe
  C:\Windows\System\YUwKjHv.exe
  2⤵
  PID:7008
- C:\Windows\System\OjdGYCk.exe
  C:\Windows\System\OjdGYCk.exe
  2⤵
  PID:7040
- C:\Windows\System\idpwxYS.exe
  C:\Windows\System\idpwxYS.exe
  2⤵
  PID:7068
- C:\Windows\System\LDIxtjw.exe
  C:\Windows\System\LDIxtjw.exe
  2⤵
  PID:7092
- C:\Windows\System\CAOrFyf.exe
  C:\Windows\System\CAOrFyf.exe
  2⤵
  PID:7120
- C:\Windows\System\nKqbKzA.exe
  C:\Windows\System\nKqbKzA.exe
  2⤵
  PID:7152
- C:\Windows\System\JZMDdTY.exe
  C:\Windows\System\JZMDdTY.exe
  2⤵
  PID:6160
- C:\Windows\System\YvwoVyO.exe
  C:\Windows\System\YvwoVyO.exe
  2⤵
  PID:6212
- C:\Windows\System\gunXVzS.exe
  C:\Windows\System\gunXVzS.exe
  2⤵
  PID:6284
- C:\Windows\System\CEMqMsv.exe
  C:\Windows\System\CEMqMsv.exe
  2⤵
  PID:6384
- C:\Windows\System\dIleSft.exe
  C:\Windows\System\dIleSft.exe
  2⤵
  PID:6456
- C:\Windows\System\cwEiQIm.exe
  C:\Windows\System\cwEiQIm.exe
  2⤵
  PID:6500
- C:\Windows\System\rZVmNUN.exe
  C:\Windows\System\rZVmNUN.exe
  2⤵
  PID:6560
- C:\Windows\System\xiMaGJh.exe
  C:\Windows\System\xiMaGJh.exe
  2⤵
  PID:6624
- C:\Windows\System\soOOxga.exe
  C:\Windows\System\soOOxga.exe
  2⤵
  PID:6592
- C:\Windows\System\hdIxwHZ.exe
  C:\Windows\System\hdIxwHZ.exe
  2⤵
  PID:1992
- C:\Windows\System\qKMTZyc.exe
  C:\Windows\System\qKMTZyc.exe
  2⤵
  PID:4968
- C:\Windows\System\CxrInuF.exe
  C:\Windows\System\CxrInuF.exe
  2⤵
  PID:3480
- C:\Windows\System\ZdBMvzZ.exe
  C:\Windows\System\ZdBMvzZ.exe
  2⤵
  PID:6760
- C:\Windows\System\taHUYen.exe
  C:\Windows\System\taHUYen.exe
  2⤵
  PID:6848
- C:\Windows\System\BPPoTKO.exe
  C:\Windows\System\BPPoTKO.exe
  2⤵
  PID:6904
- C:\Windows\System\EaEbfQH.exe
  C:\Windows\System\EaEbfQH.exe
  2⤵
  PID:6976
- C:\Windows\System\ekTWdtZ.exe
  C:\Windows\System\ekTWdtZ.exe
  2⤵
  PID:7028
- C:\Windows\System\zGerraJ.exe
  C:\Windows\System\zGerraJ.exe
  2⤵
  PID:7104
- C:\Windows\System\YcJtqca.exe
  C:\Windows\System\YcJtqca.exe
  2⤵
  PID:6632
- C:\Windows\System\dFfADfZ.exe
  C:\Windows\System\dFfADfZ.exe
  2⤵
  PID:6248
- C:\Windows\System\xArBCjq.exe
  C:\Windows\System\xArBCjq.exe
  2⤵
  PID:6416
- C:\Windows\System\whIfxYm.exe
  C:\Windows\System\whIfxYm.exe
  2⤵
  PID:6564
- C:\Windows\System\xsvWFZF.exe
  C:\Windows\System\xsvWFZF.exe
  2⤵
  PID:6764
- C:\Windows\System\oERHpbr.exe
  C:\Windows\System\oERHpbr.exe
  2⤵
  PID:6884
- C:\Windows\System\uWHLMdi.exe
  C:\Windows\System\uWHLMdi.exe
  2⤵
  PID:7064
- C:\Windows\System\vBUCvxD.exe
  C:\Windows\System\vBUCvxD.exe
  2⤵
  PID:6228
- C:\Windows\System\qVKGWza.exe
  C:\Windows\System\qVKGWza.exe
  2⤵
  PID:5052
- C:\Windows\System\ugRewla.exe
  C:\Windows\System\ugRewla.exe
  2⤵
  PID:6728
- C:\Windows\System\SRmlZBV.exe
  C:\Windows\System\SRmlZBV.exe
  2⤵
  PID:7000
- C:\Windows\System\YqJkOrF.exe
  C:\Windows\System\YqJkOrF.exe
  2⤵
  PID:1620
- C:\Windows\System\gZXuuik.exe
  C:\Windows\System\gZXuuik.exe
  2⤵
  PID:6460
- C:\Windows\System\oQRDiTP.exe
  C:\Windows\System\oQRDiTP.exe
  2⤵
  PID:7176
- C:\Windows\System\punPEJd.exe
  C:\Windows\System\punPEJd.exe
  2⤵
  PID:7208
- C:\Windows\System\UWmvYWJ.exe
  C:\Windows\System\UWmvYWJ.exe
  2⤵
  PID:7232
- C:\Windows\System\GzZzsOe.exe
  C:\Windows\System\GzZzsOe.exe
  2⤵
  PID:7260
- C:\Windows\System\febHgJp.exe
  C:\Windows\System\febHgJp.exe
  2⤵
  PID:7288
- C:\Windows\System\NWDkusl.exe
  C:\Windows\System\NWDkusl.exe
  2⤵
  PID:7316
- C:\Windows\System\gTFmgGK.exe
  C:\Windows\System\gTFmgGK.exe
  2⤵
  PID:7340
- C:\Windows\System\qBQNVPS.exe
  C:\Windows\System\qBQNVPS.exe
  2⤵
  PID:7372
- C:\Windows\System\asBUHwD.exe
  C:\Windows\System\asBUHwD.exe
  2⤵
  PID:7404
- C:\Windows\System\rjTrfEC.exe
  C:\Windows\System\rjTrfEC.exe
  2⤵
  PID:7436
- C:\Windows\System\UEQEUwe.exe
  C:\Windows\System\UEQEUwe.exe
  2⤵
  PID:7452
- C:\Windows\System\rKfcHGD.exe
  C:\Windows\System\rKfcHGD.exe
  2⤵
  PID:7484
- C:\Windows\System\sPherbY.exe
  C:\Windows\System\sPherbY.exe
  2⤵
  PID:7508
- C:\Windows\System\hsEdHKJ.exe
  C:\Windows\System\hsEdHKJ.exe
  2⤵
  PID:7540
- C:\Windows\System\QlzQTTm.exe
  C:\Windows\System\QlzQTTm.exe
  2⤵
  PID:7568
- C:\Windows\System\fYxephu.exe
  C:\Windows\System\fYxephu.exe
  2⤵
  PID:7596
- C:\Windows\System\adVWheQ.exe
  C:\Windows\System\adVWheQ.exe
  2⤵
  PID:7640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BDCpdJt.exe

Filesize
6.0MB

MD5
9fef9ee9fe9823129e1802f4034814ee

SHA1
8992044fd28575a3b2f2076e0c0972650b92978b

SHA256
ea5b6a6ba639af74cd77b398f8490ee3f20d8cde022532fd9154fa1b5adbda93

SHA512
5b4230aa75546a9989cba0b0dbf1630a5e30ccb3837e08123e4c2067bea31d58b96ba0efc11ba27c93479958f1423bfd76efb8f1ab6eab93f2a81dc28b5ca566

Download Submit
C:\Windows\System\BHMgYIJ.exe

Filesize
6.0MB

MD5
c728a57535a0391a8d68dcafc0d282a3

SHA1
c2e732e4876fcab09030db28138fee055e32de15

SHA256
724875c6545f94d8be404e1d9bcaad8bd772173cc624e66c8ce2164e3e1c8e0f

SHA512
2de626d4ba1c016ea020a58501b40e0f068e38b0869a3e49310ca5eabbfe50e4fa7c5444abe393c74e6c06c1626bb114def3453236cdb7ec26b7cf5b5da91425

Download Submit
C:\Windows\System\BIuSaaV.exe

Filesize
6.0MB

MD5
5ad72d2a2c5c27d46bfcc26bcc49e128

SHA1
64933d3f0b5d07363f14d949e234ca52dc742d5c

SHA256
c6eca9228cb5d63d02174ed74aa9494a73adcfe9861d4d6323dc70f562e8b2f4

SHA512
ae7ebdecd7da3b76696608b952b0a5a8880d55e239dcb3d937e5da9c578d18d9ee12975f219acb9e2b3a887cfe48da1b49ce986a2b85493f01d7f44e6ff60d5f

Download Submit
C:\Windows\System\ELUsaRF.exe

Filesize
6.0MB

MD5
55590156b27ceb21f89d3987062e30b3

SHA1
ab0d4a1e82e882b5eb4ced051cc49b0d7a157483

SHA256
871c5acd74b48fe16b0932657669c2e2e404535f4f6f797e015f92891172effd

SHA512
dde319e9d208f34e44ea49d8f8cfe60f61fcb8ff3c5f332b0832cebec9cd5b1a3487d64d527c2c1fe6098cffe109d9715c6e249739fae43e90de3c1a04043669

Download Submit
C:\Windows\System\GWWNBTk.exe

Filesize
6.0MB

MD5
fa3ba32f8d9d73e599037d0320261d21

SHA1
e66b4228bcc39e000566d3d4f0cfb94a7f8449e8

SHA256
8bf72552e50dfdb9f264d7cd18b284e74dae1031c4e678e7b937bc3f2e9a1f30

SHA512
69150e0119446d4bb7f535e9d40c6eb7ec24a0520169def10b361a43f00db7b564c533495e36ec72ae2c7a097b6651370e7cc3ab6aae0fb1a6354cce5f7dce14

Download Submit
C:\Windows\System\HJKVIgJ.exe

Filesize
6.0MB

MD5
43027753145805ae78975bbed16316d5

SHA1
8baa56b875abf84b51fa5d961b38fa3ba10823ac

SHA256
0b5e56a372734bfcc70cba67d7c10243e217f80080b00f62f8c7fd0b430259b5

SHA512
8ef210621731ea22c9a690742c15ac07773e1e3085cf039dcea98238ab47493fc752a2f2167168ca0299e7888f41dc2361a4f1f9b27a30752111f6f71329ab99

Download Submit
C:\Windows\System\KyhZtHW.exe

Filesize
6.0MB

MD5
de3181914fc1f48ba4b4369149c914a8

SHA1
e65775fa57d22ea4086a941125ace18e934455ea

SHA256
c700dc2f11ac1f74dd0368df215f011b4cfee0299f4208866ba5d4cbde00a4a1

SHA512
16f6d7241b14bcd6ccf2c2222e6d26e951089950b8f6157bd8ee564e605616da596d1c65dfaee0d18a5e0f70ac01807689079199d6289f1762c9fc98e52bd9b4

Download Submit
C:\Windows\System\LWedxzj.exe

Filesize
6.0MB

MD5
5bed6538c076518142f9c81823bffc33

SHA1
f09c2702516f213f9001d79507eb55ac47c04713

SHA256
ee0d680af3ba50839cadb0bc03e324f302cf38228cde3fe84a783d66ae279055

SHA512
b85a578fb331129871a50d29e52f1e0679498b94c27ffa5b01192e1a07c5057ac83e24ddef84589a04901630dc20f02700c33bfcd69fd4093c117ca0e0e27d26

Download Submit
C:\Windows\System\Lwrzukp.exe

Filesize
6.0MB

MD5
57aa743a91890c0d7c434039e78d2097

SHA1
2c6c38e473b5beabf62bb96dc24a6015580a6aff

SHA256
8596a679ae68eabb1f4d23cb4ce86235f94e9114b699388fafdb98517e9e4e64

SHA512
c0c8e6f97c38719c60a9b08bb0d681c4841cc4ba0def945355dd943bb1af6504ec79af55d99e2f6562029aedfff690528624b41f2c7347e9c657bbe125d6107b

Download Submit
C:\Windows\System\PkcEdcQ.exe

Filesize
6.0MB

MD5
80625a9b44242907281deaa32bac5317

SHA1
27c5dd1ad097b159c9e736c1c8f1ff9a5525fc7e

SHA256
c87d7accfbcb179b27acad6a007a1209f2a083dc1580d96fb46ec93e79db3deb

SHA512
2948b02cb62d22355227d25df9444a0ddc1be77bc7400d25ac8cbf748b2924ca105b04755a6eaf4511ca489d8e2896d5b7e61f99d866377005a9122808e3603b

Download Submit
C:\Windows\System\QYdOvOy.exe

Filesize
6.0MB

MD5
2db67e355bf1ba58bb0cd4c0df20c569

SHA1
0eef4e3d3b50829afb9d76edd917ace4469b94d0

SHA256
179991139f1fe351b1f7fc5f2204bda1e6234560153f74e4b04c296560d2a760

SHA512
e36040f9c802e90619cfa8f2cb10c410b6266077511e2fa2157c98c82fc55812e4f95e454dea7c2f32114b9155ad38b9cdcf24ffb049af07a1e171a3b129316c

Download Submit
C:\Windows\System\YYmJJOa.exe

Filesize
6.0MB

MD5
7a4949cddd296b23ce1db9a08905c719

SHA1
63e264f375f5c82254706d6682573abf28992ce6

SHA256
8d5e647759ee7e99aaf9cef6199170d072668f787e1442d5be2aeedda8000e3a

SHA512
7653d1d06da1d4ba0d5e56384c9ec805879349146987e691f56c36da3c5be82a47528a684677b491ca1f2259b6e617c4745021ab4e08d3ba021a0cf5e9069bd6

Download Submit
C:\Windows\System\aXGIPoJ.exe

Filesize
6.0MB

MD5
1762ba57246117fe661682b0f33ea830

SHA1
42f7455f1cb26fd4b6de9c775ff4275f6360516b

SHA256
5afd416406d45fbcbad694ba183d446bea4ad10c0b78b88ff1efad4234eb3099

SHA512
dae91e2fc26973eb19cb5bcf2caf4b0c66144d4f28eb8c8d347fdc6cf9b695313db42680060b77e0f3cfc394770ec9d5051cd3e566af31faba2c966dac431698

Download Submit
C:\Windows\System\adcsypp.exe

Filesize
6.0MB

MD5
14979a78389da459c022f68348f6e0b8

SHA1
ff6528eca81ae96ac2e3c64b9721fc9f3e73a48a

SHA256
b55f5b61440ac58e95df88751aeef477e6e03c62daf65fc23132f6335698a1ee

SHA512
1691561046b4b3f007b867c46cebb647370785e3d80264e8c33d6653aaa31a12e96177a622e0e53cf0ff4b87f2af1c62a9dc1983203d07033e0c2ced108d12a4

Download Submit
C:\Windows\System\buLfhBO.exe

Filesize
6.0MB

MD5
63d2fa28efa45a876be1daaad6194c1b

SHA1
e5b746f9ae2b133171317438b99414c763408df2

SHA256
10b0671f26f22da89a82be6566ef72cab4933821e48ede1d596e46ce0d7de3de

SHA512
ed9bcdb48aabae7eb66eb5a50b7a2d55e907261a09755d7bc3e2b3f5cbe21f4075e489cdd5bcff027872878635ae144dfc00f421d9708500af589d2839b4aa72

Download Submit
C:\Windows\System\eAJNBwt.exe

Filesize
6.0MB

MD5
7e75028cdc4ce75d29a1edbaf61b6889

SHA1
9c16a7219fafad59c2c087f0c8c3c456ed20a46a

SHA256
24ce95304a86522ce46f46c083c68480de1ad3976a965ddbc97f793267e93e44

SHA512
48af1727b136ef4140922663cf51f79a851015a3fade00882111c75378746b9c240b730a7a7dd499e4ba55ea04b74562fd3b2a46f053ca074e4bd7f29dcfe35e

Download Submit
C:\Windows\System\eioNJIM.exe

Filesize
6.0MB

MD5
c5aca0a788bbafd2c4aedc1cd3c7f704

SHA1
47943f4d9b756c54e9a2adcf7e06776f679ac15b

SHA256
1f09bd44a9fa3dbac97a4b171512ca714a70c94ecbc1458b6736fb21289d02cc

SHA512
802d9ae69b1ec1c3339fdda927520e6a28d7a673352622465639c3b49580254e17b5a3edcbf4ebeeb11c29c84985fb8ee01152c86d6fdc66264629781ff5e66d

Download Submit
C:\Windows\System\gHVsfWz.exe

Filesize
6.0MB

MD5
a952d6b5d95ba9ae3763450abfed1ab0

SHA1
e2382c0d54610de6047caca7f5b1b5e867904782

SHA256
094159f9f6a6b2c8d1bb8766b4074f0e339b0d1951ecb922d6eff4e109f0c51d

SHA512
f75ddf0a119a26868a90643ef05e66f7564f727ad3375e5ce70f4fc94ce1da90e31b483cd0b3861e761ca26b659bd640f2d99497b010144074ba132b9a330051

Download Submit
C:\Windows\System\hdkMBOw.exe

Filesize
6.0MB

MD5
ad85ce0201995e15769b26fe1f0cf9fa

SHA1
aa4a308d958d333f470e899138fa853bd7e0be20

SHA256
4276c2c7a9ab80efa14e146d46d4022eaccca47689f2e9abddbfeaccaf5612af

SHA512
bfb7d8e0f3022d2702bfba07797224d2be89fdd14829e6760b407b46f2b75e8d709f5614e8b9ac72996297eb962beea28eced187771fe2580e8b16489d07734e

Download Submit
C:\Windows\System\iepJFpt.exe

Filesize
6.0MB

MD5
2a47eac687d4d806fe8d9ae72e106ec0

SHA1
4d3c2fe86957de9ddb069b184e1a63bb7c467d0c

SHA256
eb98686ddab530b841a737ac677667ba01899ac46d2ce7c7af0f60dc0b88e3f5

SHA512
a8ef18eec5245515fd7ac288f15e16e64ab09daeed1984dfbf1cafe903c9574b35da5a08071097ffd4c124f4e1cbfa325ae19222cec543f424acad5b4714d89a

Download Submit
C:\Windows\System\imuPRvS.exe

Filesize
6.0MB

MD5
e79a88c43f2c4bef75a8389a5471b556

SHA1
52e86f4939f6df4ec517d096cba27c775027a04b

SHA256
dbe5bae0afacfae9664993d7d95505149fbb1c7e7bb4b5a61bcf08d206faa001

SHA512
4b919bef7d6bc848ea1b9883c8d13f7e30c7a3714a20379370d1cb01d96b1a2625c6068f1fc0ab8dc17709ead7ef97f62e8c21a75ad648096b6e4b877e638ff7

Download Submit
C:\Windows\System\jCaNEKc.exe

Filesize
6.0MB

MD5
7e7fe258f98a8d18f31abe6b2f00f890

SHA1
0ef74cabac4e6d15661b0995b073ed2104e89d62

SHA256
e14467cf72433b362ddc7cd5fdf0868d421a33fa068e01f3d9420c2b57e691b2

SHA512
bb6de1aca779d7eaeba44b5fdb4b73490b23cb4f3f5d408718ed97069a116b396a1e4270af947f23e6420288116343eaac5c9a1afbdf21806f61d949a50414b2

Download Submit
C:\Windows\System\kEHphxt.exe

Filesize
6.0MB

MD5
a4037d394790d3f5cc56df57458ef974

SHA1
d07a8008667d2e3d6fa3db008b37f0d31a13b8d7

SHA256
01e0390f8bea4b7e852ebfa0cef7f712aa23e907a73fdee41af4617239eab5c5

SHA512
d8a917e7a25f539950f10f09033320c7ce281c750f255bea04e629b3cdf4b159dd8092c69a67e9bf08f2f6e56f8f21d7bda1d8463e088078ab39fd7767a71d42

Download Submit
C:\Windows\System\kLHOZOE.exe

Filesize
6.0MB

MD5
c084b36549da2fb3009453a8c24bfdfa

SHA1
c4776a5a4f058da6ea982fc4d14d404657a558d5

SHA256
d612febf144b08d46b23ebd2b57b805688af5e78879e5fdd878aa381320d94cd

SHA512
1774d037560b8d647b5e32cfd00aa93a9eda06e1cc28812db556ba55c834578fa8f7bef44177974d4f0cb96b940f644d3ad6a814706c184827973929ce46866f

Download Submit
C:\Windows\System\mFqqtTd.exe

Filesize
6.0MB

MD5
7b5318505b30281ba1483e840138ca6f

SHA1
14ade18bb6574b30fc6e75bc3f02c7c6cacabec7

SHA256
e31bf986cf5a2e9933c6b70d52c7363843e101801fa49938f3c68c7a549bffb6

SHA512
1e4bf2770b7f0c0069616d10d340cd5d99e307b7e192339bee890e5d5ecfef9d9f956de3e29552f970bcc41c69d6b8ecc6d3bd3bc0214d76612f5e08964fea1d

Download Submit
C:\Windows\System\qHyDcir.exe

Filesize
6.0MB

MD5
cc6a461f602ec4e001190aa88aea984a

SHA1
567a49f469050b1e2992f8f1321f344d36f95db1

SHA256
d2f03ec4e99c9372533b169505e8ea3589f8ab6dc68a7fe88cfe6da0cf3fcadf

SHA512
cfb1af1c203cd94e20497fc91c87d4cae143efa0332886cfcbca43cf9c854d73370a88b54a5e4db6b1b8f72799895573b8bef29c2f8f492ade5aa9b54e30ebe5

Download Submit
C:\Windows\System\qXyOexV.exe

Filesize
6.0MB

MD5
e917242332a74498aa0baa24da7b8d83

SHA1
e63774de9ddc896018ea99967da2dda710f54a73

SHA256
c006238d924744d0a28ae2e66242c60f4da675ec09ca84cb9b7c61105a4d8a03

SHA512
9efadbef052596f4d1fa327655e60987116097c72bbf2f5e7ef803284f183df4a184a6401e47f6e9c5deb317d6e1b951dcc9c71a1cd484dd60b5995541e713bc

Download Submit
C:\Windows\System\rZUILQu.exe

Filesize
6.0MB

MD5
68ba11302fde4284400cea8f28082e6c

SHA1
c701655e3fd1a17ce2314a518c4a489b8f0ec1f1

SHA256
c7aefd4ab5863e9a99184caa9f7901d92b7a9bac1eab83f2d99bb04c5b806111

SHA512
5b1b45b816728a1d7050daad3d1a217f094c61728d33e2a2293ec28edff61cd2d5e966eef991632cb64d7a0b2c0dc7c0beac682a4e0b008461170191cfef6fa5

Download Submit
C:\Windows\System\sLjwEKn.exe

Filesize
6.0MB

MD5
423f551ac100d4d9f8bf4974e0c9d35a

SHA1
a236924c9de4a7e478dd574180f1b05375c1cdff

SHA256
db031ffce255d2f9bcc145ab9768cff7a733f0568eebf99547893f3f37060be7

SHA512
099e35c806af2e9f486151f750f2575fadb2180602efced2de5f0706c5748bb45a042abb2e1097e7b09235deca15d890bc8bcd3504b4a4b569c2006abf7db02e

Download Submit
C:\Windows\System\sTjSIWD.exe

Filesize
6.0MB

MD5
d6ce3f9d32a9d257f0ddb0bac0143a18

SHA1
2d14b6da57d06ce258535fd020731fa29701dc22

SHA256
6f4f75a81c05711b8754cb480e8b1ce70161560dc2cf077ebc80e63eb1d15e3f

SHA512
d1bcff0c56239698879a54de8e950fab4949f25e77b55a651f81a7487ac98216ab4e0d0b0a7579b8404ecb99b2856dac5663b356de234b0ff6c5d7c84e94ef4f

Download Submit
C:\Windows\System\tBxNubn.exe

Filesize
6.0MB

MD5
3e1446945f1ac39e72663a1f09a78373

SHA1
18b1ff6ea1f4a9262953f4f34bea0c8e7992b1c7

SHA256
3febab93339550e5bf78fc83e881b1cb3c2ab3d96a385e2aa2d9a405171f0215

SHA512
ae064bd360dbe8d517f18f2fdd602195147ac3ffa4b3a405960c9eadf156b6ef343dd7910d8d039df99b1ea3c3114e6f6b8e913ee0143d196412dc80669e1bf7

Download Submit
C:\Windows\System\vrIlfOt.exe

Filesize
6.0MB

MD5
5be95f28a9b46b1f833cc6ed5035d189

SHA1
abf432344a06f8b267998ce486749545801238e9

SHA256
f87f859940708461961489387223e78d906b8c181aa75a53bcb9ca03a202a804

SHA512
f7844bdedf8c235048655f22d2d0beefc4b2fb3b7e4dafbf2b169ed9a62c0a8e7568d572eff0dca3e8f1fab4c58a0d8b27e28caaa92fcd466a2a9c46ab16961c

Download Submit
C:\Windows\System\zvsmxSm.exe

Filesize
6.0MB

MD5
8c9e8c348cdf67424bf99cc46bb7d067

SHA1
91ff30422afed772671ed8a47870469d79c28a16

SHA256
38e303ee91ce97e0e1d73f627d162834948462aea9981322c42017b4f593adf6

SHA512
949fd2b969f040860aa471a4342ce577ea866e95eb9c2eb9b663fea3711455a0d8502289de2e8ad3adc27a00bc080b321abe144a607e56f3c2bc2a3043d78837

Download Submit
memory/264-145-0x00007FF664A80000-0x00007FF664DD4000-memory.dmp

Filesize
3.3MB

Download
memory/264-213-0x00007FF664A80000-0x00007FF664DD4000-memory.dmp

Filesize
3.3MB

Download
memory/436-398-0x00007FF612730000-0x00007FF612A84000-memory.dmp

Filesize
3.3MB

Download
memory/436-165-0x00007FF612730000-0x00007FF612A84000-memory.dmp

Filesize
3.3MB

Download
memory/448-178-0x00007FF66CE00000-0x00007FF66D154000-memory.dmp

Filesize
3.3MB

Download
memory/448-516-0x00007FF66CE00000-0x00007FF66D154000-memory.dmp

Filesize
3.3MB

Download
memory/740-192-0x00007FF6E7460000-0x00007FF6E77B4000-memory.dmp

Filesize
3.3MB

Download
memory/740-627-0x00007FF6E7460000-0x00007FF6E77B4000-memory.dmp

Filesize
3.3MB

Download
memory/1272-24-0x00007FF61EBA0000-0x00007FF61EEF4000-memory.dmp

Filesize
3.3MB

Download
memory/1272-82-0x00007FF61EBA0000-0x00007FF61EEF4000-memory.dmp

Filesize
3.3MB

Download
memory/1504-73-0x00007FF781290000-0x00007FF7815E4000-memory.dmp

Filesize
3.3MB

Download
memory/1504-124-0x00007FF781290000-0x00007FF7815E4000-memory.dmp

Filesize
3.3MB

Download
memory/1524-173-0x00007FF67D3D0000-0x00007FF67D724000-memory.dmp

Filesize
3.3MB

Download
memory/1668-162-0x00007FF6972A0000-0x00007FF6975F4000-memory.dmp

Filesize
3.3MB

Download
memory/1672-144-0x00007FF76CF30000-0x00007FF76D284000-memory.dmp

Filesize
3.3MB

Download
memory/1672-86-0x00007FF76CF30000-0x00007FF76D284000-memory.dmp

Filesize
3.3MB

Download
memory/1784-67-0x00007FF722080000-0x00007FF7223D4000-memory.dmp

Filesize
3.3MB

Download
memory/2000-97-0x00007FF7369E0000-0x00007FF736D34000-memory.dmp

Filesize
3.3MB

Download
memory/2072-75-0x00007FF78B5A0000-0x00007FF78B8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2072-136-0x00007FF78B5A0000-0x00007FF78B8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2492-48-0x00007FF7A2E30000-0x00007FF7A3184000-memory.dmp

Filesize
3.3MB

Download
memory/2492-110-0x00007FF7A2E30000-0x00007FF7A3184000-memory.dmp

Filesize
3.3MB

Download
memory/2580-30-0x00007FF796AD0000-0x00007FF796E24000-memory.dmp

Filesize
3.3MB

Download
memory/2580-96-0x00007FF796AD0000-0x00007FF796E24000-memory.dmp

Filesize
3.3MB

Download
memory/2708-182-0x00007FF65BFC0000-0x00007FF65C314000-memory.dmp

Filesize
3.3MB

Download
memory/2708-126-0x00007FF65BFC0000-0x00007FF65C314000-memory.dmp

Filesize
3.3MB

Download
memory/2828-68-0x00007FF7A5700000-0x00007FF7A5A54000-memory.dmp

Filesize
3.3MB

Download
memory/2828-12-0x00007FF7A5700000-0x00007FF7A5A54000-memory.dmp

Filesize
3.3MB

Download
memory/2980-0-0x00007FF6ED660000-0x00007FF6ED9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-1-0x000002BB5BBF0000-0x000002BB5BC00000-memory.dmp

Filesize
64KB

Download
memory/2980-54-0x00007FF6ED660000-0x00007FF6ED9B4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-99-0x00007FF609E80000-0x00007FF60A1D4000-memory.dmp

Filesize
3.3MB

Download
memory/3004-34-0x00007FF609E80000-0x00007FF60A1D4000-memory.dmp

Filesize
3.3MB

Download
memory/3236-109-0x00007FF7C25D0000-0x00007FF7C2924000-memory.dmp

Filesize
3.3MB

Download
memory/3236-44-0x00007FF7C25D0000-0x00007FF7C2924000-memory.dmp

Filesize
3.3MB

Download
memory/3332-118-0x00007FF687B80000-0x00007FF687ED4000-memory.dmp

Filesize
3.3MB

Download
memory/3332-177-0x00007FF687B80000-0x00007FF687ED4000-memory.dmp

Filesize
3.3MB

Download
memory/3420-195-0x00007FF76B020000-0x00007FF76B374000-memory.dmp

Filesize
3.3MB

Download
memory/3420-138-0x00007FF76B020000-0x00007FF76B374000-memory.dmp

Filesize
3.3MB

Download
memory/3468-159-0x00007FF6FA620000-0x00007FF6FA974000-memory.dmp

Filesize
3.3MB

Download
memory/3468-103-0x00007FF6FA620000-0x00007FF6FA974000-memory.dmp

Filesize
3.3MB

Download
memory/3488-185-0x00007FF6BE170000-0x00007FF6BE4C4000-memory.dmp

Filesize
3.3MB

Download
memory/3488-572-0x00007FF6BE170000-0x00007FF6BE4C4000-memory.dmp

Filesize
3.3MB

Download
memory/3856-164-0x00007FF6F75D0000-0x00007FF6F7924000-memory.dmp

Filesize
3.3MB

Download
memory/3856-117-0x00007FF6F75D0000-0x00007FF6F7924000-memory.dmp

Filesize
3.3MB

Download
memory/4084-223-0x00007FF6D0AA0000-0x00007FF6D0DF4000-memory.dmp

Filesize
3.3MB

Download
memory/4084-151-0x00007FF6D0AA0000-0x00007FF6D0DF4000-memory.dmp

Filesize
3.3MB

Download
memory/4360-8-0x00007FF7A7D20000-0x00007FF7A8074000-memory.dmp

Filesize
3.3MB

Download
memory/4360-63-0x00007FF7A7D20000-0x00007FF7A8074000-memory.dmp

Filesize
3.3MB

Download
memory/4512-191-0x00007FF641F00000-0x00007FF642254000-memory.dmp

Filesize
3.3MB

Download
memory/4512-129-0x00007FF641F00000-0x00007FF642254000-memory.dmp

Filesize
3.3MB

Download
memory/4556-122-0x00007FF6757A0000-0x00007FF675AF4000-memory.dmp

Filesize
3.3MB

Download
memory/4556-56-0x00007FF6757A0000-0x00007FF675AF4000-memory.dmp

Filesize
3.3MB

Download
memory/4736-18-0x00007FF60E360000-0x00007FF60E6B4000-memory.dmp

Filesize
3.3MB

Download
memory/4736-74-0x00007FF60E360000-0x00007FF60E6B4000-memory.dmp

Filesize
3.3MB

Download
memory/4956-98-0x00007FF718BC0000-0x00007FF718F14000-memory.dmp

Filesize
3.3MB

Download