66fe4f89b6a5408851c16d7af393e97969e8712d5e7300a75e54c86ad33d1060

Analysis

max time kernel
126s
max time network
149s
platform
windows10_x64
resource
win10v200430
submitted
15/07/2020, 15:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Doc-Preview.exe
Size

425KB
MD5

f5b7ebf0221bd55dbda661eefde1d958
SHA1

ebbd293fb26da47cdfbc47b55371de2772faa5ac
SHA256

66fe4f89b6a5408851c16d7af393e97969e8712d5e7300a75e54c86ad33d1060
SHA512

3c94d1f492fde84a3ae142349916c874db5b2b53b7755b9de74122ca5aba2801ca0e7185a2df433090c86039354ab2cf31a394337d086705b1a280a97ccda2c7

Score

8^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 840 IoCs

description	pid	Process	procid_target
PID 1628 wrote to memory of 4092	1628	Doc-Preview.exe	72
PID 1628 wrote to memory of 4092	1628	Doc-Preview.exe	72
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77
PID 4092 wrote to memory of 4056	4092	8C1.exe	77

Executes dropped EXE 2 IoCs

pid	Process
4092	8C1.exe
4004	8C1.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4092	8C1.exe
4092	8C1.exe
4004	8C1.exe
4004	8C1.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4092 set thread context of 4056	4092	8C1.exe	77

Blacklisted process makes network request 4 IoCs

flow	pid	Process
12	4056	cmd.exe
13	4056	cmd.exe
14	4056	cmd.exe
15	4056	cmd.exe

C:\Users\Admin\AppData\Local\Temp\Doc-Preview.exe
"C:\Users\Admin\AppData\Local\Temp\Doc-Preview.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1628
- C:\Users\Admin\AppData\Local\Temp\8C1.exe
  C:\Users\Admin\AppData\Local\Temp\8C1.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of SetThreadContext
  PID:4092
- - C:\Windows\SYSTEM32\cmd.exe
    cmd.exe
    3⤵
    - Blacklisted process makes network request
    PID:4056

C:\Users\Admin\AppData\Local\Temp\Doc-Preview.exe
C:\Users\Admin\AppData\Local\Temp\Doc-Preview.exe {BF22B958-85DA-4F99-9630-03735B583D0F}
1⤵
PID:1788

C:\Users\Admin\AppData\Local\Temp\8C1.exe
C:\Users\Admin\AppData\Local\Temp\8C1.exe {C415328B-1F8E-4D0E-9E21-1344BA24DD66}
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1628-0-0x0000000000540000-0x000000000057F000-memory.dmp

Filesize
252KB

Download
memory/1788-1-0x00000000001C0000-0x00000000001FF000-memory.dmp

Filesize
252KB

Download
memory/4004-7-0x00000000020F0000-0x000000000212F000-memory.dmp

Filesize
252KB

Download
memory/4056-8-0x00007FF71DC80000-0x00007FF71DCDA000-memory.dmp

Filesize
360KB

Download
memory/4056-10-0x00007FF71DC80000-0x00007FF71DCDA000-memory.dmp

Filesize
360KB

Download
memory/4092-5-0x0000000002370000-0x00000000023AF000-memory.dmp

Filesize
252KB

Download