536b5f8fb36ee7fbcef6c1293c8bf1b17d1645aa845a7ac2cccdbe9fd16c99d8

Analysis

max time kernel
74s
max time network
39s
platform
windows7_x64
resource
win7v20201028
submitted
30/12/2020, 19:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

16x.bin.exe
Size

4.4MB
MD5

3e05cdc35f300de783fcb3dcd71e4970
SHA1

abfc51fe7bc93d12d0d163b1f7fecae0a6a8e52e
SHA256

adc220109f73acdd307036a6d14bffa68103a48e2305c3a4f1533aab74d9deb8
SHA512

fff156d64fcd720d2d27b3e53dccb9fb817775b11b04eae44e41bb266112f3655ced03ef3e6037748155bdd02b6d749eda778e92eb66a9362546513c48ce4775

Score

9^/10

evasion spyware

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs
evasion

Query Registry
T1012

Virtualization/Sandbox Evasion
T1497

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	16x.bin.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	16x.bin.exe

Identifies Wine through registry keys 2 TTPs 1 IoCs

Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Wine	16x.bin.exe

Loads dropped DLL 1 IoCs

pid	Process
1048	16x.bin.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware

Data from Local System
T1005

Credentials in Files
T1081

JavaScript code in executable 1 IoCs

resource	yara_rule
behavioral1/files/0x00040000000130d2-6.dat	js

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1048	16x.bin.exe
1048	16x.bin.exe
1048	16x.bin.exe
1048	16x.bin.exe

Suspicious use of AdjustPrivilegeToken 120 IoCs

description	pid	Process
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1048	16x.bin.exe
Token: SeIncBasePriorityPrivilege	1048	16x.bin.exe
Token: 33	1280	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1280	AUDIODG.EXE
Token: 33	1280	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1280	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1048	16x.bin.exe
1048	16x.bin.exe

Suspicious use of WriteProcessMemory 1108 IoCs

description	pid	Process	procid_target
PID 1048 wrote to memory of 1636	1048	16x.bin.exe	32
PID 1048 wrote to memory of 1636	1048	16x.bin.exe	32
PID 1048 wrote to memory of 1636	1048	16x.bin.exe	32
PID 1048 wrote to memory of 1636	1048	16x.bin.exe	32
PID 1048 wrote to memory of 664	1048	16x.bin.exe	33
PID 1048 wrote to memory of 664	1048	16x.bin.exe	33
PID 1048 wrote to memory of 664	1048	16x.bin.exe	33
PID 1048 wrote to memory of 664	1048	16x.bin.exe	33
PID 1048 wrote to memory of 1476	1048	16x.bin.exe	34
PID 1048 wrote to memory of 1476	1048	16x.bin.exe	34
PID 1048 wrote to memory of 1476	1048	16x.bin.exe	34
PID 1048 wrote to memory of 1476	1048	16x.bin.exe	34
PID 1048 wrote to memory of 1488	1048	16x.bin.exe	35
PID 1048 wrote to memory of 1488	1048	16x.bin.exe	35
PID 1048 wrote to memory of 1488	1048	16x.bin.exe	35
PID 1048 wrote to memory of 1488	1048	16x.bin.exe	35
PID 1048 wrote to memory of 1604	1048	16x.bin.exe	36
PID 1048 wrote to memory of 1604	1048	16x.bin.exe	36
PID 1048 wrote to memory of 1604	1048	16x.bin.exe	36
PID 1048 wrote to memory of 1604	1048	16x.bin.exe	36
PID 1048 wrote to memory of 588	1048	16x.bin.exe	37
PID 1048 wrote to memory of 588	1048	16x.bin.exe	37
PID 1048 wrote to memory of 588	1048	16x.bin.exe	37
PID 1048 wrote to memory of 588	1048	16x.bin.exe	37
PID 1048 wrote to memory of 756	1048	16x.bin.exe	38
PID 1048 wrote to memory of 756	1048	16x.bin.exe	38
PID 1048 wrote to memory of 756	1048	16x.bin.exe	38
PID 1048 wrote to memory of 756	1048	16x.bin.exe	38
PID 1048 wrote to memory of 1340	1048	16x.bin.exe	39
PID 1048 wrote to memory of 1340	1048	16x.bin.exe	39
PID 1048 wrote to memory of 1340	1048	16x.bin.exe	39
PID 1048 wrote to memory of 1340	1048	16x.bin.exe	39
PID 1048 wrote to memory of 1540	1048	16x.bin.exe	40
PID 1048 wrote to memory of 1540	1048	16x.bin.exe	40
PID 1048 wrote to memory of 1540	1048	16x.bin.exe	40
PID 1048 wrote to memory of 1540	1048	16x.bin.exe	40
PID 1048 wrote to memory of 1844	1048	16x.bin.exe	41
PID 1048 wrote to memory of 1844	1048	16x.bin.exe	41
PID 1048 wrote to memory of 1844	1048	16x.bin.exe	41
PID 1048 wrote to memory of 1844	1048	16x.bin.exe	41
PID 1048 wrote to memory of 1292	1048	16x.bin.exe	42
PID 1048 wrote to memory of 1292	1048	16x.bin.exe	42
PID 1048 wrote to memory of 1292	1048	16x.bin.exe	42
PID 1048 wrote to memory of 1292	1048	16x.bin.exe	42
PID 1048 wrote to memory of 1940	1048	16x.bin.exe	43
PID 1048 wrote to memory of 1940	1048	16x.bin.exe	43
PID 1048 wrote to memory of 1940	1048	16x.bin.exe	43
PID 1048 wrote to memory of 1940	1048	16x.bin.exe	43
PID 1048 wrote to memory of 1548	1048	16x.bin.exe	44
PID 1048 wrote to memory of 1548	1048	16x.bin.exe	44
PID 1048 wrote to memory of 1548	1048	16x.bin.exe	44
PID 1048 wrote to memory of 1548	1048	16x.bin.exe	44
PID 1048 wrote to memory of 1400	1048	16x.bin.exe	45
PID 1048 wrote to memory of 1400	1048	16x.bin.exe	45
PID 1048 wrote to memory of 1400	1048	16x.bin.exe	45
PID 1048 wrote to memory of 1400	1048	16x.bin.exe	45
PID 1048 wrote to memory of 988	1048	16x.bin.exe	46
PID 1048 wrote to memory of 988	1048	16x.bin.exe	46
PID 1048 wrote to memory of 988	1048	16x.bin.exe	46
PID 1048 wrote to memory of 988	1048	16x.bin.exe	46
PID 1048 wrote to memory of 1564	1048	16x.bin.exe	47
PID 1048 wrote to memory of 1564	1048	16x.bin.exe	47
PID 1048 wrote to memory of 1564	1048	16x.bin.exe	47
PID 1048 wrote to memory of 1564	1048	16x.bin.exe	47
PID 1048 wrote to memory of 936	1048	16x.bin.exe	48
PID 1048 wrote to memory of 936	1048	16x.bin.exe	48
PID 1048 wrote to memory of 936	1048	16x.bin.exe	48
PID 1048 wrote to memory of 936	1048	16x.bin.exe	48
PID 1048 wrote to memory of 824	1048	16x.bin.exe	49
PID 1048 wrote to memory of 824	1048	16x.bin.exe	49
PID 1048 wrote to memory of 824	1048	16x.bin.exe	49
PID 1048 wrote to memory of 824	1048	16x.bin.exe	49
PID 1048 wrote to memory of 976	1048	16x.bin.exe	50
PID 1048 wrote to memory of 976	1048	16x.bin.exe	50
PID 1048 wrote to memory of 976	1048	16x.bin.exe	50
PID 1048 wrote to memory of 976	1048	16x.bin.exe	50
PID 1048 wrote to memory of 912	1048	16x.bin.exe	51
PID 1048 wrote to memory of 912	1048	16x.bin.exe	51
PID 1048 wrote to memory of 912	1048	16x.bin.exe	51
PID 1048 wrote to memory of 912	1048	16x.bin.exe	51
PID 1048 wrote to memory of 1636	1048	16x.bin.exe	52
PID 1048 wrote to memory of 1636	1048	16x.bin.exe	52
PID 1048 wrote to memory of 1636	1048	16x.bin.exe	52
PID 1048 wrote to memory of 1636	1048	16x.bin.exe	52
PID 1048 wrote to memory of 664	1048	16x.bin.exe	53
PID 1048 wrote to memory of 664	1048	16x.bin.exe	53
PID 1048 wrote to memory of 664	1048	16x.bin.exe	53
PID 1048 wrote to memory of 664	1048	16x.bin.exe	53
PID 1048 wrote to memory of 1476	1048	16x.bin.exe	54
PID 1048 wrote to memory of 1476	1048	16x.bin.exe	54
PID 1048 wrote to memory of 1476	1048	16x.bin.exe	54
PID 1048 wrote to memory of 1476	1048	16x.bin.exe	54
PID 1048 wrote to memory of 1288	1048	16x.bin.exe	55
PID 1048 wrote to memory of 1288	1048	16x.bin.exe	55
PID 1048 wrote to memory of 1288	1048	16x.bin.exe	55
PID 1048 wrote to memory of 1288	1048	16x.bin.exe	55
PID 1048 wrote to memory of 2008	1048	16x.bin.exe	56
PID 1048 wrote to memory of 2008	1048	16x.bin.exe	56
PID 1048 wrote to memory of 2008	1048	16x.bin.exe	56
PID 1048 wrote to memory of 2008	1048	16x.bin.exe	56
PID 1048 wrote to memory of 1604	1048	16x.bin.exe	57
PID 1048 wrote to memory of 1604	1048	16x.bin.exe	57
PID 1048 wrote to memory of 1604	1048	16x.bin.exe	57
PID 1048 wrote to memory of 1604	1048	16x.bin.exe	57
PID 1048 wrote to memory of 964	1048	16x.bin.exe	58
PID 1048 wrote to memory of 964	1048	16x.bin.exe	58
PID 1048 wrote to memory of 964	1048	16x.bin.exe	58
PID 1048 wrote to memory of 964	1048	16x.bin.exe	58
PID 1048 wrote to memory of 1820	1048	16x.bin.exe	59
PID 1048 wrote to memory of 1820	1048	16x.bin.exe	59
PID 1048 wrote to memory of 1820	1048	16x.bin.exe	59
PID 1048 wrote to memory of 1820	1048	16x.bin.exe	59
PID 1048 wrote to memory of 1824	1048	16x.bin.exe	60
PID 1048 wrote to memory of 1824	1048	16x.bin.exe	60
PID 1048 wrote to memory of 1824	1048	16x.bin.exe	60
PID 1048 wrote to memory of 1824	1048	16x.bin.exe	60
PID 1048 wrote to memory of 1340	1048	16x.bin.exe	61
PID 1048 wrote to memory of 1340	1048	16x.bin.exe	61
PID 1048 wrote to memory of 1340	1048	16x.bin.exe	61
PID 1048 wrote to memory of 1340	1048	16x.bin.exe	61
PID 1048 wrote to memory of 1540	1048	16x.bin.exe	62
PID 1048 wrote to memory of 1540	1048	16x.bin.exe	62
PID 1048 wrote to memory of 1540	1048	16x.bin.exe	62
PID 1048 wrote to memory of 1540	1048	16x.bin.exe	62
PID 1048 wrote to memory of 1844	1048	16x.bin.exe	63
PID 1048 wrote to memory of 1844	1048	16x.bin.exe	63
PID 1048 wrote to memory of 1844	1048	16x.bin.exe	63
PID 1048 wrote to memory of 1844	1048	16x.bin.exe	63
PID 1048 wrote to memory of 1292	1048	16x.bin.exe	64
PID 1048 wrote to memory of 1292	1048	16x.bin.exe	64
PID 1048 wrote to memory of 1292	1048	16x.bin.exe	64
PID 1048 wrote to memory of 1292	1048	16x.bin.exe	64
PID 1048 wrote to memory of 1940	1048	16x.bin.exe	65
PID 1048 wrote to memory of 1940	1048	16x.bin.exe	65
PID 1048 wrote to memory of 1940	1048	16x.bin.exe	65
PID 1048 wrote to memory of 1940	1048	16x.bin.exe	65
PID 1048 wrote to memory of 1356	1048	16x.bin.exe	66
PID 1048 wrote to memory of 1356	1048	16x.bin.exe	66
PID 1048 wrote to memory of 1356	1048	16x.bin.exe	66
PID 1048 wrote to memory of 1356	1048	16x.bin.exe	66
PID 1048 wrote to memory of 572	1048	16x.bin.exe	67
PID 1048 wrote to memory of 572	1048	16x.bin.exe	67
PID 1048 wrote to memory of 572	1048	16x.bin.exe	67
PID 1048 wrote to memory of 572	1048	16x.bin.exe	67
PID 1048 wrote to memory of 1328	1048	16x.bin.exe	68
PID 1048 wrote to memory of 1328	1048	16x.bin.exe	68
PID 1048 wrote to memory of 1328	1048	16x.bin.exe	68
PID 1048 wrote to memory of 1328	1048	16x.bin.exe	68
PID 1048 wrote to memory of 1376	1048	16x.bin.exe	69
PID 1048 wrote to memory of 1376	1048	16x.bin.exe	69
PID 1048 wrote to memory of 1376	1048	16x.bin.exe	69
PID 1048 wrote to memory of 1376	1048	16x.bin.exe	69
PID 1048 wrote to memory of 268	1048	16x.bin.exe	70
PID 1048 wrote to memory of 268	1048	16x.bin.exe	70
PID 1048 wrote to memory of 268	1048	16x.bin.exe	70
PID 1048 wrote to memory of 268	1048	16x.bin.exe	70
PID 1048 wrote to memory of 1092	1048	16x.bin.exe	71
PID 1048 wrote to memory of 1092	1048	16x.bin.exe	71
PID 1048 wrote to memory of 1092	1048	16x.bin.exe	71
PID 1048 wrote to memory of 1092	1048	16x.bin.exe	71
PID 1048 wrote to memory of 532	1048	16x.bin.exe	72
PID 1048 wrote to memory of 532	1048	16x.bin.exe	72
PID 1048 wrote to memory of 532	1048	16x.bin.exe	72
PID 1048 wrote to memory of 532	1048	16x.bin.exe	72
PID 1048 wrote to memory of 640	1048	16x.bin.exe	73
PID 1048 wrote to memory of 640	1048	16x.bin.exe	73
PID 1048 wrote to memory of 640	1048	16x.bin.exe	73
PID 1048 wrote to memory of 640	1048	16x.bin.exe	73
PID 1048 wrote to memory of 996	1048	16x.bin.exe	74
PID 1048 wrote to memory of 996	1048	16x.bin.exe	74
PID 1048 wrote to memory of 996	1048	16x.bin.exe	74
PID 1048 wrote to memory of 996	1048	16x.bin.exe	74
PID 1048 wrote to memory of 1988	1048	16x.bin.exe	75
PID 1048 wrote to memory of 1988	1048	16x.bin.exe	75
PID 1048 wrote to memory of 1988	1048	16x.bin.exe	75
PID 1048 wrote to memory of 1988	1048	16x.bin.exe	75
PID 1048 wrote to memory of 568	1048	16x.bin.exe	76
PID 1048 wrote to memory of 568	1048	16x.bin.exe	76
PID 1048 wrote to memory of 568	1048	16x.bin.exe	76
PID 1048 wrote to memory of 568	1048	16x.bin.exe	76
PID 1048 wrote to memory of 1488	1048	16x.bin.exe	77
PID 1048 wrote to memory of 1488	1048	16x.bin.exe	77
PID 1048 wrote to memory of 1488	1048	16x.bin.exe	77
PID 1048 wrote to memory of 1488	1048	16x.bin.exe	77
PID 1048 wrote to memory of 1832	1048	16x.bin.exe	78
PID 1048 wrote to memory of 1832	1048	16x.bin.exe	78
PID 1048 wrote to memory of 1832	1048	16x.bin.exe	78
PID 1048 wrote to memory of 1832	1048	16x.bin.exe	78
PID 1048 wrote to memory of 1248	1048	16x.bin.exe	79
PID 1048 wrote to memory of 1248	1048	16x.bin.exe	79
PID 1048 wrote to memory of 1248	1048	16x.bin.exe	79
PID 1048 wrote to memory of 1248	1048	16x.bin.exe	79
PID 1048 wrote to memory of 588	1048	16x.bin.exe	80
PID 1048 wrote to memory of 588	1048	16x.bin.exe	80
PID 1048 wrote to memory of 588	1048	16x.bin.exe	80
PID 1048 wrote to memory of 588	1048	16x.bin.exe	80
PID 1048 wrote to memory of 436	1048	16x.bin.exe	81
PID 1048 wrote to memory of 436	1048	16x.bin.exe	81
PID 1048 wrote to memory of 436	1048	16x.bin.exe	81
PID 1048 wrote to memory of 436	1048	16x.bin.exe	81
PID 1048 wrote to memory of 1504	1048	16x.bin.exe	82
PID 1048 wrote to memory of 1504	1048	16x.bin.exe	82
PID 1048 wrote to memory of 1504	1048	16x.bin.exe	82
PID 1048 wrote to memory of 1504	1048	16x.bin.exe	82
PID 1048 wrote to memory of 1600	1048	16x.bin.exe	83
PID 1048 wrote to memory of 1600	1048	16x.bin.exe	83
PID 1048 wrote to memory of 1600	1048	16x.bin.exe	83
PID 1048 wrote to memory of 1600	1048	16x.bin.exe	83
PID 1048 wrote to memory of 1032	1048	16x.bin.exe	84
PID 1048 wrote to memory of 1032	1048	16x.bin.exe	84
PID 1048 wrote to memory of 1032	1048	16x.bin.exe	84
PID 1048 wrote to memory of 1032	1048	16x.bin.exe	84
PID 1048 wrote to memory of 1744	1048	16x.bin.exe	85
PID 1048 wrote to memory of 1744	1048	16x.bin.exe	85
PID 1048 wrote to memory of 1744	1048	16x.bin.exe	85
PID 1048 wrote to memory of 1744	1048	16x.bin.exe	85
PID 1048 wrote to memory of 1620	1048	16x.bin.exe	86
PID 1048 wrote to memory of 1620	1048	16x.bin.exe	86
PID 1048 wrote to memory of 1620	1048	16x.bin.exe	86
PID 1048 wrote to memory of 1620	1048	16x.bin.exe	86
PID 1048 wrote to memory of 2004	1048	16x.bin.exe	87
PID 1048 wrote to memory of 2004	1048	16x.bin.exe	87
PID 1048 wrote to memory of 2004	1048	16x.bin.exe	87
PID 1048 wrote to memory of 2004	1048	16x.bin.exe	87
PID 1048 wrote to memory of 960	1048	16x.bin.exe	88
PID 1048 wrote to memory of 960	1048	16x.bin.exe	88
PID 1048 wrote to memory of 960	1048	16x.bin.exe	88
PID 1048 wrote to memory of 960	1048	16x.bin.exe	88
PID 1048 wrote to memory of 896	1048	16x.bin.exe	89
PID 1048 wrote to memory of 896	1048	16x.bin.exe	89
PID 1048 wrote to memory of 896	1048	16x.bin.exe	89
PID 1048 wrote to memory of 896	1048	16x.bin.exe	89
PID 1048 wrote to memory of 952	1048	16x.bin.exe	90
PID 1048 wrote to memory of 952	1048	16x.bin.exe	90
PID 1048 wrote to memory of 952	1048	16x.bin.exe	90
PID 1048 wrote to memory of 952	1048	16x.bin.exe	90
PID 1048 wrote to memory of 736	1048	16x.bin.exe	91
PID 1048 wrote to memory of 736	1048	16x.bin.exe	91
PID 1048 wrote to memory of 736	1048	16x.bin.exe	91
PID 1048 wrote to memory of 736	1048	16x.bin.exe	91
PID 1048 wrote to memory of 404	1048	16x.bin.exe	92
PID 1048 wrote to memory of 404	1048	16x.bin.exe	92
PID 1048 wrote to memory of 404	1048	16x.bin.exe	92
PID 1048 wrote to memory of 404	1048	16x.bin.exe	92
PID 1048 wrote to memory of 932	1048	16x.bin.exe	93
PID 1048 wrote to memory of 932	1048	16x.bin.exe	93
PID 1048 wrote to memory of 932	1048	16x.bin.exe	93
PID 1048 wrote to memory of 932	1048	16x.bin.exe	93
PID 1048 wrote to memory of 1484	1048	16x.bin.exe	94
PID 1048 wrote to memory of 1484	1048	16x.bin.exe	94
PID 1048 wrote to memory of 1484	1048	16x.bin.exe	94
PID 1048 wrote to memory of 1484	1048	16x.bin.exe	94
PID 1048 wrote to memory of 1264	1048	16x.bin.exe	95
PID 1048 wrote to memory of 1264	1048	16x.bin.exe	95
PID 1048 wrote to memory of 1264	1048	16x.bin.exe	95
PID 1048 wrote to memory of 1264	1048	16x.bin.exe	95
PID 1048 wrote to memory of 908	1048	16x.bin.exe	96
PID 1048 wrote to memory of 908	1048	16x.bin.exe	96
PID 1048 wrote to memory of 908	1048	16x.bin.exe	96
PID 1048 wrote to memory of 908	1048	16x.bin.exe	96
PID 1048 wrote to memory of 856	1048	16x.bin.exe	97
PID 1048 wrote to memory of 856	1048	16x.bin.exe	97
PID 1048 wrote to memory of 856	1048	16x.bin.exe	97
PID 1048 wrote to memory of 856	1048	16x.bin.exe	97
PID 1048 wrote to memory of 520	1048	16x.bin.exe	98
PID 1048 wrote to memory of 520	1048	16x.bin.exe	98
PID 1048 wrote to memory of 520	1048	16x.bin.exe	98
PID 1048 wrote to memory of 520	1048	16x.bin.exe	98
PID 1048 wrote to memory of 924	1048	16x.bin.exe	99
PID 1048 wrote to memory of 924	1048	16x.bin.exe	99
PID 1048 wrote to memory of 924	1048	16x.bin.exe	99
PID 1048 wrote to memory of 924	1048	16x.bin.exe	99
PID 1048 wrote to memory of 1672	1048	16x.bin.exe	100
PID 1048 wrote to memory of 1672	1048	16x.bin.exe	100
PID 1048 wrote to memory of 1672	1048	16x.bin.exe	100
PID 1048 wrote to memory of 1672	1048	16x.bin.exe	100
PID 1048 wrote to memory of 1932	1048	16x.bin.exe	101
PID 1048 wrote to memory of 1932	1048	16x.bin.exe	101
PID 1048 wrote to memory of 1932	1048	16x.bin.exe	101
PID 1048 wrote to memory of 1932	1048	16x.bin.exe	101
PID 1048 wrote to memory of 1072	1048	16x.bin.exe	102
PID 1048 wrote to memory of 1072	1048	16x.bin.exe	102
PID 1048 wrote to memory of 1072	1048	16x.bin.exe	102
PID 1048 wrote to memory of 1072	1048	16x.bin.exe	102
PID 1048 wrote to memory of 652	1048	16x.bin.exe	103
PID 1048 wrote to memory of 652	1048	16x.bin.exe	103
PID 1048 wrote to memory of 652	1048	16x.bin.exe	103
PID 1048 wrote to memory of 652	1048	16x.bin.exe	103
PID 1048 wrote to memory of 820	1048	16x.bin.exe	104
PID 1048 wrote to memory of 820	1048	16x.bin.exe	104
PID 1048 wrote to memory of 820	1048	16x.bin.exe	104
PID 1048 wrote to memory of 820	1048	16x.bin.exe	104
PID 1048 wrote to memory of 756	1048	16x.bin.exe	105
PID 1048 wrote to memory of 756	1048	16x.bin.exe	105
PID 1048 wrote to memory of 756	1048	16x.bin.exe	105
PID 1048 wrote to memory of 756	1048	16x.bin.exe	105
PID 1048 wrote to memory of 1868	1048	16x.bin.exe	106
PID 1048 wrote to memory of 1868	1048	16x.bin.exe	106
PID 1048 wrote to memory of 1868	1048	16x.bin.exe	106
PID 1048 wrote to memory of 1868	1048	16x.bin.exe	106
PID 1048 wrote to memory of 1880	1048	16x.bin.exe	107
PID 1048 wrote to memory of 1880	1048	16x.bin.exe	107
PID 1048 wrote to memory of 1880	1048	16x.bin.exe	107
PID 1048 wrote to memory of 1880	1048	16x.bin.exe	107
PID 1048 wrote to memory of 384	1048	16x.bin.exe	108
PID 1048 wrote to memory of 384	1048	16x.bin.exe	108
PID 1048 wrote to memory of 384	1048	16x.bin.exe	108
PID 1048 wrote to memory of 384	1048	16x.bin.exe	108
PID 1048 wrote to memory of 1740	1048	16x.bin.exe	109
PID 1048 wrote to memory of 1740	1048	16x.bin.exe	109
PID 1048 wrote to memory of 1740	1048	16x.bin.exe	109
PID 1048 wrote to memory of 1740	1048	16x.bin.exe	109
PID 1048 wrote to memory of 1608	1048	16x.bin.exe	110
PID 1048 wrote to memory of 1608	1048	16x.bin.exe	110
PID 1048 wrote to memory of 1608	1048	16x.bin.exe	110
PID 1048 wrote to memory of 1608	1048	16x.bin.exe	110
PID 1048 wrote to memory of 1992	1048	16x.bin.exe	111
PID 1048 wrote to memory of 1992	1048	16x.bin.exe	111
PID 1048 wrote to memory of 1992	1048	16x.bin.exe	111
PID 1048 wrote to memory of 1992	1048	16x.bin.exe	111
PID 1048 wrote to memory of 1548	1048	16x.bin.exe	112
PID 1048 wrote to memory of 1548	1048	16x.bin.exe	112
PID 1048 wrote to memory of 1548	1048	16x.bin.exe	112
PID 1048 wrote to memory of 1548	1048	16x.bin.exe	112
PID 1048 wrote to memory of 1400	1048	16x.bin.exe	113
PID 1048 wrote to memory of 1400	1048	16x.bin.exe	113
PID 1048 wrote to memory of 1400	1048	16x.bin.exe	113
PID 1048 wrote to memory of 1400	1048	16x.bin.exe	113
PID 1048 wrote to memory of 988	1048	16x.bin.exe	114
PID 1048 wrote to memory of 988	1048	16x.bin.exe	114
PID 1048 wrote to memory of 988	1048	16x.bin.exe	114
PID 1048 wrote to memory of 988	1048	16x.bin.exe	114
PID 1048 wrote to memory of 1564	1048	16x.bin.exe	115
PID 1048 wrote to memory of 1564	1048	16x.bin.exe	115
PID 1048 wrote to memory of 1564	1048	16x.bin.exe	115
PID 1048 wrote to memory of 1564	1048	16x.bin.exe	115
PID 1048 wrote to memory of 1584	1048	16x.bin.exe	116
PID 1048 wrote to memory of 1584	1048	16x.bin.exe	116
PID 1048 wrote to memory of 1584	1048	16x.bin.exe	116
PID 1048 wrote to memory of 1584	1048	16x.bin.exe	116
PID 1048 wrote to memory of 1632	1048	16x.bin.exe	117
PID 1048 wrote to memory of 1632	1048	16x.bin.exe	117
PID 1048 wrote to memory of 1632	1048	16x.bin.exe	117
PID 1048 wrote to memory of 1632	1048	16x.bin.exe	117
PID 1048 wrote to memory of 1392	1048	16x.bin.exe	118
PID 1048 wrote to memory of 1392	1048	16x.bin.exe	118
PID 1048 wrote to memory of 1392	1048	16x.bin.exe	118
PID 1048 wrote to memory of 1392	1048	16x.bin.exe	118
PID 1048 wrote to memory of 672	1048	16x.bin.exe	119
PID 1048 wrote to memory of 672	1048	16x.bin.exe	119
PID 1048 wrote to memory of 672	1048	16x.bin.exe	119
PID 1048 wrote to memory of 672	1048	16x.bin.exe	119
PID 1048 wrote to memory of 268	1048	16x.bin.exe	120
PID 1048 wrote to memory of 268	1048	16x.bin.exe	120
PID 1048 wrote to memory of 268	1048	16x.bin.exe	120
PID 1048 wrote to memory of 268	1048	16x.bin.exe	120
PID 1048 wrote to memory of 1092	1048	16x.bin.exe	121
PID 1048 wrote to memory of 1092	1048	16x.bin.exe	121
PID 1048 wrote to memory of 1092	1048	16x.bin.exe	121
PID 1048 wrote to memory of 1092	1048	16x.bin.exe	121
PID 1048 wrote to memory of 532	1048	16x.bin.exe	122
PID 1048 wrote to memory of 532	1048	16x.bin.exe	122
PID 1048 wrote to memory of 532	1048	16x.bin.exe	122
PID 1048 wrote to memory of 532	1048	16x.bin.exe	122
PID 1048 wrote to memory of 640	1048	16x.bin.exe	123
PID 1048 wrote to memory of 640	1048	16x.bin.exe	123
PID 1048 wrote to memory of 640	1048	16x.bin.exe	123
PID 1048 wrote to memory of 640	1048	16x.bin.exe	123
PID 1048 wrote to memory of 996	1048	16x.bin.exe	124
PID 1048 wrote to memory of 996	1048	16x.bin.exe	124
PID 1048 wrote to memory of 996	1048	16x.bin.exe	124
PID 1048 wrote to memory of 996	1048	16x.bin.exe	124
PID 1048 wrote to memory of 1988	1048	16x.bin.exe	125
PID 1048 wrote to memory of 1988	1048	16x.bin.exe	125
PID 1048 wrote to memory of 1988	1048	16x.bin.exe	125
PID 1048 wrote to memory of 1988	1048	16x.bin.exe	125
PID 1048 wrote to memory of 568	1048	16x.bin.exe	126
PID 1048 wrote to memory of 568	1048	16x.bin.exe	126
PID 1048 wrote to memory of 568	1048	16x.bin.exe	126
PID 1048 wrote to memory of 568	1048	16x.bin.exe	126
PID 1048 wrote to memory of 1488	1048	16x.bin.exe	127
PID 1048 wrote to memory of 1488	1048	16x.bin.exe	127
PID 1048 wrote to memory of 1488	1048	16x.bin.exe	127
PID 1048 wrote to memory of 1488	1048	16x.bin.exe	127
PID 1048 wrote to memory of 1832	1048	16x.bin.exe	128
PID 1048 wrote to memory of 1832	1048	16x.bin.exe	128
PID 1048 wrote to memory of 1832	1048	16x.bin.exe	128
PID 1048 wrote to memory of 1832	1048	16x.bin.exe	128
PID 1048 wrote to memory of 1248	1048	16x.bin.exe	129
PID 1048 wrote to memory of 1248	1048	16x.bin.exe	129
PID 1048 wrote to memory of 1248	1048	16x.bin.exe	129
PID 1048 wrote to memory of 1248	1048	16x.bin.exe	129
PID 1048 wrote to memory of 588	1048	16x.bin.exe	130
PID 1048 wrote to memory of 588	1048	16x.bin.exe	130
PID 1048 wrote to memory of 588	1048	16x.bin.exe	130
PID 1048 wrote to memory of 588	1048	16x.bin.exe	130
PID 1048 wrote to memory of 436	1048	16x.bin.exe	131
PID 1048 wrote to memory of 436	1048	16x.bin.exe	131
PID 1048 wrote to memory of 436	1048	16x.bin.exe	131
PID 1048 wrote to memory of 436	1048	16x.bin.exe	131
PID 1048 wrote to memory of 1504	1048	16x.bin.exe	132
PID 1048 wrote to memory of 1504	1048	16x.bin.exe	132
PID 1048 wrote to memory of 1504	1048	16x.bin.exe	132
PID 1048 wrote to memory of 1504	1048	16x.bin.exe	132
PID 1048 wrote to memory of 1600	1048	16x.bin.exe	133
PID 1048 wrote to memory of 1600	1048	16x.bin.exe	133
PID 1048 wrote to memory of 1600	1048	16x.bin.exe	133
PID 1048 wrote to memory of 1600	1048	16x.bin.exe	133
PID 1048 wrote to memory of 1032	1048	16x.bin.exe	134
PID 1048 wrote to memory of 1032	1048	16x.bin.exe	134
PID 1048 wrote to memory of 1032	1048	16x.bin.exe	134
PID 1048 wrote to memory of 1032	1048	16x.bin.exe	134
PID 1048 wrote to memory of 1744	1048	16x.bin.exe	135
PID 1048 wrote to memory of 1744	1048	16x.bin.exe	135
PID 1048 wrote to memory of 1744	1048	16x.bin.exe	135
PID 1048 wrote to memory of 1744	1048	16x.bin.exe	135
PID 1048 wrote to memory of 1620	1048	16x.bin.exe	136
PID 1048 wrote to memory of 1620	1048	16x.bin.exe	136
PID 1048 wrote to memory of 1620	1048	16x.bin.exe	136
PID 1048 wrote to memory of 1620	1048	16x.bin.exe	136
PID 1048 wrote to memory of 2004	1048	16x.bin.exe	137
PID 1048 wrote to memory of 2004	1048	16x.bin.exe	137
PID 1048 wrote to memory of 2004	1048	16x.bin.exe	137
PID 1048 wrote to memory of 2004	1048	16x.bin.exe	137
PID 1048 wrote to memory of 960	1048	16x.bin.exe	138
PID 1048 wrote to memory of 960	1048	16x.bin.exe	138
PID 1048 wrote to memory of 960	1048	16x.bin.exe	138
PID 1048 wrote to memory of 960	1048	16x.bin.exe	138
PID 1048 wrote to memory of 896	1048	16x.bin.exe	139
PID 1048 wrote to memory of 896	1048	16x.bin.exe	139
PID 1048 wrote to memory of 896	1048	16x.bin.exe	139
PID 1048 wrote to memory of 896	1048	16x.bin.exe	139
PID 1048 wrote to memory of 952	1048	16x.bin.exe	140
PID 1048 wrote to memory of 952	1048	16x.bin.exe	140
PID 1048 wrote to memory of 952	1048	16x.bin.exe	140
PID 1048 wrote to memory of 952	1048	16x.bin.exe	140
PID 1048 wrote to memory of 736	1048	16x.bin.exe	141
PID 1048 wrote to memory of 736	1048	16x.bin.exe	141
PID 1048 wrote to memory of 736	1048	16x.bin.exe	141
PID 1048 wrote to memory of 736	1048	16x.bin.exe	141
PID 1048 wrote to memory of 404	1048	16x.bin.exe	142
PID 1048 wrote to memory of 404	1048	16x.bin.exe	142
PID 1048 wrote to memory of 404	1048	16x.bin.exe	142
PID 1048 wrote to memory of 404	1048	16x.bin.exe	142
PID 1048 wrote to memory of 932	1048	16x.bin.exe	143
PID 1048 wrote to memory of 932	1048	16x.bin.exe	143
PID 1048 wrote to memory of 932	1048	16x.bin.exe	143
PID 1048 wrote to memory of 932	1048	16x.bin.exe	143
PID 1048 wrote to memory of 1484	1048	16x.bin.exe	144
PID 1048 wrote to memory of 1484	1048	16x.bin.exe	144
PID 1048 wrote to memory of 1484	1048	16x.bin.exe	144
PID 1048 wrote to memory of 1484	1048	16x.bin.exe	144
PID 1048 wrote to memory of 1264	1048	16x.bin.exe	145
PID 1048 wrote to memory of 1264	1048	16x.bin.exe	145
PID 1048 wrote to memory of 1264	1048	16x.bin.exe	145
PID 1048 wrote to memory of 1264	1048	16x.bin.exe	145
PID 1048 wrote to memory of 908	1048	16x.bin.exe	146
PID 1048 wrote to memory of 908	1048	16x.bin.exe	146
PID 1048 wrote to memory of 908	1048	16x.bin.exe	146
PID 1048 wrote to memory of 908	1048	16x.bin.exe	146
PID 1048 wrote to memory of 856	1048	16x.bin.exe	147
PID 1048 wrote to memory of 856	1048	16x.bin.exe	147
PID 1048 wrote to memory of 856	1048	16x.bin.exe	147
PID 1048 wrote to memory of 856	1048	16x.bin.exe	147
PID 1048 wrote to memory of 520	1048	16x.bin.exe	148
PID 1048 wrote to memory of 520	1048	16x.bin.exe	148
PID 1048 wrote to memory of 520	1048	16x.bin.exe	148
PID 1048 wrote to memory of 520	1048	16x.bin.exe	148
PID 1048 wrote to memory of 924	1048	16x.bin.exe	149
PID 1048 wrote to memory of 924	1048	16x.bin.exe	149
PID 1048 wrote to memory of 924	1048	16x.bin.exe	149
PID 1048 wrote to memory of 924	1048	16x.bin.exe	149
PID 1048 wrote to memory of 1672	1048	16x.bin.exe	150
PID 1048 wrote to memory of 1672	1048	16x.bin.exe	150
PID 1048 wrote to memory of 1672	1048	16x.bin.exe	150
PID 1048 wrote to memory of 1672	1048	16x.bin.exe	150
PID 1048 wrote to memory of 1932	1048	16x.bin.exe	151
PID 1048 wrote to memory of 1932	1048	16x.bin.exe	151
PID 1048 wrote to memory of 1932	1048	16x.bin.exe	151
PID 1048 wrote to memory of 1932	1048	16x.bin.exe	151
PID 1048 wrote to memory of 1072	1048	16x.bin.exe	152
PID 1048 wrote to memory of 1072	1048	16x.bin.exe	152
PID 1048 wrote to memory of 1072	1048	16x.bin.exe	152
PID 1048 wrote to memory of 1072	1048	16x.bin.exe	152
PID 1048 wrote to memory of 652	1048	16x.bin.exe	153
PID 1048 wrote to memory of 652	1048	16x.bin.exe	153
PID 1048 wrote to memory of 652	1048	16x.bin.exe	153
PID 1048 wrote to memory of 652	1048	16x.bin.exe	153
PID 1048 wrote to memory of 820	1048	16x.bin.exe	154
PID 1048 wrote to memory of 820	1048	16x.bin.exe	154
PID 1048 wrote to memory of 820	1048	16x.bin.exe	154
PID 1048 wrote to memory of 820	1048	16x.bin.exe	154
PID 1048 wrote to memory of 756	1048	16x.bin.exe	155
PID 1048 wrote to memory of 756	1048	16x.bin.exe	155
PID 1048 wrote to memory of 756	1048	16x.bin.exe	155
PID 1048 wrote to memory of 756	1048	16x.bin.exe	155
PID 1048 wrote to memory of 1868	1048	16x.bin.exe	156
PID 1048 wrote to memory of 1868	1048	16x.bin.exe	156
PID 1048 wrote to memory of 1868	1048	16x.bin.exe	156
PID 1048 wrote to memory of 1868	1048	16x.bin.exe	156
PID 1048 wrote to memory of 1880	1048	16x.bin.exe	157
PID 1048 wrote to memory of 1880	1048	16x.bin.exe	157
PID 1048 wrote to memory of 1880	1048	16x.bin.exe	157
PID 1048 wrote to memory of 1880	1048	16x.bin.exe	157
PID 1048 wrote to memory of 384	1048	16x.bin.exe	158
PID 1048 wrote to memory of 384	1048	16x.bin.exe	158
PID 1048 wrote to memory of 384	1048	16x.bin.exe	158
PID 1048 wrote to memory of 384	1048	16x.bin.exe	158
PID 1048 wrote to memory of 1740	1048	16x.bin.exe	159
PID 1048 wrote to memory of 1740	1048	16x.bin.exe	159
PID 1048 wrote to memory of 1740	1048	16x.bin.exe	159
PID 1048 wrote to memory of 1740	1048	16x.bin.exe	159
PID 1048 wrote to memory of 1608	1048	16x.bin.exe	160
PID 1048 wrote to memory of 1608	1048	16x.bin.exe	160
PID 1048 wrote to memory of 1608	1048	16x.bin.exe	160
PID 1048 wrote to memory of 1608	1048	16x.bin.exe	160
PID 1048 wrote to memory of 1992	1048	16x.bin.exe	161
PID 1048 wrote to memory of 1992	1048	16x.bin.exe	161
PID 1048 wrote to memory of 1992	1048	16x.bin.exe	161
PID 1048 wrote to memory of 1992	1048	16x.bin.exe	161
PID 1048 wrote to memory of 1548	1048	16x.bin.exe	162
PID 1048 wrote to memory of 1548	1048	16x.bin.exe	162
PID 1048 wrote to memory of 1548	1048	16x.bin.exe	162
PID 1048 wrote to memory of 1548	1048	16x.bin.exe	162
PID 1048 wrote to memory of 1400	1048	16x.bin.exe	163
PID 1048 wrote to memory of 1400	1048	16x.bin.exe	163
PID 1048 wrote to memory of 1400	1048	16x.bin.exe	163
PID 1048 wrote to memory of 1400	1048	16x.bin.exe	163
PID 1048 wrote to memory of 988	1048	16x.bin.exe	164
PID 1048 wrote to memory of 988	1048	16x.bin.exe	164
PID 1048 wrote to memory of 988	1048	16x.bin.exe	164
PID 1048 wrote to memory of 988	1048	16x.bin.exe	164
PID 1048 wrote to memory of 1564	1048	16x.bin.exe	165
PID 1048 wrote to memory of 1564	1048	16x.bin.exe	165
PID 1048 wrote to memory of 1564	1048	16x.bin.exe	165
PID 1048 wrote to memory of 1564	1048	16x.bin.exe	165
PID 1048 wrote to memory of 1584	1048	16x.bin.exe	166
PID 1048 wrote to memory of 1584	1048	16x.bin.exe	166
PID 1048 wrote to memory of 1584	1048	16x.bin.exe	166
PID 1048 wrote to memory of 1584	1048	16x.bin.exe	166
PID 1048 wrote to memory of 1632	1048	16x.bin.exe	167
PID 1048 wrote to memory of 1632	1048	16x.bin.exe	167
PID 1048 wrote to memory of 1632	1048	16x.bin.exe	167
PID 1048 wrote to memory of 1632	1048	16x.bin.exe	167
PID 1048 wrote to memory of 1392	1048	16x.bin.exe	168
PID 1048 wrote to memory of 1392	1048	16x.bin.exe	168
PID 1048 wrote to memory of 1392	1048	16x.bin.exe	168
PID 1048 wrote to memory of 1392	1048	16x.bin.exe	168
PID 1048 wrote to memory of 672	1048	16x.bin.exe	169
PID 1048 wrote to memory of 672	1048	16x.bin.exe	169
PID 1048 wrote to memory of 672	1048	16x.bin.exe	169
PID 1048 wrote to memory of 672	1048	16x.bin.exe	169
PID 1048 wrote to memory of 268	1048	16x.bin.exe	170
PID 1048 wrote to memory of 268	1048	16x.bin.exe	170
PID 1048 wrote to memory of 268	1048	16x.bin.exe	170
PID 1048 wrote to memory of 268	1048	16x.bin.exe	170
PID 1048 wrote to memory of 1092	1048	16x.bin.exe	171
PID 1048 wrote to memory of 1092	1048	16x.bin.exe	171
PID 1048 wrote to memory of 1092	1048	16x.bin.exe	171
PID 1048 wrote to memory of 1092	1048	16x.bin.exe	171
PID 1048 wrote to memory of 532	1048	16x.bin.exe	172
PID 1048 wrote to memory of 532	1048	16x.bin.exe	172
PID 1048 wrote to memory of 532	1048	16x.bin.exe	172
PID 1048 wrote to memory of 532	1048	16x.bin.exe	172
PID 1048 wrote to memory of 640	1048	16x.bin.exe	173
PID 1048 wrote to memory of 640	1048	16x.bin.exe	173
PID 1048 wrote to memory of 640	1048	16x.bin.exe	173
PID 1048 wrote to memory of 640	1048	16x.bin.exe	173
PID 1048 wrote to memory of 996	1048	16x.bin.exe	174
PID 1048 wrote to memory of 996	1048	16x.bin.exe	174
PID 1048 wrote to memory of 996	1048	16x.bin.exe	174
PID 1048 wrote to memory of 996	1048	16x.bin.exe	174
PID 1048 wrote to memory of 1988	1048	16x.bin.exe	175
PID 1048 wrote to memory of 1988	1048	16x.bin.exe	175
PID 1048 wrote to memory of 1988	1048	16x.bin.exe	175
PID 1048 wrote to memory of 1988	1048	16x.bin.exe	175
PID 1048 wrote to memory of 568	1048	16x.bin.exe	176
PID 1048 wrote to memory of 568	1048	16x.bin.exe	176
PID 1048 wrote to memory of 568	1048	16x.bin.exe	176
PID 1048 wrote to memory of 568	1048	16x.bin.exe	176
PID 1048 wrote to memory of 1288	1048	16x.bin.exe	177
PID 1048 wrote to memory of 1288	1048	16x.bin.exe	177
PID 1048 wrote to memory of 1288	1048	16x.bin.exe	177
PID 1048 wrote to memory of 1288	1048	16x.bin.exe	177
PID 1048 wrote to memory of 2008	1048	16x.bin.exe	178
PID 1048 wrote to memory of 2008	1048	16x.bin.exe	178
PID 1048 wrote to memory of 2008	1048	16x.bin.exe	178
PID 1048 wrote to memory of 2008	1048	16x.bin.exe	178
PID 1048 wrote to memory of 1604	1048	16x.bin.exe	179
PID 1048 wrote to memory of 1604	1048	16x.bin.exe	179
PID 1048 wrote to memory of 1604	1048	16x.bin.exe	179
PID 1048 wrote to memory of 1604	1048	16x.bin.exe	179
PID 1048 wrote to memory of 756	1048	16x.bin.exe	180
PID 1048 wrote to memory of 756	1048	16x.bin.exe	180
PID 1048 wrote to memory of 756	1048	16x.bin.exe	180
PID 1048 wrote to memory of 756	1048	16x.bin.exe	180
PID 1048 wrote to memory of 1868	1048	16x.bin.exe	181
PID 1048 wrote to memory of 1868	1048	16x.bin.exe	181
PID 1048 wrote to memory of 1868	1048	16x.bin.exe	181
PID 1048 wrote to memory of 1868	1048	16x.bin.exe	181
PID 1048 wrote to memory of 1880	1048	16x.bin.exe	182
PID 1048 wrote to memory of 1880	1048	16x.bin.exe	182
PID 1048 wrote to memory of 1880	1048	16x.bin.exe	182
PID 1048 wrote to memory of 1880	1048	16x.bin.exe	182
PID 1048 wrote to memory of 384	1048	16x.bin.exe	183
PID 1048 wrote to memory of 384	1048	16x.bin.exe	183
PID 1048 wrote to memory of 384	1048	16x.bin.exe	183
PID 1048 wrote to memory of 384	1048	16x.bin.exe	183
PID 1048 wrote to memory of 1740	1048	16x.bin.exe	184
PID 1048 wrote to memory of 1740	1048	16x.bin.exe	184
PID 1048 wrote to memory of 1740	1048	16x.bin.exe	184
PID 1048 wrote to memory of 1740	1048	16x.bin.exe	184
PID 1048 wrote to memory of 1608	1048	16x.bin.exe	185
PID 1048 wrote to memory of 1608	1048	16x.bin.exe	185
PID 1048 wrote to memory of 1608	1048	16x.bin.exe	185
PID 1048 wrote to memory of 1608	1048	16x.bin.exe	185
PID 1048 wrote to memory of 1992	1048	16x.bin.exe	186
PID 1048 wrote to memory of 1992	1048	16x.bin.exe	186
PID 1048 wrote to memory of 1992	1048	16x.bin.exe	186
PID 1048 wrote to memory of 1992	1048	16x.bin.exe	186
PID 1048 wrote to memory of 1548	1048	16x.bin.exe	187
PID 1048 wrote to memory of 1548	1048	16x.bin.exe	187
PID 1048 wrote to memory of 1548	1048	16x.bin.exe	187
PID 1048 wrote to memory of 1548	1048	16x.bin.exe	187
PID 1048 wrote to memory of 1400	1048	16x.bin.exe	188
PID 1048 wrote to memory of 1400	1048	16x.bin.exe	188
PID 1048 wrote to memory of 1400	1048	16x.bin.exe	188
PID 1048 wrote to memory of 1400	1048	16x.bin.exe	188
PID 1048 wrote to memory of 988	1048	16x.bin.exe	189
PID 1048 wrote to memory of 988	1048	16x.bin.exe	189
PID 1048 wrote to memory of 988	1048	16x.bin.exe	189
PID 1048 wrote to memory of 988	1048	16x.bin.exe	189
PID 1048 wrote to memory of 1564	1048	16x.bin.exe	190
PID 1048 wrote to memory of 1564	1048	16x.bin.exe	190
PID 1048 wrote to memory of 1564	1048	16x.bin.exe	190
PID 1048 wrote to memory of 1564	1048	16x.bin.exe	190
PID 1048 wrote to memory of 1584	1048	16x.bin.exe	191
PID 1048 wrote to memory of 1584	1048	16x.bin.exe	191
PID 1048 wrote to memory of 1584	1048	16x.bin.exe	191
PID 1048 wrote to memory of 1584	1048	16x.bin.exe	191
PID 1048 wrote to memory of 1632	1048	16x.bin.exe	192
PID 1048 wrote to memory of 1632	1048	16x.bin.exe	192
PID 1048 wrote to memory of 1632	1048	16x.bin.exe	192
PID 1048 wrote to memory of 1632	1048	16x.bin.exe	192
PID 1048 wrote to memory of 1392	1048	16x.bin.exe	193
PID 1048 wrote to memory of 1392	1048	16x.bin.exe	193
PID 1048 wrote to memory of 1392	1048	16x.bin.exe	193
PID 1048 wrote to memory of 1392	1048	16x.bin.exe	193
PID 1048 wrote to memory of 672	1048	16x.bin.exe	194
PID 1048 wrote to memory of 672	1048	16x.bin.exe	194
PID 1048 wrote to memory of 672	1048	16x.bin.exe	194
PID 1048 wrote to memory of 672	1048	16x.bin.exe	194
PID 1048 wrote to memory of 268	1048	16x.bin.exe	195
PID 1048 wrote to memory of 268	1048	16x.bin.exe	195
PID 1048 wrote to memory of 268	1048	16x.bin.exe	195
PID 1048 wrote to memory of 268	1048	16x.bin.exe	195
PID 1048 wrote to memory of 1092	1048	16x.bin.exe	196
PID 1048 wrote to memory of 1092	1048	16x.bin.exe	196
PID 1048 wrote to memory of 1092	1048	16x.bin.exe	196
PID 1048 wrote to memory of 1092	1048	16x.bin.exe	196
PID 1048 wrote to memory of 532	1048	16x.bin.exe	197
PID 1048 wrote to memory of 532	1048	16x.bin.exe	197
PID 1048 wrote to memory of 532	1048	16x.bin.exe	197
PID 1048 wrote to memory of 532	1048	16x.bin.exe	197
PID 1048 wrote to memory of 640	1048	16x.bin.exe	198
PID 1048 wrote to memory of 640	1048	16x.bin.exe	198
PID 1048 wrote to memory of 640	1048	16x.bin.exe	198
PID 1048 wrote to memory of 640	1048	16x.bin.exe	198
PID 1048 wrote to memory of 996	1048	16x.bin.exe	199
PID 1048 wrote to memory of 996	1048	16x.bin.exe	199
PID 1048 wrote to memory of 996	1048	16x.bin.exe	199
PID 1048 wrote to memory of 996	1048	16x.bin.exe	199
PID 1048 wrote to memory of 1988	1048	16x.bin.exe	200
PID 1048 wrote to memory of 1988	1048	16x.bin.exe	200
PID 1048 wrote to memory of 1988	1048	16x.bin.exe	200
PID 1048 wrote to memory of 1988	1048	16x.bin.exe	200
PID 1048 wrote to memory of 568	1048	16x.bin.exe	201
PID 1048 wrote to memory of 568	1048	16x.bin.exe	201
PID 1048 wrote to memory of 568	1048	16x.bin.exe	201
PID 1048 wrote to memory of 568	1048	16x.bin.exe	201
PID 1048 wrote to memory of 1288	1048	16x.bin.exe	202
PID 1048 wrote to memory of 1288	1048	16x.bin.exe	202
PID 1048 wrote to memory of 1288	1048	16x.bin.exe	202
PID 1048 wrote to memory of 1288	1048	16x.bin.exe	202
PID 1048 wrote to memory of 2008	1048	16x.bin.exe	203
PID 1048 wrote to memory of 2008	1048	16x.bin.exe	203
PID 1048 wrote to memory of 2008	1048	16x.bin.exe	203
PID 1048 wrote to memory of 2008	1048	16x.bin.exe	203
PID 1048 wrote to memory of 1604	1048	16x.bin.exe	204
PID 1048 wrote to memory of 1604	1048	16x.bin.exe	204
PID 1048 wrote to memory of 1604	1048	16x.bin.exe	204
PID 1048 wrote to memory of 1604	1048	16x.bin.exe	204
PID 1048 wrote to memory of 1824	1048	16x.bin.exe	205
PID 1048 wrote to memory of 1824	1048	16x.bin.exe	205
PID 1048 wrote to memory of 1824	1048	16x.bin.exe	205
PID 1048 wrote to memory of 1824	1048	16x.bin.exe	205
PID 1048 wrote to memory of 1340	1048	16x.bin.exe	206
PID 1048 wrote to memory of 1340	1048	16x.bin.exe	206
PID 1048 wrote to memory of 1340	1048	16x.bin.exe	206
PID 1048 wrote to memory of 1340	1048	16x.bin.exe	206
PID 1048 wrote to memory of 1540	1048	16x.bin.exe	207
PID 1048 wrote to memory of 1540	1048	16x.bin.exe	207
PID 1048 wrote to memory of 1540	1048	16x.bin.exe	207
PID 1048 wrote to memory of 1540	1048	16x.bin.exe	207
PID 1048 wrote to memory of 1844	1048	16x.bin.exe	208
PID 1048 wrote to memory of 1844	1048	16x.bin.exe	208
PID 1048 wrote to memory of 1844	1048	16x.bin.exe	208
PID 1048 wrote to memory of 1844	1048	16x.bin.exe	208
PID 1048 wrote to memory of 1620	1048	16x.bin.exe	209
PID 1048 wrote to memory of 1620	1048	16x.bin.exe	209
PID 1048 wrote to memory of 1620	1048	16x.bin.exe	209
PID 1048 wrote to memory of 1620	1048	16x.bin.exe	209
PID 1048 wrote to memory of 2004	1048	16x.bin.exe	210
PID 1048 wrote to memory of 2004	1048	16x.bin.exe	210
PID 1048 wrote to memory of 2004	1048	16x.bin.exe	210
PID 1048 wrote to memory of 2004	1048	16x.bin.exe	210
PID 1048 wrote to memory of 960	1048	16x.bin.exe	211
PID 1048 wrote to memory of 960	1048	16x.bin.exe	211
PID 1048 wrote to memory of 960	1048	16x.bin.exe	211
PID 1048 wrote to memory of 960	1048	16x.bin.exe	211
PID 1048 wrote to memory of 896	1048	16x.bin.exe	212
PID 1048 wrote to memory of 896	1048	16x.bin.exe	212
PID 1048 wrote to memory of 896	1048	16x.bin.exe	212
PID 1048 wrote to memory of 896	1048	16x.bin.exe	212
PID 1048 wrote to memory of 952	1048	16x.bin.exe	213
PID 1048 wrote to memory of 952	1048	16x.bin.exe	213
PID 1048 wrote to memory of 952	1048	16x.bin.exe	213
PID 1048 wrote to memory of 952	1048	16x.bin.exe	213
PID 1048 wrote to memory of 736	1048	16x.bin.exe	214
PID 1048 wrote to memory of 736	1048	16x.bin.exe	214
PID 1048 wrote to memory of 736	1048	16x.bin.exe	214
PID 1048 wrote to memory of 736	1048	16x.bin.exe	214
PID 1048 wrote to memory of 404	1048	16x.bin.exe	215
PID 1048 wrote to memory of 404	1048	16x.bin.exe	215
PID 1048 wrote to memory of 404	1048	16x.bin.exe	215
PID 1048 wrote to memory of 404	1048	16x.bin.exe	215
PID 1048 wrote to memory of 932	1048	16x.bin.exe	216
PID 1048 wrote to memory of 932	1048	16x.bin.exe	216
PID 1048 wrote to memory of 932	1048	16x.bin.exe	216
PID 1048 wrote to memory of 932	1048	16x.bin.exe	216
PID 1048 wrote to memory of 1484	1048	16x.bin.exe	217
PID 1048 wrote to memory of 1484	1048	16x.bin.exe	217
PID 1048 wrote to memory of 1484	1048	16x.bin.exe	217
PID 1048 wrote to memory of 1484	1048	16x.bin.exe	217
PID 1048 wrote to memory of 1264	1048	16x.bin.exe	218
PID 1048 wrote to memory of 1264	1048	16x.bin.exe	218
PID 1048 wrote to memory of 1264	1048	16x.bin.exe	218
PID 1048 wrote to memory of 1264	1048	16x.bin.exe	218
PID 1048 wrote to memory of 908	1048	16x.bin.exe	219
PID 1048 wrote to memory of 908	1048	16x.bin.exe	219
PID 1048 wrote to memory of 908	1048	16x.bin.exe	219
PID 1048 wrote to memory of 908	1048	16x.bin.exe	219
PID 1048 wrote to memory of 856	1048	16x.bin.exe	220
PID 1048 wrote to memory of 856	1048	16x.bin.exe	220
PID 1048 wrote to memory of 856	1048	16x.bin.exe	220
PID 1048 wrote to memory of 856	1048	16x.bin.exe	220
PID 1048 wrote to memory of 520	1048	16x.bin.exe	221
PID 1048 wrote to memory of 520	1048	16x.bin.exe	221
PID 1048 wrote to memory of 520	1048	16x.bin.exe	221
PID 1048 wrote to memory of 520	1048	16x.bin.exe	221
PID 1048 wrote to memory of 924	1048	16x.bin.exe	222
PID 1048 wrote to memory of 924	1048	16x.bin.exe	222
PID 1048 wrote to memory of 924	1048	16x.bin.exe	222
PID 1048 wrote to memory of 924	1048	16x.bin.exe	222
PID 1048 wrote to memory of 1672	1048	16x.bin.exe	223
PID 1048 wrote to memory of 1672	1048	16x.bin.exe	223
PID 1048 wrote to memory of 1672	1048	16x.bin.exe	223
PID 1048 wrote to memory of 1672	1048	16x.bin.exe	223
PID 1048 wrote to memory of 1932	1048	16x.bin.exe	224
PID 1048 wrote to memory of 1932	1048	16x.bin.exe	224
PID 1048 wrote to memory of 1932	1048	16x.bin.exe	224
PID 1048 wrote to memory of 1932	1048	16x.bin.exe	224
PID 1048 wrote to memory of 1832	1048	16x.bin.exe	225
PID 1048 wrote to memory of 1832	1048	16x.bin.exe	225
PID 1048 wrote to memory of 1832	1048	16x.bin.exe	225
PID 1048 wrote to memory of 1832	1048	16x.bin.exe	225
PID 1048 wrote to memory of 616	1048	16x.bin.exe	226
PID 1048 wrote to memory of 616	1048	16x.bin.exe	226
PID 1048 wrote to memory of 616	1048	16x.bin.exe	226
PID 1048 wrote to memory of 616	1048	16x.bin.exe	226
PID 1048 wrote to memory of 748	1048	16x.bin.exe	227
PID 1048 wrote to memory of 748	1048	16x.bin.exe	227
PID 1048 wrote to memory of 748	1048	16x.bin.exe	227
PID 1048 wrote to memory of 748	1048	16x.bin.exe	227
PID 1048 wrote to memory of 940	1048	16x.bin.exe	228
PID 1048 wrote to memory of 940	1048	16x.bin.exe	228
PID 1048 wrote to memory of 940	1048	16x.bin.exe	228
PID 1048 wrote to memory of 940	1048	16x.bin.exe	228
PID 1048 wrote to memory of 1288	1048	16x.bin.exe	229
PID 1048 wrote to memory of 1288	1048	16x.bin.exe	229
PID 1048 wrote to memory of 1288	1048	16x.bin.exe	229
PID 1048 wrote to memory of 1288	1048	16x.bin.exe	229
PID 1048 wrote to memory of 2008	1048	16x.bin.exe	230
PID 1048 wrote to memory of 2008	1048	16x.bin.exe	230
PID 1048 wrote to memory of 2008	1048	16x.bin.exe	230
PID 1048 wrote to memory of 2008	1048	16x.bin.exe	230
PID 1048 wrote to memory of 1604	1048	16x.bin.exe	231
PID 1048 wrote to memory of 1604	1048	16x.bin.exe	231
PID 1048 wrote to memory of 1604	1048	16x.bin.exe	231
PID 1048 wrote to memory of 1604	1048	16x.bin.exe	231
PID 1048 wrote to memory of 1824	1048	16x.bin.exe	232
PID 1048 wrote to memory of 1824	1048	16x.bin.exe	232
PID 1048 wrote to memory of 1824	1048	16x.bin.exe	232
PID 1048 wrote to memory of 1824	1048	16x.bin.exe	232
PID 1048 wrote to memory of 1340	1048	16x.bin.exe	233
PID 1048 wrote to memory of 1340	1048	16x.bin.exe	233
PID 1048 wrote to memory of 1340	1048	16x.bin.exe	233
PID 1048 wrote to memory of 1340	1048	16x.bin.exe	233
PID 1048 wrote to memory of 1540	1048	16x.bin.exe	234
PID 1048 wrote to memory of 1540	1048	16x.bin.exe	234
PID 1048 wrote to memory of 1540	1048	16x.bin.exe	234
PID 1048 wrote to memory of 1540	1048	16x.bin.exe	234
PID 1048 wrote to memory of 1844	1048	16x.bin.exe	235
PID 1048 wrote to memory of 1844	1048	16x.bin.exe	235
PID 1048 wrote to memory of 1844	1048	16x.bin.exe	235
PID 1048 wrote to memory of 1844	1048	16x.bin.exe	235
PID 1048 wrote to memory of 1620	1048	16x.bin.exe	236
PID 1048 wrote to memory of 1620	1048	16x.bin.exe	236
PID 1048 wrote to memory of 1620	1048	16x.bin.exe	236
PID 1048 wrote to memory of 1620	1048	16x.bin.exe	236
PID 1048 wrote to memory of 2004	1048	16x.bin.exe	237
PID 1048 wrote to memory of 2004	1048	16x.bin.exe	237
PID 1048 wrote to memory of 2004	1048	16x.bin.exe	237
PID 1048 wrote to memory of 2004	1048	16x.bin.exe	237
PID 1048 wrote to memory of 960	1048	16x.bin.exe	238
PID 1048 wrote to memory of 960	1048	16x.bin.exe	238
PID 1048 wrote to memory of 960	1048	16x.bin.exe	238
PID 1048 wrote to memory of 960	1048	16x.bin.exe	238
PID 1048 wrote to memory of 896	1048	16x.bin.exe	239
PID 1048 wrote to memory of 896	1048	16x.bin.exe	239
PID 1048 wrote to memory of 896	1048	16x.bin.exe	239
PID 1048 wrote to memory of 896	1048	16x.bin.exe	239
PID 1048 wrote to memory of 952	1048	16x.bin.exe	240
PID 1048 wrote to memory of 952	1048	16x.bin.exe	240
PID 1048 wrote to memory of 952	1048	16x.bin.exe	240
PID 1048 wrote to memory of 952	1048	16x.bin.exe	240
PID 1048 wrote to memory of 736	1048	16x.bin.exe	241
PID 1048 wrote to memory of 736	1048	16x.bin.exe	241
PID 1048 wrote to memory of 736	1048	16x.bin.exe	241
PID 1048 wrote to memory of 736	1048	16x.bin.exe	241
PID 1048 wrote to memory of 404	1048	16x.bin.exe	242
PID 1048 wrote to memory of 404	1048	16x.bin.exe	242
PID 1048 wrote to memory of 404	1048	16x.bin.exe	242
PID 1048 wrote to memory of 404	1048	16x.bin.exe	242
PID 1048 wrote to memory of 932	1048	16x.bin.exe	243
PID 1048 wrote to memory of 932	1048	16x.bin.exe	243
PID 1048 wrote to memory of 932	1048	16x.bin.exe	243
PID 1048 wrote to memory of 932	1048	16x.bin.exe	243
PID 1048 wrote to memory of 1484	1048	16x.bin.exe	244
PID 1048 wrote to memory of 1484	1048	16x.bin.exe	244
PID 1048 wrote to memory of 1484	1048	16x.bin.exe	244
PID 1048 wrote to memory of 1484	1048	16x.bin.exe	244
PID 1048 wrote to memory of 1264	1048	16x.bin.exe	245
PID 1048 wrote to memory of 1264	1048	16x.bin.exe	245
PID 1048 wrote to memory of 1264	1048	16x.bin.exe	245
PID 1048 wrote to memory of 1264	1048	16x.bin.exe	245
PID 1048 wrote to memory of 908	1048	16x.bin.exe	246
PID 1048 wrote to memory of 908	1048	16x.bin.exe	246
PID 1048 wrote to memory of 908	1048	16x.bin.exe	246
PID 1048 wrote to memory of 908	1048	16x.bin.exe	246
PID 1048 wrote to memory of 856	1048	16x.bin.exe	247
PID 1048 wrote to memory of 856	1048	16x.bin.exe	247
PID 1048 wrote to memory of 856	1048	16x.bin.exe	247
PID 1048 wrote to memory of 856	1048	16x.bin.exe	247
PID 1048 wrote to memory of 520	1048	16x.bin.exe	248
PID 1048 wrote to memory of 520	1048	16x.bin.exe	248
PID 1048 wrote to memory of 520	1048	16x.bin.exe	248
PID 1048 wrote to memory of 520	1048	16x.bin.exe	248
PID 1048 wrote to memory of 924	1048	16x.bin.exe	249
PID 1048 wrote to memory of 924	1048	16x.bin.exe	249
PID 1048 wrote to memory of 924	1048	16x.bin.exe	249
PID 1048 wrote to memory of 924	1048	16x.bin.exe	249
PID 1048 wrote to memory of 1672	1048	16x.bin.exe	250
PID 1048 wrote to memory of 1672	1048	16x.bin.exe	250
PID 1048 wrote to memory of 1672	1048	16x.bin.exe	250
PID 1048 wrote to memory of 1672	1048	16x.bin.exe	250
PID 1048 wrote to memory of 1932	1048	16x.bin.exe	251
PID 1048 wrote to memory of 1932	1048	16x.bin.exe	251
PID 1048 wrote to memory of 1932	1048	16x.bin.exe	251
PID 1048 wrote to memory of 1932	1048	16x.bin.exe	251
PID 1048 wrote to memory of 1832	1048	16x.bin.exe	252
PID 1048 wrote to memory of 1832	1048	16x.bin.exe	252
PID 1048 wrote to memory of 1832	1048	16x.bin.exe	252
PID 1048 wrote to memory of 1832	1048	16x.bin.exe	252
PID 1048 wrote to memory of 616	1048	16x.bin.exe	253
PID 1048 wrote to memory of 616	1048	16x.bin.exe	253
PID 1048 wrote to memory of 616	1048	16x.bin.exe	253
PID 1048 wrote to memory of 616	1048	16x.bin.exe	253
PID 1048 wrote to memory of 748	1048	16x.bin.exe	254
PID 1048 wrote to memory of 748	1048	16x.bin.exe	254
PID 1048 wrote to memory of 748	1048	16x.bin.exe	254
PID 1048 wrote to memory of 748	1048	16x.bin.exe	254
PID 1048 wrote to memory of 940	1048	16x.bin.exe	255
PID 1048 wrote to memory of 940	1048	16x.bin.exe	255
PID 1048 wrote to memory of 940	1048	16x.bin.exe	255
PID 1048 wrote to memory of 940	1048	16x.bin.exe	255
PID 1048 wrote to memory of 1288	1048	16x.bin.exe	256
PID 1048 wrote to memory of 1288	1048	16x.bin.exe	256
PID 1048 wrote to memory of 1288	1048	16x.bin.exe	256
PID 1048 wrote to memory of 1288	1048	16x.bin.exe	256
PID 1048 wrote to memory of 2008	1048	16x.bin.exe	257
PID 1048 wrote to memory of 2008	1048	16x.bin.exe	257
PID 1048 wrote to memory of 2008	1048	16x.bin.exe	257
PID 1048 wrote to memory of 2008	1048	16x.bin.exe	257
PID 1048 wrote to memory of 1604	1048	16x.bin.exe	258
PID 1048 wrote to memory of 1604	1048	16x.bin.exe	258
PID 1048 wrote to memory of 1604	1048	16x.bin.exe	258
PID 1048 wrote to memory of 1604	1048	16x.bin.exe	258
PID 1048 wrote to memory of 1824	1048	16x.bin.exe	259
PID 1048 wrote to memory of 1824	1048	16x.bin.exe	259
PID 1048 wrote to memory of 1824	1048	16x.bin.exe	259
PID 1048 wrote to memory of 1824	1048	16x.bin.exe	259
PID 1048 wrote to memory of 1340	1048	16x.bin.exe	260
PID 1048 wrote to memory of 1340	1048	16x.bin.exe	260
PID 1048 wrote to memory of 1340	1048	16x.bin.exe	260
PID 1048 wrote to memory of 1340	1048	16x.bin.exe	260
PID 1048 wrote to memory of 1940	1048	16x.bin.exe	261
PID 1048 wrote to memory of 1940	1048	16x.bin.exe	261
PID 1048 wrote to memory of 1940	1048	16x.bin.exe	261
PID 1048 wrote to memory of 1940	1048	16x.bin.exe	261
PID 1048 wrote to memory of 1356	1048	16x.bin.exe	262
PID 1048 wrote to memory of 1356	1048	16x.bin.exe	262
PID 1048 wrote to memory of 1356	1048	16x.bin.exe	262
PID 1048 wrote to memory of 1356	1048	16x.bin.exe	262
PID 1048 wrote to memory of 572	1048	16x.bin.exe	263
PID 1048 wrote to memory of 572	1048	16x.bin.exe	263
PID 1048 wrote to memory of 572	1048	16x.bin.exe	263
PID 1048 wrote to memory of 572	1048	16x.bin.exe	263
PID 1048 wrote to memory of 1328	1048	16x.bin.exe	264
PID 1048 wrote to memory of 1328	1048	16x.bin.exe	264
PID 1048 wrote to memory of 1328	1048	16x.bin.exe	264
PID 1048 wrote to memory of 1328	1048	16x.bin.exe	264
PID 1048 wrote to memory of 1376	1048	16x.bin.exe	265
PID 1048 wrote to memory of 1376	1048	16x.bin.exe	265
PID 1048 wrote to memory of 1376	1048	16x.bin.exe	265
PID 1048 wrote to memory of 1376	1048	16x.bin.exe	265
PID 1048 wrote to memory of 1384	1048	16x.bin.exe	266
PID 1048 wrote to memory of 1384	1048	16x.bin.exe	266
PID 1048 wrote to memory of 1384	1048	16x.bin.exe	266
PID 1048 wrote to memory of 1384	1048	16x.bin.exe	266
PID 1048 wrote to memory of 1676	1048	16x.bin.exe	267
PID 1048 wrote to memory of 1676	1048	16x.bin.exe	267
PID 1048 wrote to memory of 1676	1048	16x.bin.exe	267
PID 1048 wrote to memory of 1676	1048	16x.bin.exe	267
PID 1048 wrote to memory of 1104	1048	16x.bin.exe	268
PID 1048 wrote to memory of 1104	1048	16x.bin.exe	268
PID 1048 wrote to memory of 1104	1048	16x.bin.exe	268
PID 1048 wrote to memory of 1104	1048	16x.bin.exe	268
PID 1048 wrote to memory of 936	1048	16x.bin.exe	269
PID 1048 wrote to memory of 936	1048	16x.bin.exe	269
PID 1048 wrote to memory of 936	1048	16x.bin.exe	269
PID 1048 wrote to memory of 936	1048	16x.bin.exe	269
PID 1048 wrote to memory of 824	1048	16x.bin.exe	270
PID 1048 wrote to memory of 824	1048	16x.bin.exe	270
PID 1048 wrote to memory of 824	1048	16x.bin.exe	270
PID 1048 wrote to memory of 824	1048	16x.bin.exe	270
PID 1048 wrote to memory of 976	1048	16x.bin.exe	271
PID 1048 wrote to memory of 976	1048	16x.bin.exe	271
PID 1048 wrote to memory of 976	1048	16x.bin.exe	271
PID 1048 wrote to memory of 976	1048	16x.bin.exe	271
PID 1048 wrote to memory of 912	1048	16x.bin.exe	272
PID 1048 wrote to memory of 912	1048	16x.bin.exe	272
PID 1048 wrote to memory of 912	1048	16x.bin.exe	272
PID 1048 wrote to memory of 912	1048	16x.bin.exe	272
PID 1048 wrote to memory of 1636	1048	16x.bin.exe	273
PID 1048 wrote to memory of 1636	1048	16x.bin.exe	273
PID 1048 wrote to memory of 1636	1048	16x.bin.exe	273
PID 1048 wrote to memory of 1636	1048	16x.bin.exe	273
PID 1048 wrote to memory of 520	1048	16x.bin.exe	274
PID 1048 wrote to memory of 520	1048	16x.bin.exe	274
PID 1048 wrote to memory of 520	1048	16x.bin.exe	274
PID 1048 wrote to memory of 520	1048	16x.bin.exe	274
PID 1048 wrote to memory of 924	1048	16x.bin.exe	275
PID 1048 wrote to memory of 924	1048	16x.bin.exe	275
PID 1048 wrote to memory of 924	1048	16x.bin.exe	275
PID 1048 wrote to memory of 924	1048	16x.bin.exe	275
PID 1048 wrote to memory of 1672	1048	16x.bin.exe	276
PID 1048 wrote to memory of 1672	1048	16x.bin.exe	276
PID 1048 wrote to memory of 1672	1048	16x.bin.exe	276
PID 1048 wrote to memory of 1672	1048	16x.bin.exe	276
PID 1048 wrote to memory of 1932	1048	16x.bin.exe	277
PID 1048 wrote to memory of 1932	1048	16x.bin.exe	277
PID 1048 wrote to memory of 1932	1048	16x.bin.exe	277
PID 1048 wrote to memory of 1932	1048	16x.bin.exe	277
PID 1048 wrote to memory of 1832	1048	16x.bin.exe	278
PID 1048 wrote to memory of 1832	1048	16x.bin.exe	278
PID 1048 wrote to memory of 1832	1048	16x.bin.exe	278
PID 1048 wrote to memory of 1832	1048	16x.bin.exe	278
PID 1048 wrote to memory of 616	1048	16x.bin.exe	279
PID 1048 wrote to memory of 616	1048	16x.bin.exe	279
PID 1048 wrote to memory of 616	1048	16x.bin.exe	279
PID 1048 wrote to memory of 616	1048	16x.bin.exe	279
PID 1048 wrote to memory of 748	1048	16x.bin.exe	280
PID 1048 wrote to memory of 748	1048	16x.bin.exe	280
PID 1048 wrote to memory of 748	1048	16x.bin.exe	280
PID 1048 wrote to memory of 748	1048	16x.bin.exe	280
PID 1048 wrote to memory of 940	1048	16x.bin.exe	281
PID 1048 wrote to memory of 940	1048	16x.bin.exe	281
PID 1048 wrote to memory of 940	1048	16x.bin.exe	281
PID 1048 wrote to memory of 940	1048	16x.bin.exe	281
PID 1048 wrote to memory of 1288	1048	16x.bin.exe	282
PID 1048 wrote to memory of 1288	1048	16x.bin.exe	282
PID 1048 wrote to memory of 1288	1048	16x.bin.exe	282
PID 1048 wrote to memory of 1288	1048	16x.bin.exe	282
PID 1048 wrote to memory of 2008	1048	16x.bin.exe	283
PID 1048 wrote to memory of 2008	1048	16x.bin.exe	283
PID 1048 wrote to memory of 2008	1048	16x.bin.exe	283
PID 1048 wrote to memory of 2008	1048	16x.bin.exe	283
PID 1048 wrote to memory of 1604	1048	16x.bin.exe	284
PID 1048 wrote to memory of 1604	1048	16x.bin.exe	284
PID 1048 wrote to memory of 1604	1048	16x.bin.exe	284
PID 1048 wrote to memory of 1604	1048	16x.bin.exe	284
PID 1048 wrote to memory of 1824	1048	16x.bin.exe	285
PID 1048 wrote to memory of 1824	1048	16x.bin.exe	285
PID 1048 wrote to memory of 1824	1048	16x.bin.exe	285
PID 1048 wrote to memory of 1824	1048	16x.bin.exe	285
PID 1048 wrote to memory of 1340	1048	16x.bin.exe	286
PID 1048 wrote to memory of 1340	1048	16x.bin.exe	286
PID 1048 wrote to memory of 1340	1048	16x.bin.exe	286
PID 1048 wrote to memory of 1340	1048	16x.bin.exe	286
PID 1048 wrote to memory of 1992	1048	16x.bin.exe	287
PID 1048 wrote to memory of 1992	1048	16x.bin.exe	287
PID 1048 wrote to memory of 1992	1048	16x.bin.exe	287
PID 1048 wrote to memory of 1992	1048	16x.bin.exe	287
PID 1048 wrote to memory of 1548	1048	16x.bin.exe	288
PID 1048 wrote to memory of 1548	1048	16x.bin.exe	288
PID 1048 wrote to memory of 1548	1048	16x.bin.exe	288
PID 1048 wrote to memory of 1548	1048	16x.bin.exe	288
PID 1048 wrote to memory of 1400	1048	16x.bin.exe	289
PID 1048 wrote to memory of 1400	1048	16x.bin.exe	289
PID 1048 wrote to memory of 1400	1048	16x.bin.exe	289
PID 1048 wrote to memory of 1400	1048	16x.bin.exe	289
PID 1048 wrote to memory of 988	1048	16x.bin.exe	290
PID 1048 wrote to memory of 988	1048	16x.bin.exe	290
PID 1048 wrote to memory of 988	1048	16x.bin.exe	290
PID 1048 wrote to memory of 988	1048	16x.bin.exe	290
PID 1048 wrote to memory of 1564	1048	16x.bin.exe	291
PID 1048 wrote to memory of 1564	1048	16x.bin.exe	291
PID 1048 wrote to memory of 1564	1048	16x.bin.exe	291
PID 1048 wrote to memory of 1564	1048	16x.bin.exe	291
PID 1048 wrote to memory of 1584	1048	16x.bin.exe	292
PID 1048 wrote to memory of 1584	1048	16x.bin.exe	292
PID 1048 wrote to memory of 1584	1048	16x.bin.exe	292
PID 1048 wrote to memory of 1584	1048	16x.bin.exe	292
PID 1048 wrote to memory of 1632	1048	16x.bin.exe	293
PID 1048 wrote to memory of 1632	1048	16x.bin.exe	293
PID 1048 wrote to memory of 1632	1048	16x.bin.exe	293
PID 1048 wrote to memory of 1632	1048	16x.bin.exe	293
PID 1048 wrote to memory of 1392	1048	16x.bin.exe	294
PID 1048 wrote to memory of 1392	1048	16x.bin.exe	294
PID 1048 wrote to memory of 1392	1048	16x.bin.exe	294
PID 1048 wrote to memory of 1392	1048	16x.bin.exe	294
PID 1048 wrote to memory of 672	1048	16x.bin.exe	295
PID 1048 wrote to memory of 672	1048	16x.bin.exe	295
PID 1048 wrote to memory of 672	1048	16x.bin.exe	295
PID 1048 wrote to memory of 672	1048	16x.bin.exe	295
PID 1048 wrote to memory of 268	1048	16x.bin.exe	296
PID 1048 wrote to memory of 268	1048	16x.bin.exe	296
PID 1048 wrote to memory of 268	1048	16x.bin.exe	296
PID 1048 wrote to memory of 268	1048	16x.bin.exe	296
PID 1048 wrote to memory of 1092	1048	16x.bin.exe	297
PID 1048 wrote to memory of 1092	1048	16x.bin.exe	297
PID 1048 wrote to memory of 1092	1048	16x.bin.exe	297
PID 1048 wrote to memory of 1092	1048	16x.bin.exe	297
PID 1048 wrote to memory of 532	1048	16x.bin.exe	298
PID 1048 wrote to memory of 532	1048	16x.bin.exe	298
PID 1048 wrote to memory of 532	1048	16x.bin.exe	298
PID 1048 wrote to memory of 532	1048	16x.bin.exe	298
PID 1048 wrote to memory of 640	1048	16x.bin.exe	299
PID 1048 wrote to memory of 640	1048	16x.bin.exe	299
PID 1048 wrote to memory of 640	1048	16x.bin.exe	299
PID 1048 wrote to memory of 640	1048	16x.bin.exe	299
PID 1048 wrote to memory of 1476	1048	16x.bin.exe	300
PID 1048 wrote to memory of 1476	1048	16x.bin.exe	300
PID 1048 wrote to memory of 1476	1048	16x.bin.exe	300
PID 1048 wrote to memory of 1476	1048	16x.bin.exe	300
PID 1048 wrote to memory of 1072	1048	16x.bin.exe	301
PID 1048 wrote to memory of 1072	1048	16x.bin.exe	301
PID 1048 wrote to memory of 1072	1048	16x.bin.exe	301
PID 1048 wrote to memory of 1072	1048	16x.bin.exe	301
PID 1048 wrote to memory of 956	1048	16x.bin.exe	302
PID 1048 wrote to memory of 956	1048	16x.bin.exe	302
PID 1048 wrote to memory of 956	1048	16x.bin.exe	302
PID 1048 wrote to memory of 956	1048	16x.bin.exe	302
PID 1048 wrote to memory of 860	1048	16x.bin.exe	303
PID 1048 wrote to memory of 860	1048	16x.bin.exe	303
PID 1048 wrote to memory of 860	1048	16x.bin.exe	303
PID 1048 wrote to memory of 860	1048	16x.bin.exe	303
PID 1048 wrote to memory of 1560	1048	16x.bin.exe	304
PID 1048 wrote to memory of 1560	1048	16x.bin.exe	304
PID 1048 wrote to memory of 1560	1048	16x.bin.exe	304
PID 1048 wrote to memory of 1560	1048	16x.bin.exe	304
PID 1048 wrote to memory of 1248	1048	16x.bin.exe	305
PID 1048 wrote to memory of 1248	1048	16x.bin.exe	305
PID 1048 wrote to memory of 1248	1048	16x.bin.exe	305
PID 1048 wrote to memory of 1248	1048	16x.bin.exe	305
PID 1048 wrote to memory of 788	1048	16x.bin.exe	306
PID 1048 wrote to memory of 788	1048	16x.bin.exe	306
PID 1048 wrote to memory of 788	1048	16x.bin.exe	306
PID 1048 wrote to memory of 788	1048	16x.bin.exe	306
PID 1048 wrote to memory of 748	1048	16x.bin.exe	307
PID 1048 wrote to memory of 748	1048	16x.bin.exe	307
PID 1048 wrote to memory of 748	1048	16x.bin.exe	307
PID 1048 wrote to memory of 748	1048	16x.bin.exe	307
PID 1048 wrote to memory of 940	1048	16x.bin.exe	308
PID 1048 wrote to memory of 940	1048	16x.bin.exe	308
PID 1048 wrote to memory of 940	1048	16x.bin.exe	308
PID 1048 wrote to memory of 940	1048	16x.bin.exe	308

C:\Users\Admin\AppData\Local\Temp\16x.bin.exe
"C:\Users\Admin\AppData\Local\Temp\16x.bin.exe"
1⤵
- Checks BIOS information in registry
- Identifies Wine through registry keys
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1048
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1636
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:664
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1476
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1488
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1604
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:588
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:756
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1340
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1540
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1844
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1292
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1940
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1548
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1400
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:988
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1564
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:936
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:824
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:976
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:912
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1636
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:664
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1476
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1288
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2008
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1604
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:964
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1820
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1824
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1340
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1540
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1844
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1292
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1940
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1356
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:572
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1328
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1376
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:268
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1092
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:532
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:640
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:996
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1988
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:568
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1488
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1832
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1248
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:588
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:436
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1504
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1600
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1032
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1744
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1620
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2004
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:960
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:896
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:952
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:736
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:404
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:932
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1484
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1264
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:908
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:856
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:520
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:924
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1672
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1932
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1072
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:652
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:820
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:756
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1868
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1880
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:384
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1740
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1608
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1992
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1548
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1400
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:988
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1564
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1584
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1632
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1392
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:672
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:268
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1092
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:532
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:640
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:996
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1988
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:568
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1488
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1832
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1248
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:588
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:436
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1504
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1600
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1032
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1744
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1620
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2004
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:960
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:896
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:952
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:736
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:404
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:932
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1484
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1264
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:908
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:856
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:520
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:924
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1672
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1932
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1072
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:652
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:820
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:756
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1868
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1880
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:384
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1740
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1608
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1992
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1548
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1400
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:988
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1564
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1584
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1632
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1392
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:672
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:268
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1092
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:532
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:640
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:996
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1988
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:568
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1288
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2008
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1604
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:756
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1868
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1880
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:384
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1740
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1608
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1992
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1548
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1400
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:988
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1564
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1584
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1632
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1392
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:672
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:268
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1092
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:532
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:640
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:996
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1988
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:568
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1288
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2008
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1604
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1824
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1340
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1540
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1844
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1620
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2004
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:960
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:896
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:952
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:736
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:404
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:932
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1484
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1264
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:908
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:856
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:520
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:924
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1672
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1932
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1832
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:616
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:748
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:940
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1288
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2008
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1604
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1824
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1340
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1540
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1844
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1620
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2004
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:960
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:896
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:952
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:736
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:404
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:932
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1484
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1264
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:908
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:856
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:520
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:924
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1672
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1932
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1832
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:616
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:748
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:940
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1288
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2008
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1604
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1824
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1340
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1940
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1356
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:572
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1328
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1376
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1384
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1676
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1104
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:936
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:824
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:976
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:912
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1636
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:520
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:924
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1672
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1932
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1832
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:616
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:748
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:940
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1288
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2008
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1604
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1824
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1340
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1992
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1548
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1400
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:988
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1564
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1584
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1632
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1392
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:672
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:268
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1092
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:532
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:640
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1476
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1072
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:956
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:860
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1560
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1248
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:788
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:748
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:940

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x5b4
1⤵
PID:1280

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1048-7-0x0000000004C20000-0x0000000004C31000-memory.dmp

Filesize
68KB

Download
memory/1048-4-0x0000000004A20000-0x0000000004A31000-memory.dmp

Filesize
68KB

Download
memory/1048-5-0x0000000004E30000-0x0000000004E41000-memory.dmp

Filesize
68KB

Download
memory/1048-3-0x0000000004E30000-0x0000000004E41000-memory.dmp

Filesize
68KB

Download
memory/1048-2-0x0000000004A20000-0x0000000004A31000-memory.dmp

Filesize
68KB

Download
memory/1048-9-0x0000000004C20000-0x0000000004C31000-memory.dmp

Filesize
68KB

Download
memory/1048-8-0x0000000005030000-0x0000000005041000-memory.dmp

Filesize
68KB

Download