Analysis
-
max time kernel
130s -
max time network
149s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
29-06-2020 07:29
Static task
static1
Behavioral task
behavioral1
Sample
3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe
-
Size
283KB
-
MD5
fb605060fe94da77d6bb788674e47c8b
-
SHA1
573b984988b6b4cf81bb504d5e252419a71ec3f0
-
SHA256
3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378
-
SHA512
64936aeca875e23883cf1d5101bbba8e39220c59b7c0f7226b64e67f357fe5bb446885fa1b602a84e08529605e75909ac79aa6cf2efaff17eacab25f6a27d0e8
Score
9/10
Malware Config
Signatures
-
ServiceHost packer 20 IoCs
Detects ServiceHost packer used for .NET malware
resource yara_rule behavioral2/memory/3980-56-0x0000000000000000-mapping.dmp servicehost behavioral2/memory/3980-57-0x0000000000000000-mapping.dmp servicehost behavioral2/memory/3980-58-0x0000000000000000-mapping.dmp servicehost behavioral2/memory/3980-59-0x0000000000000000-mapping.dmp servicehost behavioral2/memory/3980-60-0x0000000000000000-mapping.dmp servicehost behavioral2/memory/3980-61-0x0000000000000000-mapping.dmp servicehost behavioral2/memory/3980-62-0x0000000000000000-mapping.dmp servicehost behavioral2/memory/3980-63-0x0000000000000000-mapping.dmp servicehost behavioral2/memory/3980-65-0x0000000000000000-mapping.dmp servicehost behavioral2/memory/3980-64-0x0000000000000000-mapping.dmp servicehost behavioral2/memory/3980-66-0x0000000000000000-mapping.dmp servicehost behavioral2/memory/3980-67-0x0000000000000000-mapping.dmp servicehost behavioral2/memory/3980-69-0x0000000000000000-mapping.dmp servicehost behavioral2/memory/3980-70-0x0000000000000000-mapping.dmp servicehost behavioral2/memory/3980-72-0x0000000000000000-mapping.dmp servicehost behavioral2/memory/3980-73-0x0000000000000000-mapping.dmp servicehost behavioral2/memory/3980-74-0x0000000000000000-mapping.dmp servicehost behavioral2/memory/3980-75-0x0000000000000000-mapping.dmp servicehost behavioral2/memory/3980-76-0x0000000000000000-mapping.dmp servicehost behavioral2/memory/3980-77-0x0000000000000000-mapping.dmp servicehost -
Adds policy Run key to start application 2 TTPs 4 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\avast = "C:\\Windows\\avast\\avast.exe" 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe Key created \REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe Set value (str) \REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\avast = "C:\\Windows\\avast\\avast.exe" 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe -
Executes dropped EXE 5 IoCs
pid Process 2240 avast.exe 3752 avast.exe 3960 avast.exe 3988 avast.exe 1140 avast.exe -
Modifies Installed Components in the registry 2 TTPs
-
resource yara_rule behavioral2/memory/3944-0-0x0000000024010000-0x0000000024072000-memory.dmp upx behavioral2/memory/3160-41-0x0000000024080000-0x00000000240E2000-memory.dmp upx behavioral2/memory/3980-99-0x0000000024160000-0x00000000241C2000-memory.dmp upx -
Adds Run key to start application 2 TTPs 4 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\avast = "C:\\Windows\\avast\\avast.exe" 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe Key created \REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Windows\CurrentVersion\Run 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe Set value (str) \REGISTRY\USER\S-1-5-21-1231583446-2617009595-2137880041-1000\Software\Microsoft\Windows\CurrentVersion\Run\avast = "C:\\Windows\\avast\\avast.exe" 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe -
Drops file in Windows directory 7 IoCs
description ioc Process File created C:\Windows\avast\avast.exe 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe File opened for modification C:\Windows\avast\avast.exe 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe File opened for modification C:\Windows\avast\avast.exe avast.exe File opened for modification C:\Windows\avast\avast.exe avast.exe File opened for modification C:\Windows\avast\avast.exe avast.exe File opened for modification C:\Windows\avast\avast.exe 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe File opened for modification C:\Windows\avast\ 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 2240 avast.exe 2240 avast.exe 3752 avast.exe 3752 avast.exe 3960 avast.exe 3960 avast.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 3980 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe Token: SeDebugPrivilege 3980 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe -
Suspicious use of WriteProcessMemory 846 IoCs
description pid Process procid_target PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 2988 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 56 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3160 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 66 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3040 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 70 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3160 wrote to memory of 2240 3160 explorer.exe 72 PID 3160 wrote to memory of 2240 3160 explorer.exe 72 PID 3160 wrote to memory of 2240 3160 explorer.exe 72 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3160 wrote to memory of 3752 3160 explorer.exe 73 PID 3160 wrote to memory of 3752 3160 explorer.exe 73 PID 3160 wrote to memory of 3752 3160 explorer.exe 73 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 3160 wrote to memory of 3960 3160 explorer.exe 75 PID 3160 wrote to memory of 3960 3160 explorer.exe 75 PID 3160 wrote to memory of 3960 3160 explorer.exe 75 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 748 2240 avast.exe 74 PID 2240 wrote to memory of 3988 2240 avast.exe 76 PID 2240 wrote to memory of 3988 2240 avast.exe 76 PID 2240 wrote to memory of 3988 2240 avast.exe 76 PID 2240 wrote to memory of 3988 2240 avast.exe 76 PID 2240 wrote to memory of 3988 2240 avast.exe 76 PID 2240 wrote to memory of 3988 2240 avast.exe 76 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 2240 wrote to memory of 3988 2240 avast.exe 76 PID 2240 wrote to memory of 3988 2240 avast.exe 76 PID 2240 wrote to memory of 3988 2240 avast.exe 76 PID 2240 wrote to memory of 3988 2240 avast.exe 76 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 2240 wrote to memory of 3988 2240 avast.exe 76 PID 2240 wrote to memory of 3988 2240 avast.exe 76 PID 2240 wrote to memory of 3988 2240 avast.exe 76 PID 2240 wrote to memory of 3988 2240 avast.exe 76 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 3944 wrote to memory of 3980 3944 3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe 71 PID 2240 wrote to memory of 3988 2240 avast.exe 76 PID 2240 wrote to memory of 3988 2240 avast.exe 76 PID 2240 wrote to memory of 3988 2240 avast.exe 76 PID 2240 wrote to memory of 3988 2240 avast.exe 76 PID 2240 wrote to memory of 3988 2240 avast.exe 76 PID 2240 wrote to memory of 3988 2240 avast.exe 76 PID 2240 wrote to memory of 3988 2240 avast.exe 76 PID 2240 wrote to memory of 3988 2240 avast.exe 76 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 2240 wrote to memory of 3988 2240 avast.exe 76 PID 2240 wrote to memory of 3988 2240 avast.exe 76 PID 2240 wrote to memory of 3988 2240 avast.exe 76 PID 2240 wrote to memory of 3988 2240 avast.exe 76 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 3740 3752 avast.exe 77 PID 3752 wrote to memory of 1140 3752 avast.exe 78 PID 3752 wrote to memory of 1140 3752 avast.exe 78 PID 3752 wrote to memory of 1140 3752 avast.exe 78 PID 3752 wrote to memory of 1140 3752 avast.exe 78 PID 3752 wrote to memory of 1140 3752 avast.exe 78 PID 3752 wrote to memory of 1140 3752 avast.exe 78 PID 3752 wrote to memory of 1140 3752 avast.exe 78 PID 3752 wrote to memory of 1140 3752 avast.exe 78 PID 3752 wrote to memory of 1140 3752 avast.exe 78 PID 3752 wrote to memory of 1140 3752 avast.exe 78 PID 2240 wrote to memory of 3988 2240 avast.exe 76 PID 2240 wrote to memory of 3988 2240 avast.exe 76 PID 2240 wrote to memory of 3988 2240 avast.exe 76
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:2988
-
C:\Users\Admin\AppData\Local\Temp\3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe"C:\Users\Admin\AppData\Local\Temp\3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe"2⤵
- Adds policy Run key to start application
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3944 -
C:\Windows\SysWOW64\explorer.exeexplorer.exe3⤵PID:3160
-
C:\Windows\avast\avast.exe"C:\Windows\avast\avast.exe"4⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
PID:2240 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:748
-
-
C:\Windows\avast\avast.exe"C:\Windows\avast\avast.exe"5⤵
- Executes dropped EXE
PID:3988
-
-
-
C:\Windows\avast\avast.exe"C:\Windows\avast\avast.exe"4⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
PID:3752 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:3740
-
-
C:\Windows\avast\avast.exe"C:\Windows\avast\avast.exe"5⤵
- Executes dropped EXE
PID:1140
-
-
-
C:\Windows\avast\avast.exe"C:\Windows\avast\avast.exe"4⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
PID:3960
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵PID:3040
-
-
C:\Users\Admin\AppData\Local\Temp\3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe"C:\Users\Admin\AppData\Local\Temp\3a32a74e76e2844a515009139d75ec4ae6d785f5850ddcd3cf6cd1bd99604378.exe"3⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:3980
-
-