428558fcf4133715cf08d2fdf904b35f3c5e47dadbb5128b43785648688abfa1

Analysis

max time kernel
147s
max time network
151s
platform
windows7_x64
resource
win7v20201028
submitted
09-11-2020 21:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.Crypt9.KSH.23004.12082.exe
Size

500KB
MD5

4849ab316b3dcde68a2a23c22dee2d98
SHA1

48827786029e0575687ee5f0707f7ebfc4ca2515
SHA256

428558fcf4133715cf08d2fdf904b35f3c5e47dadbb5128b43785648688abfa1
SHA512

002c83033bb390c55e4b28d75eda1c4c0793d83ac8cd5af81b421ea688d4d55f3828ec37fd7c4bece762c78ac301891775dd7f8be2690ea88b7f6b62ad1ed888

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exeTfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe

pid	Process
1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe
612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe

Loads dropped DLL 1 IoCs

Processes:

SecuriteInfo.com.Crypt9.KSH.23004.12082.exe

pid	Process
1880	SecuriteInfo.com.Crypt9.KSH.23004.12082.exe

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow	ioc
4	checkip.amazonaws.com

Suspicious use of UnmapMainImage 3 IoCs

Processes:

SecuriteInfo.com.Crypt9.KSH.23004.12082.exeTfdurjtfIngo.com.Crypt9.KSH.23004.12082.exeTfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe

pid	Process
1880	SecuriteInfo.com.Crypt9.KSH.23004.12082.exe
1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe
612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe

Suspicious use of WriteProcessMemory 896 IoCs

Processes:

SecuriteInfo.com.Crypt9.KSH.23004.12082.exeTfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe

description	pid	Process	procid_target
PID 1880 wrote to memory of 1584	1880	SecuriteInfo.com.Crypt9.KSH.23004.12082.exe	29
PID 1880 wrote to memory of 1584	1880	SecuriteInfo.com.Crypt9.KSH.23004.12082.exe	29
PID 1880 wrote to memory of 1584	1880	SecuriteInfo.com.Crypt9.KSH.23004.12082.exe	29
PID 1880 wrote to memory of 1584	1880	SecuriteInfo.com.Crypt9.KSH.23004.12082.exe	29
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1584 wrote to memory of 1772	1584	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	30
PID 1168 wrote to memory of 612	1168	taskeng.exe	32
PID 1168 wrote to memory of 612	1168	taskeng.exe	32
PID 1168 wrote to memory of 612	1168	taskeng.exe	32
PID 1168 wrote to memory of 612	1168	taskeng.exe	32
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33
PID 612 wrote to memory of 1856	612	TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe	33

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Crypt9.KSH.23004.12082.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Crypt9.KSH.23004.12082.exe"
1⤵
- Loads dropped DLL
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1880
- C:\Users\Admin\AppData\Roaming\winapp\TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe
  C:\Users\Admin\AppData\Roaming\winapp\TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  - Suspicious use of WriteProcessMemory
  PID:1584
- - C:\Windows\system32\svchost.exe
    svchost.exe
    3⤵
    PID:1772

C:\Windows\system32\taskeng.exe
taskeng.exe {0A12E72A-84B2-46A3-BD05-3266829EFDB1} S-1-5-18:NT AUTHORITY\System:Service:
1⤵
PID:1168
- C:\Users\Admin\AppData\Roaming\winapp\TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe
  C:\Users\Admin\AppData\Roaming\winapp\TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:612
- - C:\Windows\system32\svchost.exe
    svchost.exe
    3⤵
    PID:1856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\winapp\TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe

MD5
4849ab316b3dcde68a2a23c22dee2d98

SHA1
48827786029e0575687ee5f0707f7ebfc4ca2515

SHA256
428558fcf4133715cf08d2fdf904b35f3c5e47dadbb5128b43785648688abfa1

SHA512
002c83033bb390c55e4b28d75eda1c4c0793d83ac8cd5af81b421ea688d4d55f3828ec37fd7c4bece762c78ac301891775dd7f8be2690ea88b7f6b62ad1ed888

Download Submit
C:\Users\Admin\AppData\Roaming\winapp\TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe

MD5
4849ab316b3dcde68a2a23c22dee2d98

SHA1
48827786029e0575687ee5f0707f7ebfc4ca2515

SHA256
428558fcf4133715cf08d2fdf904b35f3c5e47dadbb5128b43785648688abfa1

SHA512
002c83033bb390c55e4b28d75eda1c4c0793d83ac8cd5af81b421ea688d4d55f3828ec37fd7c4bece762c78ac301891775dd7f8be2690ea88b7f6b62ad1ed888

Download Submit
\Users\Admin\AppData\Roaming\winapp\TfdurjtfIngo.com.Crypt9.KSH.23004.12082.exe

MD5
4849ab316b3dcde68a2a23c22dee2d98

SHA1
48827786029e0575687ee5f0707f7ebfc4ca2515

SHA256
428558fcf4133715cf08d2fdf904b35f3c5e47dadbb5128b43785648688abfa1

SHA512
002c83033bb390c55e4b28d75eda1c4c0793d83ac8cd5af81b421ea688d4d55f3828ec37fd7c4bece762c78ac301891775dd7f8be2690ea88b7f6b62ad1ed888

Download Submit
memory/612-7-0x0000000000000000-mapping.dmp

Download
memory/1584-2-0x0000000000000000-mapping.dmp

Download
memory/1772-5-0x0000000000000000-mapping.dmp

Download
memory/1772-6-0x0000000140000000-0x0000000140025000-memory.dmp

Filesize
148KB

Download
memory/1856-10-0x0000000000000000-mapping.dmp

Download
memory/1880-0-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download