8bf871d77503944f04612b7ba14be181e46c0333754aea49927538e1cd597a17

Analysis

max time kernel
109s
max time network
137s
platform
windows10_x64
resource
win10
submitted
07/07/2020, 05:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

FIRM ORDER # 2020-1-32410 21981XMH.exe
Size

1.8MB
MD5

3349ba62142880bbe6e35dd4a9be5981
SHA1

f53307dd3ea7e7dfeba1dbd6aa33ffabb3aed628
SHA256

fae5d87e8771f0025e306697f68afe511275e9772af23dfd081ffbfc0b56f38d
SHA512

1dad489fe6ef0d0f99358be688885e10ce2d178b675300e51eff3b169b9952c36e74868d5c8e77388c1ec2c7af895b10e65f21489416caa89de59e746b0a8c37

Score

6^/10

persistence

Malware Config

Signatures

Suspicious use of WriteProcessMemory 688 IoCs

description	pid	Process	procid_target
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67
PID 3908 wrote to memory of 2800	3908	FIRM ORDER # 2020-1-32410 21981XMH.exe	67

Adds Run entry to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Windows\CurrentVersion\Run\Fuhk = "C:\\Users\\Admin\\AppData\\Local\\Fuhk\\Fuhk.hta"	FIRM ORDER # 2020-1-32410 21981XMH.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

C:\Users\Admin\AppData\Local\Temp\FIRM ORDER # 2020-1-32410 21981XMH.exe
"C:\Users\Admin\AppData\Local\Temp\FIRM ORDER # 2020-1-32410 21981XMH.exe"
1⤵
- Suspicious use of WriteProcessMemory
- Adds Run entry to start application
PID:3908
- C:\Program Files (x86)\internet explorer\ieinstal.exe
  "C:\Program Files (x86)\internet explorer\ieinstal.exe"
  2⤵
  PID:2800

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Web Service

T1102

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads