536b5f8fb36ee7fbcef6c1293c8bf1b17d1645aa845a7ac2cccdbe9fd16c99d8

Analysis

max time kernel
36s
max time network
119s
platform
windows10_x64
resource
win10v20201028
submitted
30/12/2020, 19:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

16x.bin.exe
Size

4.4MB
MD5

3e05cdc35f300de783fcb3dcd71e4970
SHA1

abfc51fe7bc93d12d0d163b1f7fecae0a6a8e52e
SHA256

adc220109f73acdd307036a6d14bffa68103a48e2305c3a4f1533aab74d9deb8
SHA512

fff156d64fcd720d2d27b3e53dccb9fb817775b11b04eae44e41bb266112f3655ced03ef3e6037748155bdd02b6d749eda778e92eb66a9362546513c48ce4775

Score

9^/10

evasion spyware

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs
evasion

Query Registry
T1012

Virtualization/Sandbox Evasion
T1497

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	16x.bin.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	16x.bin.exe

Identifies Wine through registry keys 2 TTPs 1 IoCs

Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Wine	16x.bin.exe

Loads dropped DLL 1 IoCs

pid	Process
3932	16x.bin.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware

Data from Local System
T1005

Credentials in Files
T1081

JavaScript code in executable 1 IoCs

resource	yara_rule
behavioral2/files/0x000800000000068f-6.dat	js

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3932	16x.bin.exe
3932	16x.bin.exe
3932	16x.bin.exe
3932	16x.bin.exe
3932	16x.bin.exe
3932	16x.bin.exe
3932	16x.bin.exe
3932	16x.bin.exe

Suspicious use of AdjustPrivilegeToken 292 IoCs

description	pid	Process
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe
Token: 33	3932	16x.bin.exe
Token: SeIncBasePriorityPrivilege	3932	16x.bin.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3932	16x.bin.exe
3932	16x.bin.exe

Suspicious use of WriteProcessMemory 831 IoCs

description	pid	Process	procid_target
PID 3932 wrote to memory of 1440	3932	16x.bin.exe	77
PID 3932 wrote to memory of 1440	3932	16x.bin.exe	77
PID 3932 wrote to memory of 1440	3932	16x.bin.exe	77
PID 3932 wrote to memory of 2424	3932	16x.bin.exe	78
PID 3932 wrote to memory of 2424	3932	16x.bin.exe	78
PID 3932 wrote to memory of 2424	3932	16x.bin.exe	78
PID 3932 wrote to memory of 3424	3932	16x.bin.exe	79
PID 3932 wrote to memory of 3424	3932	16x.bin.exe	79
PID 3932 wrote to memory of 3424	3932	16x.bin.exe	79
PID 3932 wrote to memory of 3180	3932	16x.bin.exe	80
PID 3932 wrote to memory of 3180	3932	16x.bin.exe	80
PID 3932 wrote to memory of 3180	3932	16x.bin.exe	80
PID 3932 wrote to memory of 1544	3932	16x.bin.exe	81
PID 3932 wrote to memory of 1544	3932	16x.bin.exe	81
PID 3932 wrote to memory of 1544	3932	16x.bin.exe	81
PID 3932 wrote to memory of 3736	3932	16x.bin.exe	82
PID 3932 wrote to memory of 3736	3932	16x.bin.exe	82
PID 3932 wrote to memory of 3736	3932	16x.bin.exe	82
PID 3932 wrote to memory of 3224	3932	16x.bin.exe	83
PID 3932 wrote to memory of 3224	3932	16x.bin.exe	83
PID 3932 wrote to memory of 3224	3932	16x.bin.exe	83
PID 3932 wrote to memory of 2152	3932	16x.bin.exe	84
PID 3932 wrote to memory of 2152	3932	16x.bin.exe	84
PID 3932 wrote to memory of 2152	3932	16x.bin.exe	84
PID 3932 wrote to memory of 3644	3932	16x.bin.exe	85
PID 3932 wrote to memory of 3644	3932	16x.bin.exe	85
PID 3932 wrote to memory of 3644	3932	16x.bin.exe	85
PID 3932 wrote to memory of 512	3932	16x.bin.exe	86
PID 3932 wrote to memory of 512	3932	16x.bin.exe	86
PID 3932 wrote to memory of 512	3932	16x.bin.exe	86
PID 3932 wrote to memory of 800	3932	16x.bin.exe	87
PID 3932 wrote to memory of 800	3932	16x.bin.exe	87
PID 3932 wrote to memory of 800	3932	16x.bin.exe	87
PID 3932 wrote to memory of 1192	3932	16x.bin.exe	88
PID 3932 wrote to memory of 1192	3932	16x.bin.exe	88
PID 3932 wrote to memory of 1192	3932	16x.bin.exe	88
PID 3932 wrote to memory of 3836	3932	16x.bin.exe	89
PID 3932 wrote to memory of 3836	3932	16x.bin.exe	89
PID 3932 wrote to memory of 3836	3932	16x.bin.exe	89
PID 3932 wrote to memory of 1028	3932	16x.bin.exe	90
PID 3932 wrote to memory of 1028	3932	16x.bin.exe	90
PID 3932 wrote to memory of 1028	3932	16x.bin.exe	90
PID 3932 wrote to memory of 2848	3932	16x.bin.exe	91
PID 3932 wrote to memory of 2848	3932	16x.bin.exe	91
PID 3932 wrote to memory of 2848	3932	16x.bin.exe	91
PID 3932 wrote to memory of 2460	3932	16x.bin.exe	92
PID 3932 wrote to memory of 2460	3932	16x.bin.exe	92
PID 3932 wrote to memory of 2460	3932	16x.bin.exe	92
PID 3932 wrote to memory of 2468	3932	16x.bin.exe	93
PID 3932 wrote to memory of 2468	3932	16x.bin.exe	93
PID 3932 wrote to memory of 2468	3932	16x.bin.exe	93
PID 3932 wrote to memory of 2404	3932	16x.bin.exe	94
PID 3932 wrote to memory of 2404	3932	16x.bin.exe	94
PID 3932 wrote to memory of 2404	3932	16x.bin.exe	94
PID 3932 wrote to memory of 3344	3932	16x.bin.exe	95
PID 3932 wrote to memory of 3344	3932	16x.bin.exe	95
PID 3932 wrote to memory of 3344	3932	16x.bin.exe	95
PID 3932 wrote to memory of 3876	3932	16x.bin.exe	96
PID 3932 wrote to memory of 3876	3932	16x.bin.exe	96
PID 3932 wrote to memory of 3876	3932	16x.bin.exe	96
PID 3932 wrote to memory of 4016	3932	16x.bin.exe	97
PID 3932 wrote to memory of 4016	3932	16x.bin.exe	97
PID 3932 wrote to memory of 4016	3932	16x.bin.exe	97
PID 3932 wrote to memory of 3808	3932	16x.bin.exe	98
PID 3932 wrote to memory of 3808	3932	16x.bin.exe	98
PID 3932 wrote to memory of 3808	3932	16x.bin.exe	98
PID 3932 wrote to memory of 2544	3932	16x.bin.exe	99
PID 3932 wrote to memory of 2544	3932	16x.bin.exe	99
PID 3932 wrote to memory of 2544	3932	16x.bin.exe	99
PID 3932 wrote to memory of 3764	3932	16x.bin.exe	100
PID 3932 wrote to memory of 3764	3932	16x.bin.exe	100
PID 3932 wrote to memory of 3764	3932	16x.bin.exe	100
PID 3932 wrote to memory of 4064	3932	16x.bin.exe	101
PID 3932 wrote to memory of 4064	3932	16x.bin.exe	101
PID 3932 wrote to memory of 4064	3932	16x.bin.exe	101
PID 3932 wrote to memory of 4056	3932	16x.bin.exe	102
PID 3932 wrote to memory of 4056	3932	16x.bin.exe	102
PID 3932 wrote to memory of 4056	3932	16x.bin.exe	102
PID 3932 wrote to memory of 1556	3932	16x.bin.exe	103
PID 3932 wrote to memory of 1556	3932	16x.bin.exe	103
PID 3932 wrote to memory of 1556	3932	16x.bin.exe	103
PID 3932 wrote to memory of 3924	3932	16x.bin.exe	104
PID 3932 wrote to memory of 3924	3932	16x.bin.exe	104
PID 3932 wrote to memory of 3924	3932	16x.bin.exe	104
PID 3932 wrote to memory of 3208	3932	16x.bin.exe	105
PID 3932 wrote to memory of 3208	3932	16x.bin.exe	105
PID 3932 wrote to memory of 3208	3932	16x.bin.exe	105
PID 3932 wrote to memory of 2116	3932	16x.bin.exe	106
PID 3932 wrote to memory of 2116	3932	16x.bin.exe	106
PID 3932 wrote to memory of 2116	3932	16x.bin.exe	106
PID 3932 wrote to memory of 1492	3932	16x.bin.exe	107
PID 3932 wrote to memory of 1492	3932	16x.bin.exe	107
PID 3932 wrote to memory of 1492	3932	16x.bin.exe	107
PID 3932 wrote to memory of 2820	3932	16x.bin.exe	108
PID 3932 wrote to memory of 2820	3932	16x.bin.exe	108
PID 3932 wrote to memory of 2820	3932	16x.bin.exe	108
PID 3932 wrote to memory of 3828	3932	16x.bin.exe	109
PID 3932 wrote to memory of 3828	3932	16x.bin.exe	109
PID 3932 wrote to memory of 3828	3932	16x.bin.exe	109
PID 3932 wrote to memory of 3824	3932	16x.bin.exe	110
PID 3932 wrote to memory of 3824	3932	16x.bin.exe	110
PID 3932 wrote to memory of 3824	3932	16x.bin.exe	110
PID 3932 wrote to memory of 2188	3932	16x.bin.exe	111
PID 3932 wrote to memory of 2188	3932	16x.bin.exe	111
PID 3932 wrote to memory of 2188	3932	16x.bin.exe	111
PID 3932 wrote to memory of 2436	3932	16x.bin.exe	112
PID 3932 wrote to memory of 2436	3932	16x.bin.exe	112
PID 3932 wrote to memory of 2436	3932	16x.bin.exe	112
PID 3932 wrote to memory of 2484	3932	16x.bin.exe	113
PID 3932 wrote to memory of 2484	3932	16x.bin.exe	113
PID 3932 wrote to memory of 2484	3932	16x.bin.exe	113
PID 3932 wrote to memory of 2240	3932	16x.bin.exe	114
PID 3932 wrote to memory of 2240	3932	16x.bin.exe	114
PID 3932 wrote to memory of 2240	3932	16x.bin.exe	114
PID 3932 wrote to memory of 3476	3932	16x.bin.exe	115
PID 3932 wrote to memory of 3476	3932	16x.bin.exe	115
PID 3932 wrote to memory of 3476	3932	16x.bin.exe	115
PID 3932 wrote to memory of 2720	3932	16x.bin.exe	116
PID 3932 wrote to memory of 2720	3932	16x.bin.exe	116
PID 3932 wrote to memory of 2720	3932	16x.bin.exe	116
PID 3932 wrote to memory of 2608	3932	16x.bin.exe	117
PID 3932 wrote to memory of 2608	3932	16x.bin.exe	117
PID 3932 wrote to memory of 2608	3932	16x.bin.exe	117
PID 3932 wrote to memory of 1112	3932	16x.bin.exe	120
PID 3932 wrote to memory of 1112	3932	16x.bin.exe	120
PID 3932 wrote to memory of 1112	3932	16x.bin.exe	120
PID 3932 wrote to memory of 3548	3932	16x.bin.exe	121
PID 3932 wrote to memory of 3548	3932	16x.bin.exe	121
PID 3932 wrote to memory of 3548	3932	16x.bin.exe	121
PID 3932 wrote to memory of 2964	3932	16x.bin.exe	122
PID 3932 wrote to memory of 2964	3932	16x.bin.exe	122
PID 3932 wrote to memory of 2964	3932	16x.bin.exe	122
PID 3932 wrote to memory of 3820	3932	16x.bin.exe	123
PID 3932 wrote to memory of 3820	3932	16x.bin.exe	123
PID 3932 wrote to memory of 3820	3932	16x.bin.exe	123
PID 3932 wrote to memory of 2856	3932	16x.bin.exe	124
PID 3932 wrote to memory of 2856	3932	16x.bin.exe	124
PID 3932 wrote to memory of 2856	3932	16x.bin.exe	124
PID 3932 wrote to memory of 2440	3932	16x.bin.exe	125
PID 3932 wrote to memory of 2440	3932	16x.bin.exe	125
PID 3932 wrote to memory of 2440	3932	16x.bin.exe	125
PID 3932 wrote to memory of 720	3932	16x.bin.exe	126
PID 3932 wrote to memory of 720	3932	16x.bin.exe	126
PID 3932 wrote to memory of 720	3932	16x.bin.exe	126
PID 3932 wrote to memory of 1840	3932	16x.bin.exe	127
PID 3932 wrote to memory of 1840	3932	16x.bin.exe	127
PID 3932 wrote to memory of 1840	3932	16x.bin.exe	127
PID 3932 wrote to memory of 3880	3932	16x.bin.exe	128
PID 3932 wrote to memory of 3880	3932	16x.bin.exe	128
PID 3932 wrote to memory of 3880	3932	16x.bin.exe	128
PID 3932 wrote to memory of 3688	3932	16x.bin.exe	130
PID 3932 wrote to memory of 3688	3932	16x.bin.exe	130
PID 3932 wrote to memory of 3688	3932	16x.bin.exe	130
PID 3932 wrote to memory of 2488	3932	16x.bin.exe	131
PID 3932 wrote to memory of 2488	3932	16x.bin.exe	131
PID 3932 wrote to memory of 2488	3932	16x.bin.exe	131
PID 3932 wrote to memory of 3956	3932	16x.bin.exe	132
PID 3932 wrote to memory of 3956	3932	16x.bin.exe	132
PID 3932 wrote to memory of 3956	3932	16x.bin.exe	132
PID 3932 wrote to memory of 2472	3932	16x.bin.exe	133
PID 3932 wrote to memory of 2472	3932	16x.bin.exe	133
PID 3932 wrote to memory of 2472	3932	16x.bin.exe	133
PID 3932 wrote to memory of 3968	3932	16x.bin.exe	134
PID 3932 wrote to memory of 3968	3932	16x.bin.exe	134
PID 3932 wrote to memory of 3968	3932	16x.bin.exe	134
PID 3932 wrote to memory of 204	3932	16x.bin.exe	135
PID 3932 wrote to memory of 204	3932	16x.bin.exe	135
PID 3932 wrote to memory of 204	3932	16x.bin.exe	135
PID 3932 wrote to memory of 1180	3932	16x.bin.exe	136
PID 3932 wrote to memory of 1180	3932	16x.bin.exe	136
PID 3932 wrote to memory of 1180	3932	16x.bin.exe	136
PID 3932 wrote to memory of 2408	3932	16x.bin.exe	137
PID 3932 wrote to memory of 2408	3932	16x.bin.exe	137
PID 3932 wrote to memory of 2408	3932	16x.bin.exe	137
PID 3932 wrote to memory of 2516	3932	16x.bin.exe	138
PID 3932 wrote to memory of 2516	3932	16x.bin.exe	138
PID 3932 wrote to memory of 2516	3932	16x.bin.exe	138
PID 3932 wrote to memory of 3556	3932	16x.bin.exe	139
PID 3932 wrote to memory of 3556	3932	16x.bin.exe	139
PID 3932 wrote to memory of 3556	3932	16x.bin.exe	139
PID 3932 wrote to memory of 4012	3932	16x.bin.exe	140
PID 3932 wrote to memory of 4012	3932	16x.bin.exe	140
PID 3932 wrote to memory of 4012	3932	16x.bin.exe	140
PID 3932 wrote to memory of 2480	3932	16x.bin.exe	141
PID 3932 wrote to memory of 2480	3932	16x.bin.exe	141
PID 3932 wrote to memory of 2480	3932	16x.bin.exe	141
PID 3932 wrote to memory of 3832	3932	16x.bin.exe	142
PID 3932 wrote to memory of 3832	3932	16x.bin.exe	142
PID 3932 wrote to memory of 3832	3932	16x.bin.exe	142
PID 3932 wrote to memory of 2412	3932	16x.bin.exe	143
PID 3932 wrote to memory of 2412	3932	16x.bin.exe	143
PID 3932 wrote to memory of 2412	3932	16x.bin.exe	143
PID 3932 wrote to memory of 2532	3932	16x.bin.exe	144
PID 3932 wrote to memory of 2532	3932	16x.bin.exe	144
PID 3932 wrote to memory of 2532	3932	16x.bin.exe	144
PID 3932 wrote to memory of 2900	3932	16x.bin.exe	145
PID 3932 wrote to memory of 2900	3932	16x.bin.exe	145
PID 3932 wrote to memory of 2900	3932	16x.bin.exe	145
PID 3932 wrote to memory of 1432	3932	16x.bin.exe	146
PID 3932 wrote to memory of 1432	3932	16x.bin.exe	146
PID 3932 wrote to memory of 1432	3932	16x.bin.exe	146
PID 3932 wrote to memory of 3948	3932	16x.bin.exe	147
PID 3932 wrote to memory of 3948	3932	16x.bin.exe	147
PID 3932 wrote to memory of 3948	3932	16x.bin.exe	147
PID 3932 wrote to memory of 3540	3932	16x.bin.exe	148
PID 3932 wrote to memory of 3540	3932	16x.bin.exe	148
PID 3932 wrote to memory of 3540	3932	16x.bin.exe	148
PID 3932 wrote to memory of 1044	3932	16x.bin.exe	149
PID 3932 wrote to memory of 1044	3932	16x.bin.exe	149
PID 3932 wrote to memory of 1044	3932	16x.bin.exe	149
PID 3932 wrote to memory of 3812	3932	16x.bin.exe	150
PID 3932 wrote to memory of 3812	3932	16x.bin.exe	150
PID 3932 wrote to memory of 3812	3932	16x.bin.exe	150
PID 3932 wrote to memory of 4020	3932	16x.bin.exe	151
PID 3932 wrote to memory of 4020	3932	16x.bin.exe	151
PID 3932 wrote to memory of 4020	3932	16x.bin.exe	151
PID 3932 wrote to memory of 1452	3932	16x.bin.exe	152
PID 3932 wrote to memory of 1452	3932	16x.bin.exe	152
PID 3932 wrote to memory of 1452	3932	16x.bin.exe	152
PID 3932 wrote to memory of 1552	3932	16x.bin.exe	153
PID 3932 wrote to memory of 1552	3932	16x.bin.exe	153
PID 3932 wrote to memory of 1552	3932	16x.bin.exe	153
PID 3932 wrote to memory of 2728	3932	16x.bin.exe	154
PID 3932 wrote to memory of 2728	3932	16x.bin.exe	154
PID 3932 wrote to memory of 2728	3932	16x.bin.exe	154
PID 3932 wrote to memory of 1116	3932	16x.bin.exe	155
PID 3932 wrote to memory of 1116	3932	16x.bin.exe	155
PID 3932 wrote to memory of 1116	3932	16x.bin.exe	155
PID 3932 wrote to memory of 2060	3932	16x.bin.exe	156
PID 3932 wrote to memory of 2060	3932	16x.bin.exe	156
PID 3932 wrote to memory of 2060	3932	16x.bin.exe	156
PID 3932 wrote to memory of 1144	3932	16x.bin.exe	157
PID 3932 wrote to memory of 1144	3932	16x.bin.exe	157
PID 3932 wrote to memory of 1144	3932	16x.bin.exe	157
PID 3932 wrote to memory of 188	3932	16x.bin.exe	158
PID 3932 wrote to memory of 188	3932	16x.bin.exe	158
PID 3932 wrote to memory of 188	3932	16x.bin.exe	158
PID 3932 wrote to memory of 612	3932	16x.bin.exe	159
PID 3932 wrote to memory of 612	3932	16x.bin.exe	159
PID 3932 wrote to memory of 612	3932	16x.bin.exe	159
PID 3932 wrote to memory of 3884	3932	16x.bin.exe	160
PID 3932 wrote to memory of 3884	3932	16x.bin.exe	160
PID 3932 wrote to memory of 3884	3932	16x.bin.exe	160
PID 3932 wrote to memory of 1444	3932	16x.bin.exe	161
PID 3932 wrote to memory of 1444	3932	16x.bin.exe	161
PID 3932 wrote to memory of 1444	3932	16x.bin.exe	161
PID 3932 wrote to memory of 3192	3932	16x.bin.exe	162
PID 3932 wrote to memory of 3192	3932	16x.bin.exe	162
PID 3932 wrote to memory of 3192	3932	16x.bin.exe	162
PID 3932 wrote to memory of 2068	3932	16x.bin.exe	163
PID 3932 wrote to memory of 2068	3932	16x.bin.exe	163
PID 3932 wrote to memory of 2068	3932	16x.bin.exe	163
PID 3932 wrote to memory of 1100	3932	16x.bin.exe	164
PID 3932 wrote to memory of 1100	3932	16x.bin.exe	164
PID 3932 wrote to memory of 1100	3932	16x.bin.exe	164
PID 3932 wrote to memory of 3532	3932	16x.bin.exe	165
PID 3932 wrote to memory of 3532	3932	16x.bin.exe	165
PID 3932 wrote to memory of 3532	3932	16x.bin.exe	165
PID 3932 wrote to memory of 3908	3932	16x.bin.exe	166
PID 3932 wrote to memory of 3908	3932	16x.bin.exe	166
PID 3932 wrote to memory of 3908	3932	16x.bin.exe	166
PID 3932 wrote to memory of 4104	3932	16x.bin.exe	167
PID 3932 wrote to memory of 4104	3932	16x.bin.exe	167
PID 3932 wrote to memory of 4104	3932	16x.bin.exe	167
PID 3932 wrote to memory of 4120	3932	16x.bin.exe	168
PID 3932 wrote to memory of 4120	3932	16x.bin.exe	168
PID 3932 wrote to memory of 4120	3932	16x.bin.exe	168
PID 3932 wrote to memory of 4136	3932	16x.bin.exe	169
PID 3932 wrote to memory of 4136	3932	16x.bin.exe	169
PID 3932 wrote to memory of 4136	3932	16x.bin.exe	169
PID 3932 wrote to memory of 4152	3932	16x.bin.exe	170
PID 3932 wrote to memory of 4152	3932	16x.bin.exe	170
PID 3932 wrote to memory of 4152	3932	16x.bin.exe	170
PID 3932 wrote to memory of 4168	3932	16x.bin.exe	171
PID 3932 wrote to memory of 4168	3932	16x.bin.exe	171
PID 3932 wrote to memory of 4168	3932	16x.bin.exe	171
PID 3932 wrote to memory of 4184	3932	16x.bin.exe	172
PID 3932 wrote to memory of 4184	3932	16x.bin.exe	172
PID 3932 wrote to memory of 4184	3932	16x.bin.exe	172
PID 3932 wrote to memory of 4200	3932	16x.bin.exe	173
PID 3932 wrote to memory of 4200	3932	16x.bin.exe	173
PID 3932 wrote to memory of 4200	3932	16x.bin.exe	173
PID 3932 wrote to memory of 4216	3932	16x.bin.exe	174
PID 3932 wrote to memory of 4216	3932	16x.bin.exe	174
PID 3932 wrote to memory of 4216	3932	16x.bin.exe	174
PID 3932 wrote to memory of 4232	3932	16x.bin.exe	175
PID 3932 wrote to memory of 4232	3932	16x.bin.exe	175
PID 3932 wrote to memory of 4232	3932	16x.bin.exe	175
PID 3932 wrote to memory of 4248	3932	16x.bin.exe	176
PID 3932 wrote to memory of 4248	3932	16x.bin.exe	176
PID 3932 wrote to memory of 4248	3932	16x.bin.exe	176
PID 3932 wrote to memory of 4264	3932	16x.bin.exe	177
PID 3932 wrote to memory of 4264	3932	16x.bin.exe	177
PID 3932 wrote to memory of 4264	3932	16x.bin.exe	177
PID 3932 wrote to memory of 4280	3932	16x.bin.exe	178
PID 3932 wrote to memory of 4280	3932	16x.bin.exe	178
PID 3932 wrote to memory of 4280	3932	16x.bin.exe	178
PID 3932 wrote to memory of 4296	3932	16x.bin.exe	179
PID 3932 wrote to memory of 4296	3932	16x.bin.exe	179
PID 3932 wrote to memory of 4296	3932	16x.bin.exe	179
PID 3932 wrote to memory of 4312	3932	16x.bin.exe	180
PID 3932 wrote to memory of 4312	3932	16x.bin.exe	180
PID 3932 wrote to memory of 4312	3932	16x.bin.exe	180
PID 3932 wrote to memory of 4328	3932	16x.bin.exe	181
PID 3932 wrote to memory of 4328	3932	16x.bin.exe	181
PID 3932 wrote to memory of 4328	3932	16x.bin.exe	181
PID 3932 wrote to memory of 4344	3932	16x.bin.exe	182
PID 3932 wrote to memory of 4344	3932	16x.bin.exe	182
PID 3932 wrote to memory of 4344	3932	16x.bin.exe	182
PID 3932 wrote to memory of 4360	3932	16x.bin.exe	183
PID 3932 wrote to memory of 4360	3932	16x.bin.exe	183
PID 3932 wrote to memory of 4360	3932	16x.bin.exe	183
PID 3932 wrote to memory of 4380	3932	16x.bin.exe	184
PID 3932 wrote to memory of 4380	3932	16x.bin.exe	184
PID 3932 wrote to memory of 4380	3932	16x.bin.exe	184
PID 3932 wrote to memory of 4396	3932	16x.bin.exe	185
PID 3932 wrote to memory of 4396	3932	16x.bin.exe	185
PID 3932 wrote to memory of 4396	3932	16x.bin.exe	185
PID 3932 wrote to memory of 4412	3932	16x.bin.exe	186
PID 3932 wrote to memory of 4412	3932	16x.bin.exe	186
PID 3932 wrote to memory of 4412	3932	16x.bin.exe	186
PID 3932 wrote to memory of 4428	3932	16x.bin.exe	187
PID 3932 wrote to memory of 4428	3932	16x.bin.exe	187
PID 3932 wrote to memory of 4428	3932	16x.bin.exe	187
PID 3932 wrote to memory of 4444	3932	16x.bin.exe	188
PID 3932 wrote to memory of 4444	3932	16x.bin.exe	188
PID 3932 wrote to memory of 4444	3932	16x.bin.exe	188
PID 3932 wrote to memory of 4460	3932	16x.bin.exe	189
PID 3932 wrote to memory of 4460	3932	16x.bin.exe	189
PID 3932 wrote to memory of 4460	3932	16x.bin.exe	189
PID 3932 wrote to memory of 4476	3932	16x.bin.exe	190
PID 3932 wrote to memory of 4476	3932	16x.bin.exe	190
PID 3932 wrote to memory of 4476	3932	16x.bin.exe	190
PID 3932 wrote to memory of 4492	3932	16x.bin.exe	191
PID 3932 wrote to memory of 4492	3932	16x.bin.exe	191
PID 3932 wrote to memory of 4492	3932	16x.bin.exe	191
PID 3932 wrote to memory of 4508	3932	16x.bin.exe	192
PID 3932 wrote to memory of 4508	3932	16x.bin.exe	192
PID 3932 wrote to memory of 4508	3932	16x.bin.exe	192
PID 3932 wrote to memory of 4524	3932	16x.bin.exe	193
PID 3932 wrote to memory of 4524	3932	16x.bin.exe	193
PID 3932 wrote to memory of 4524	3932	16x.bin.exe	193
PID 3932 wrote to memory of 4540	3932	16x.bin.exe	194
PID 3932 wrote to memory of 4540	3932	16x.bin.exe	194
PID 3932 wrote to memory of 4540	3932	16x.bin.exe	194
PID 3932 wrote to memory of 4556	3932	16x.bin.exe	195
PID 3932 wrote to memory of 4556	3932	16x.bin.exe	195
PID 3932 wrote to memory of 4556	3932	16x.bin.exe	195
PID 3932 wrote to memory of 4572	3932	16x.bin.exe	196
PID 3932 wrote to memory of 4572	3932	16x.bin.exe	196
PID 3932 wrote to memory of 4572	3932	16x.bin.exe	196
PID 3932 wrote to memory of 4588	3932	16x.bin.exe	197
PID 3932 wrote to memory of 4588	3932	16x.bin.exe	197
PID 3932 wrote to memory of 4588	3932	16x.bin.exe	197
PID 3932 wrote to memory of 4604	3932	16x.bin.exe	198
PID 3932 wrote to memory of 4604	3932	16x.bin.exe	198
PID 3932 wrote to memory of 4604	3932	16x.bin.exe	198
PID 3932 wrote to memory of 4620	3932	16x.bin.exe	199
PID 3932 wrote to memory of 4620	3932	16x.bin.exe	199
PID 3932 wrote to memory of 4620	3932	16x.bin.exe	199
PID 3932 wrote to memory of 4636	3932	16x.bin.exe	200
PID 3932 wrote to memory of 4636	3932	16x.bin.exe	200
PID 3932 wrote to memory of 4636	3932	16x.bin.exe	200
PID 3932 wrote to memory of 4652	3932	16x.bin.exe	201
PID 3932 wrote to memory of 4652	3932	16x.bin.exe	201
PID 3932 wrote to memory of 4652	3932	16x.bin.exe	201
PID 3932 wrote to memory of 4668	3932	16x.bin.exe	202
PID 3932 wrote to memory of 4668	3932	16x.bin.exe	202
PID 3932 wrote to memory of 4668	3932	16x.bin.exe	202
PID 3932 wrote to memory of 4684	3932	16x.bin.exe	203
PID 3932 wrote to memory of 4684	3932	16x.bin.exe	203
PID 3932 wrote to memory of 4684	3932	16x.bin.exe	203
PID 3932 wrote to memory of 4700	3932	16x.bin.exe	204
PID 3932 wrote to memory of 4700	3932	16x.bin.exe	204
PID 3932 wrote to memory of 4700	3932	16x.bin.exe	204
PID 3932 wrote to memory of 4716	3932	16x.bin.exe	205
PID 3932 wrote to memory of 4716	3932	16x.bin.exe	205
PID 3932 wrote to memory of 4716	3932	16x.bin.exe	205
PID 3932 wrote to memory of 4732	3932	16x.bin.exe	206
PID 3932 wrote to memory of 4732	3932	16x.bin.exe	206
PID 3932 wrote to memory of 4732	3932	16x.bin.exe	206
PID 3932 wrote to memory of 4748	3932	16x.bin.exe	207
PID 3932 wrote to memory of 4748	3932	16x.bin.exe	207
PID 3932 wrote to memory of 4748	3932	16x.bin.exe	207
PID 3932 wrote to memory of 4764	3932	16x.bin.exe	208
PID 3932 wrote to memory of 4764	3932	16x.bin.exe	208
PID 3932 wrote to memory of 4764	3932	16x.bin.exe	208
PID 3932 wrote to memory of 4780	3932	16x.bin.exe	209
PID 3932 wrote to memory of 4780	3932	16x.bin.exe	209
PID 3932 wrote to memory of 4780	3932	16x.bin.exe	209
PID 3932 wrote to memory of 4796	3932	16x.bin.exe	210
PID 3932 wrote to memory of 4796	3932	16x.bin.exe	210
PID 3932 wrote to memory of 4796	3932	16x.bin.exe	210
PID 3932 wrote to memory of 4812	3932	16x.bin.exe	211
PID 3932 wrote to memory of 4812	3932	16x.bin.exe	211
PID 3932 wrote to memory of 4812	3932	16x.bin.exe	211
PID 3932 wrote to memory of 4828	3932	16x.bin.exe	212
PID 3932 wrote to memory of 4828	3932	16x.bin.exe	212
PID 3932 wrote to memory of 4828	3932	16x.bin.exe	212
PID 3932 wrote to memory of 4844	3932	16x.bin.exe	213
PID 3932 wrote to memory of 4844	3932	16x.bin.exe	213
PID 3932 wrote to memory of 4844	3932	16x.bin.exe	213
PID 3932 wrote to memory of 4860	3932	16x.bin.exe	214
PID 3932 wrote to memory of 4860	3932	16x.bin.exe	214
PID 3932 wrote to memory of 4860	3932	16x.bin.exe	214
PID 3932 wrote to memory of 4876	3932	16x.bin.exe	215
PID 3932 wrote to memory of 4876	3932	16x.bin.exe	215
PID 3932 wrote to memory of 4876	3932	16x.bin.exe	215
PID 3932 wrote to memory of 4892	3932	16x.bin.exe	216
PID 3932 wrote to memory of 4892	3932	16x.bin.exe	216
PID 3932 wrote to memory of 4892	3932	16x.bin.exe	216
PID 3932 wrote to memory of 4908	3932	16x.bin.exe	217
PID 3932 wrote to memory of 4908	3932	16x.bin.exe	217
PID 3932 wrote to memory of 4908	3932	16x.bin.exe	217
PID 3932 wrote to memory of 4924	3932	16x.bin.exe	218
PID 3932 wrote to memory of 4924	3932	16x.bin.exe	218
PID 3932 wrote to memory of 4924	3932	16x.bin.exe	218
PID 3932 wrote to memory of 4940	3932	16x.bin.exe	219
PID 3932 wrote to memory of 4940	3932	16x.bin.exe	219
PID 3932 wrote to memory of 4940	3932	16x.bin.exe	219
PID 3932 wrote to memory of 4956	3932	16x.bin.exe	220
PID 3932 wrote to memory of 4956	3932	16x.bin.exe	220
PID 3932 wrote to memory of 4956	3932	16x.bin.exe	220
PID 3932 wrote to memory of 4972	3932	16x.bin.exe	221
PID 3932 wrote to memory of 4972	3932	16x.bin.exe	221
PID 3932 wrote to memory of 4972	3932	16x.bin.exe	221
PID 3932 wrote to memory of 4988	3932	16x.bin.exe	222
PID 3932 wrote to memory of 4988	3932	16x.bin.exe	222
PID 3932 wrote to memory of 4988	3932	16x.bin.exe	222
PID 3932 wrote to memory of 5004	3932	16x.bin.exe	223
PID 3932 wrote to memory of 5004	3932	16x.bin.exe	223
PID 3932 wrote to memory of 5004	3932	16x.bin.exe	223
PID 3932 wrote to memory of 5020	3932	16x.bin.exe	224
PID 3932 wrote to memory of 5020	3932	16x.bin.exe	224
PID 3932 wrote to memory of 5020	3932	16x.bin.exe	224
PID 3932 wrote to memory of 5036	3932	16x.bin.exe	225
PID 3932 wrote to memory of 5036	3932	16x.bin.exe	225
PID 3932 wrote to memory of 5036	3932	16x.bin.exe	225
PID 3932 wrote to memory of 5052	3932	16x.bin.exe	226
PID 3932 wrote to memory of 5052	3932	16x.bin.exe	226
PID 3932 wrote to memory of 5052	3932	16x.bin.exe	226
PID 3932 wrote to memory of 5068	3932	16x.bin.exe	227
PID 3932 wrote to memory of 5068	3932	16x.bin.exe	227
PID 3932 wrote to memory of 5068	3932	16x.bin.exe	227
PID 3932 wrote to memory of 5084	3932	16x.bin.exe	228
PID 3932 wrote to memory of 5084	3932	16x.bin.exe	228
PID 3932 wrote to memory of 5084	3932	16x.bin.exe	228
PID 3932 wrote to memory of 5100	3932	16x.bin.exe	229
PID 3932 wrote to memory of 5100	3932	16x.bin.exe	229
PID 3932 wrote to memory of 5100	3932	16x.bin.exe	229
PID 3932 wrote to memory of 5116	3932	16x.bin.exe	230
PID 3932 wrote to memory of 5116	3932	16x.bin.exe	230
PID 3932 wrote to memory of 5116	3932	16x.bin.exe	230
PID 3932 wrote to memory of 4112	3932	16x.bin.exe	231
PID 3932 wrote to memory of 4112	3932	16x.bin.exe	231
PID 3932 wrote to memory of 4112	3932	16x.bin.exe	231
PID 3932 wrote to memory of 4132	3932	16x.bin.exe	232
PID 3932 wrote to memory of 4132	3932	16x.bin.exe	232
PID 3932 wrote to memory of 4132	3932	16x.bin.exe	232
PID 3932 wrote to memory of 4140	3932	16x.bin.exe	233
PID 3932 wrote to memory of 4140	3932	16x.bin.exe	233
PID 3932 wrote to memory of 4140	3932	16x.bin.exe	233
PID 3932 wrote to memory of 4176	3932	16x.bin.exe	234
PID 3932 wrote to memory of 4176	3932	16x.bin.exe	234
PID 3932 wrote to memory of 4176	3932	16x.bin.exe	234
PID 3932 wrote to memory of 4196	3932	16x.bin.exe	235
PID 3932 wrote to memory of 4196	3932	16x.bin.exe	235
PID 3932 wrote to memory of 4196	3932	16x.bin.exe	235
PID 3932 wrote to memory of 4204	3932	16x.bin.exe	236
PID 3932 wrote to memory of 4204	3932	16x.bin.exe	236
PID 3932 wrote to memory of 4204	3932	16x.bin.exe	236
PID 3932 wrote to memory of 4240	3932	16x.bin.exe	237
PID 3932 wrote to memory of 4240	3932	16x.bin.exe	237
PID 3932 wrote to memory of 4240	3932	16x.bin.exe	237
PID 3932 wrote to memory of 3492	3932	16x.bin.exe	238
PID 3932 wrote to memory of 3492	3932	16x.bin.exe	238
PID 3932 wrote to memory of 3492	3932	16x.bin.exe	238
PID 3932 wrote to memory of 3188	3932	16x.bin.exe	239
PID 3932 wrote to memory of 3188	3932	16x.bin.exe	239
PID 3932 wrote to memory of 3188	3932	16x.bin.exe	239
PID 3932 wrote to memory of 1064	3932	16x.bin.exe	240
PID 3932 wrote to memory of 1064	3932	16x.bin.exe	240
PID 3932 wrote to memory of 1064	3932	16x.bin.exe	240
PID 3932 wrote to memory of 4272	3932	16x.bin.exe	241
PID 3932 wrote to memory of 4272	3932	16x.bin.exe	241
PID 3932 wrote to memory of 4272	3932	16x.bin.exe	241
PID 3932 wrote to memory of 4292	3932	16x.bin.exe	242
PID 3932 wrote to memory of 4292	3932	16x.bin.exe	242
PID 3932 wrote to memory of 4292	3932	16x.bin.exe	242
PID 3932 wrote to memory of 4300	3932	16x.bin.exe	243
PID 3932 wrote to memory of 4300	3932	16x.bin.exe	243
PID 3932 wrote to memory of 4300	3932	16x.bin.exe	243
PID 3932 wrote to memory of 4336	3932	16x.bin.exe	244
PID 3932 wrote to memory of 4336	3932	16x.bin.exe	244
PID 3932 wrote to memory of 4336	3932	16x.bin.exe	244
PID 3932 wrote to memory of 4356	3932	16x.bin.exe	245
PID 3932 wrote to memory of 4356	3932	16x.bin.exe	245
PID 3932 wrote to memory of 4356	3932	16x.bin.exe	245
PID 3932 wrote to memory of 4364	3932	16x.bin.exe	246
PID 3932 wrote to memory of 4364	3932	16x.bin.exe	246
PID 3932 wrote to memory of 4364	3932	16x.bin.exe	246
PID 3932 wrote to memory of 2092	3932	16x.bin.exe	247
PID 3932 wrote to memory of 2092	3932	16x.bin.exe	247
PID 3932 wrote to memory of 2092	3932	16x.bin.exe	247
PID 3932 wrote to memory of 4388	3932	16x.bin.exe	248
PID 3932 wrote to memory of 4388	3932	16x.bin.exe	248
PID 3932 wrote to memory of 4388	3932	16x.bin.exe	248
PID 3932 wrote to memory of 4408	3932	16x.bin.exe	249
PID 3932 wrote to memory of 4408	3932	16x.bin.exe	249
PID 3932 wrote to memory of 4408	3932	16x.bin.exe	249
PID 3932 wrote to memory of 4416	3932	16x.bin.exe	250
PID 3932 wrote to memory of 4416	3932	16x.bin.exe	250
PID 3932 wrote to memory of 4416	3932	16x.bin.exe	250
PID 3932 wrote to memory of 4456	3932	16x.bin.exe	251
PID 3932 wrote to memory of 4456	3932	16x.bin.exe	251
PID 3932 wrote to memory of 4456	3932	16x.bin.exe	251
PID 3932 wrote to memory of 4484	3932	16x.bin.exe	252
PID 3932 wrote to memory of 4484	3932	16x.bin.exe	252
PID 3932 wrote to memory of 4484	3932	16x.bin.exe	252
PID 3932 wrote to memory of 4516	3932	16x.bin.exe	253
PID 3932 wrote to memory of 4516	3932	16x.bin.exe	253
PID 3932 wrote to memory of 4516	3932	16x.bin.exe	253
PID 3932 wrote to memory of 4536	3932	16x.bin.exe	254
PID 3932 wrote to memory of 4536	3932	16x.bin.exe	254
PID 3932 wrote to memory of 4536	3932	16x.bin.exe	254
PID 3932 wrote to memory of 4544	3932	16x.bin.exe	255
PID 3932 wrote to memory of 4544	3932	16x.bin.exe	255
PID 3932 wrote to memory of 4544	3932	16x.bin.exe	255
PID 3932 wrote to memory of 4580	3932	16x.bin.exe	256
PID 3932 wrote to memory of 4580	3932	16x.bin.exe	256
PID 3932 wrote to memory of 4580	3932	16x.bin.exe	256
PID 3932 wrote to memory of 4600	3932	16x.bin.exe	257
PID 3932 wrote to memory of 4600	3932	16x.bin.exe	257
PID 3932 wrote to memory of 4600	3932	16x.bin.exe	257
PID 3932 wrote to memory of 4608	3932	16x.bin.exe	258
PID 3932 wrote to memory of 4608	3932	16x.bin.exe	258
PID 3932 wrote to memory of 4608	3932	16x.bin.exe	258
PID 3932 wrote to memory of 4644	3932	16x.bin.exe	259
PID 3932 wrote to memory of 4644	3932	16x.bin.exe	259
PID 3932 wrote to memory of 4644	3932	16x.bin.exe	259
PID 3932 wrote to memory of 4664	3932	16x.bin.exe	260
PID 3932 wrote to memory of 4664	3932	16x.bin.exe	260
PID 3932 wrote to memory of 4664	3932	16x.bin.exe	260
PID 3932 wrote to memory of 4672	3932	16x.bin.exe	261
PID 3932 wrote to memory of 4672	3932	16x.bin.exe	261
PID 3932 wrote to memory of 4672	3932	16x.bin.exe	261
PID 3932 wrote to memory of 4708	3932	16x.bin.exe	262
PID 3932 wrote to memory of 4708	3932	16x.bin.exe	262
PID 3932 wrote to memory of 4708	3932	16x.bin.exe	262
PID 3932 wrote to memory of 4728	3932	16x.bin.exe	263
PID 3932 wrote to memory of 4728	3932	16x.bin.exe	263
PID 3932 wrote to memory of 4728	3932	16x.bin.exe	263
PID 3932 wrote to memory of 4736	3932	16x.bin.exe	264
PID 3932 wrote to memory of 4736	3932	16x.bin.exe	264
PID 3932 wrote to memory of 4736	3932	16x.bin.exe	264
PID 3932 wrote to memory of 4772	3932	16x.bin.exe	265
PID 3932 wrote to memory of 4772	3932	16x.bin.exe	265
PID 3932 wrote to memory of 4772	3932	16x.bin.exe	265
PID 3932 wrote to memory of 4792	3932	16x.bin.exe	266
PID 3932 wrote to memory of 4792	3932	16x.bin.exe	266
PID 3932 wrote to memory of 4792	3932	16x.bin.exe	266
PID 3932 wrote to memory of 4800	3932	16x.bin.exe	267
PID 3932 wrote to memory of 4800	3932	16x.bin.exe	267
PID 3932 wrote to memory of 4800	3932	16x.bin.exe	267
PID 3932 wrote to memory of 4836	3932	16x.bin.exe	268
PID 3932 wrote to memory of 4836	3932	16x.bin.exe	268
PID 3932 wrote to memory of 4836	3932	16x.bin.exe	268
PID 3932 wrote to memory of 4856	3932	16x.bin.exe	269
PID 3932 wrote to memory of 4856	3932	16x.bin.exe	269
PID 3932 wrote to memory of 4856	3932	16x.bin.exe	269
PID 3932 wrote to memory of 4864	3932	16x.bin.exe	270
PID 3932 wrote to memory of 4864	3932	16x.bin.exe	270
PID 3932 wrote to memory of 4864	3932	16x.bin.exe	270
PID 3932 wrote to memory of 4900	3932	16x.bin.exe	271
PID 3932 wrote to memory of 4900	3932	16x.bin.exe	271
PID 3932 wrote to memory of 4900	3932	16x.bin.exe	271
PID 3932 wrote to memory of 4920	3932	16x.bin.exe	272
PID 3932 wrote to memory of 4920	3932	16x.bin.exe	272
PID 3932 wrote to memory of 4920	3932	16x.bin.exe	272
PID 3932 wrote to memory of 4928	3932	16x.bin.exe	273
PID 3932 wrote to memory of 4928	3932	16x.bin.exe	273
PID 3932 wrote to memory of 4928	3932	16x.bin.exe	273
PID 3932 wrote to memory of 4964	3932	16x.bin.exe	274
PID 3932 wrote to memory of 4964	3932	16x.bin.exe	274
PID 3932 wrote to memory of 4964	3932	16x.bin.exe	274
PID 3932 wrote to memory of 4984	3932	16x.bin.exe	275
PID 3932 wrote to memory of 4984	3932	16x.bin.exe	275
PID 3932 wrote to memory of 4984	3932	16x.bin.exe	275
PID 3932 wrote to memory of 4992	3932	16x.bin.exe	276
PID 3932 wrote to memory of 4992	3932	16x.bin.exe	276
PID 3932 wrote to memory of 4992	3932	16x.bin.exe	276
PID 3932 wrote to memory of 5028	3932	16x.bin.exe	277
PID 3932 wrote to memory of 5028	3932	16x.bin.exe	277
PID 3932 wrote to memory of 5028	3932	16x.bin.exe	277
PID 3932 wrote to memory of 5048	3932	16x.bin.exe	278
PID 3932 wrote to memory of 5048	3932	16x.bin.exe	278
PID 3932 wrote to memory of 5048	3932	16x.bin.exe	278
PID 3932 wrote to memory of 5056	3932	16x.bin.exe	279
PID 3932 wrote to memory of 5056	3932	16x.bin.exe	279
PID 3932 wrote to memory of 5056	3932	16x.bin.exe	279
PID 3932 wrote to memory of 5092	3932	16x.bin.exe	280
PID 3932 wrote to memory of 5092	3932	16x.bin.exe	280
PID 3932 wrote to memory of 5092	3932	16x.bin.exe	280
PID 3932 wrote to memory of 5112	3932	16x.bin.exe	281
PID 3932 wrote to memory of 5112	3932	16x.bin.exe	281
PID 3932 wrote to memory of 5112	3932	16x.bin.exe	281
PID 3932 wrote to memory of 2136	3932	16x.bin.exe	282
PID 3932 wrote to memory of 2136	3932	16x.bin.exe	282
PID 3932 wrote to memory of 2136	3932	16x.bin.exe	282
PID 3932 wrote to memory of 4144	3932	16x.bin.exe	283
PID 3932 wrote to memory of 4144	3932	16x.bin.exe	283
PID 3932 wrote to memory of 4144	3932	16x.bin.exe	283
PID 3932 wrote to memory of 4156	3932	16x.bin.exe	284
PID 3932 wrote to memory of 4156	3932	16x.bin.exe	284
PID 3932 wrote to memory of 4156	3932	16x.bin.exe	284
PID 3932 wrote to memory of 4192	3932	16x.bin.exe	285
PID 3932 wrote to memory of 4192	3932	16x.bin.exe	285
PID 3932 wrote to memory of 4192	3932	16x.bin.exe	285
PID 3932 wrote to memory of 4228	3932	16x.bin.exe	286
PID 3932 wrote to memory of 4228	3932	16x.bin.exe	286
PID 3932 wrote to memory of 4228	3932	16x.bin.exe	286
PID 3932 wrote to memory of 4256	3932	16x.bin.exe	287
PID 3932 wrote to memory of 4256	3932	16x.bin.exe	287
PID 3932 wrote to memory of 4256	3932	16x.bin.exe	287
PID 3932 wrote to memory of 1004	3932	16x.bin.exe	288
PID 3932 wrote to memory of 1004	3932	16x.bin.exe	288
PID 3932 wrote to memory of 1004	3932	16x.bin.exe	288
PID 3932 wrote to memory of 4260	3932	16x.bin.exe	289
PID 3932 wrote to memory of 4260	3932	16x.bin.exe	289
PID 3932 wrote to memory of 4260	3932	16x.bin.exe	289
PID 3932 wrote to memory of 4288	3932	16x.bin.exe	290
PID 3932 wrote to memory of 4288	3932	16x.bin.exe	290
PID 3932 wrote to memory of 4288	3932	16x.bin.exe	290
PID 3932 wrote to memory of 4308	3932	16x.bin.exe	291
PID 3932 wrote to memory of 4308	3932	16x.bin.exe	291
PID 3932 wrote to memory of 4308	3932	16x.bin.exe	291
PID 3932 wrote to memory of 4320	3932	16x.bin.exe	292
PID 3932 wrote to memory of 4320	3932	16x.bin.exe	292
PID 3932 wrote to memory of 4320	3932	16x.bin.exe	292
PID 3932 wrote to memory of 4368	3932	16x.bin.exe	293
PID 3932 wrote to memory of 4368	3932	16x.bin.exe	293
PID 3932 wrote to memory of 4368	3932	16x.bin.exe	293
PID 3932 wrote to memory of 2084	3932	16x.bin.exe	294
PID 3932 wrote to memory of 2084	3932	16x.bin.exe	294
PID 3932 wrote to memory of 2084	3932	16x.bin.exe	294
PID 3932 wrote to memory of 2572	3932	16x.bin.exe	295
PID 3932 wrote to memory of 2572	3932	16x.bin.exe	295
PID 3932 wrote to memory of 2572	3932	16x.bin.exe	295
PID 3932 wrote to memory of 4420	3932	16x.bin.exe	296
PID 3932 wrote to memory of 4420	3932	16x.bin.exe	296
PID 3932 wrote to memory of 4420	3932	16x.bin.exe	296
PID 3932 wrote to memory of 4436	3932	16x.bin.exe	297
PID 3932 wrote to memory of 4436	3932	16x.bin.exe	297
PID 3932 wrote to memory of 4436	3932	16x.bin.exe	297
PID 3932 wrote to memory of 4472	3932	16x.bin.exe	298
PID 3932 wrote to memory of 4472	3932	16x.bin.exe	298
PID 3932 wrote to memory of 4472	3932	16x.bin.exe	298
PID 3932 wrote to memory of 4488	3932	16x.bin.exe	299
PID 3932 wrote to memory of 4488	3932	16x.bin.exe	299
PID 3932 wrote to memory of 4488	3932	16x.bin.exe	299
PID 3932 wrote to memory of 492	3932	16x.bin.exe	300
PID 3932 wrote to memory of 492	3932	16x.bin.exe	300
PID 3932 wrote to memory of 492	3932	16x.bin.exe	300
PID 3932 wrote to memory of 488	3932	16x.bin.exe	301
PID 3932 wrote to memory of 488	3932	16x.bin.exe	301
PID 3932 wrote to memory of 488	3932	16x.bin.exe	301
PID 3932 wrote to memory of 4576	3932	16x.bin.exe	302
PID 3932 wrote to memory of 4576	3932	16x.bin.exe	302
PID 3932 wrote to memory of 4576	3932	16x.bin.exe	302
PID 3932 wrote to memory of 4616	3932	16x.bin.exe	303
PID 3932 wrote to memory of 4616	3932	16x.bin.exe	303
PID 3932 wrote to memory of 4616	3932	16x.bin.exe	303
PID 3932 wrote to memory of 4628	3932	16x.bin.exe	304
PID 3932 wrote to memory of 4628	3932	16x.bin.exe	304
PID 3932 wrote to memory of 4628	3932	16x.bin.exe	304
PID 3932 wrote to memory of 4676	3932	16x.bin.exe	305
PID 3932 wrote to memory of 4676	3932	16x.bin.exe	305
PID 3932 wrote to memory of 4676	3932	16x.bin.exe	305
PID 3932 wrote to memory of 4688	3932	16x.bin.exe	306
PID 3932 wrote to memory of 4688	3932	16x.bin.exe	306
PID 3932 wrote to memory of 4688	3932	16x.bin.exe	306
PID 3932 wrote to memory of 4712	3932	16x.bin.exe	307
PID 3932 wrote to memory of 4712	3932	16x.bin.exe	307
PID 3932 wrote to memory of 4712	3932	16x.bin.exe	307
PID 3932 wrote to memory of 4760	3932	16x.bin.exe	308
PID 3932 wrote to memory of 4760	3932	16x.bin.exe	308
PID 3932 wrote to memory of 4760	3932	16x.bin.exe	308
PID 3932 wrote to memory of 2104	3932	16x.bin.exe	309
PID 3932 wrote to memory of 2104	3932	16x.bin.exe	309
PID 3932 wrote to memory of 2104	3932	16x.bin.exe	309
PID 3932 wrote to memory of 1784	3932	16x.bin.exe	310
PID 3932 wrote to memory of 1784	3932	16x.bin.exe	310
PID 3932 wrote to memory of 1784	3932	16x.bin.exe	310
PID 3932 wrote to memory of 4044	3932	16x.bin.exe	311
PID 3932 wrote to memory of 4044	3932	16x.bin.exe	311
PID 3932 wrote to memory of 4044	3932	16x.bin.exe	311
PID 3932 wrote to memory of 2748	3932	16x.bin.exe	312
PID 3932 wrote to memory of 2748	3932	16x.bin.exe	312
PID 3932 wrote to memory of 2748	3932	16x.bin.exe	312
PID 3932 wrote to memory of 4824	3932	16x.bin.exe	313
PID 3932 wrote to memory of 4824	3932	16x.bin.exe	313
PID 3932 wrote to memory of 4824	3932	16x.bin.exe	313
PID 3932 wrote to memory of 4852	3932	16x.bin.exe	314
PID 3932 wrote to memory of 4852	3932	16x.bin.exe	314
PID 3932 wrote to memory of 4852	3932	16x.bin.exe	314
PID 3932 wrote to memory of 4848	3932	16x.bin.exe	315
PID 3932 wrote to memory of 4848	3932	16x.bin.exe	315
PID 3932 wrote to memory of 4848	3932	16x.bin.exe	315
PID 3932 wrote to memory of 4896	3932	16x.bin.exe	316
PID 3932 wrote to memory of 4896	3932	16x.bin.exe	316
PID 3932 wrote to memory of 4896	3932	16x.bin.exe	316
PID 3932 wrote to memory of 4936	3932	16x.bin.exe	317
PID 3932 wrote to memory of 4936	3932	16x.bin.exe	317
PID 3932 wrote to memory of 4936	3932	16x.bin.exe	317
PID 3932 wrote to memory of 4948	3932	16x.bin.exe	318
PID 3932 wrote to memory of 4948	3932	16x.bin.exe	318
PID 3932 wrote to memory of 4948	3932	16x.bin.exe	318
PID 3932 wrote to memory of 4996	3932	16x.bin.exe	319
PID 3932 wrote to memory of 4996	3932	16x.bin.exe	319
PID 3932 wrote to memory of 4996	3932	16x.bin.exe	319
PID 3932 wrote to memory of 5008	3932	16x.bin.exe	320
PID 3932 wrote to memory of 5008	3932	16x.bin.exe	320
PID 3932 wrote to memory of 5008	3932	16x.bin.exe	320
PID 3932 wrote to memory of 5032	3932	16x.bin.exe	321
PID 3932 wrote to memory of 5032	3932	16x.bin.exe	321
PID 3932 wrote to memory of 5032	3932	16x.bin.exe	321
PID 3932 wrote to memory of 5080	3932	16x.bin.exe	322
PID 3932 wrote to memory of 5080	3932	16x.bin.exe	322
PID 3932 wrote to memory of 5080	3932	16x.bin.exe	322
PID 3932 wrote to memory of 5108	3932	16x.bin.exe	323
PID 3932 wrote to memory of 5108	3932	16x.bin.exe	323
PID 3932 wrote to memory of 5108	3932	16x.bin.exe	323
PID 3932 wrote to memory of 5104	3932	16x.bin.exe	324
PID 3932 wrote to memory of 5104	3932	16x.bin.exe	324
PID 3932 wrote to memory of 5104	3932	16x.bin.exe	324
PID 3932 wrote to memory of 4124	3932	16x.bin.exe	325
PID 3932 wrote to memory of 4124	3932	16x.bin.exe	325
PID 3932 wrote to memory of 4124	3932	16x.bin.exe	325
PID 3932 wrote to memory of 4180	3932	16x.bin.exe	326
PID 3932 wrote to memory of 4180	3932	16x.bin.exe	326
PID 3932 wrote to memory of 4180	3932	16x.bin.exe	326
PID 3932 wrote to memory of 4208	3932	16x.bin.exe	327
PID 3932 wrote to memory of 4208	3932	16x.bin.exe	327
PID 3932 wrote to memory of 4208	3932	16x.bin.exe	327
PID 3932 wrote to memory of 1372	3932	16x.bin.exe	328
PID 3932 wrote to memory of 1372	3932	16x.bin.exe	328
PID 3932 wrote to memory of 1372	3932	16x.bin.exe	328
PID 3932 wrote to memory of 2056	3932	16x.bin.exe	329
PID 3932 wrote to memory of 2056	3932	16x.bin.exe	329
PID 3932 wrote to memory of 2056	3932	16x.bin.exe	329
PID 3932 wrote to memory of 4252	3932	16x.bin.exe	330
PID 3932 wrote to memory of 4252	3932	16x.bin.exe	330
PID 3932 wrote to memory of 4252	3932	16x.bin.exe	330
PID 3932 wrote to memory of 4324	3932	16x.bin.exe	331
PID 3932 wrote to memory of 4324	3932	16x.bin.exe	331
PID 3932 wrote to memory of 4324	3932	16x.bin.exe	331
PID 3932 wrote to memory of 4340	3932	16x.bin.exe	332
PID 3932 wrote to memory of 4340	3932	16x.bin.exe	332
PID 3932 wrote to memory of 4340	3932	16x.bin.exe	332
PID 3932 wrote to memory of 4372	3932	16x.bin.exe	333
PID 3932 wrote to memory of 4372	3932	16x.bin.exe	333
PID 3932 wrote to memory of 4372	3932	16x.bin.exe	333
PID 3932 wrote to memory of 4404	3932	16x.bin.exe	334
PID 3932 wrote to memory of 4404	3932	16x.bin.exe	334
PID 3932 wrote to memory of 4404	3932	16x.bin.exe	334
PID 3932 wrote to memory of 4440	3932	16x.bin.exe	335
PID 3932 wrote to memory of 4440	3932	16x.bin.exe	335
PID 3932 wrote to memory of 4440	3932	16x.bin.exe	335
PID 3932 wrote to memory of 4432	3932	16x.bin.exe	336
PID 3932 wrote to memory of 4432	3932	16x.bin.exe	336
PID 3932 wrote to memory of 4432	3932	16x.bin.exe	336
PID 3932 wrote to memory of 4532	3932	16x.bin.exe	337
PID 3932 wrote to memory of 4532	3932	16x.bin.exe	337
PID 3932 wrote to memory of 4532	3932	16x.bin.exe	337
PID 3932 wrote to memory of 4528	3932	16x.bin.exe	338
PID 3932 wrote to memory of 4528	3932	16x.bin.exe	338
PID 3932 wrote to memory of 4528	3932	16x.bin.exe	338
PID 3932 wrote to memory of 4568	3932	16x.bin.exe	339
PID 3932 wrote to memory of 4568	3932	16x.bin.exe	339
PID 3932 wrote to memory of 4568	3932	16x.bin.exe	339
PID 3932 wrote to memory of 4632	3932	16x.bin.exe	340
PID 3932 wrote to memory of 4632	3932	16x.bin.exe	340
PID 3932 wrote to memory of 4632	3932	16x.bin.exe	340
PID 3932 wrote to memory of 4648	3932	16x.bin.exe	341
PID 3932 wrote to memory of 4648	3932	16x.bin.exe	341
PID 3932 wrote to memory of 4648	3932	16x.bin.exe	341
PID 3932 wrote to memory of 4680	3932	16x.bin.exe	342
PID 3932 wrote to memory of 4680	3932	16x.bin.exe	342
PID 3932 wrote to memory of 4680	3932	16x.bin.exe	342
PID 3932 wrote to memory of 4744	3932	16x.bin.exe	343
PID 3932 wrote to memory of 4744	3932	16x.bin.exe	343
PID 3932 wrote to memory of 4744	3932	16x.bin.exe	343
PID 3932 wrote to memory of 4768	3932	16x.bin.exe	344
PID 3932 wrote to memory of 4768	3932	16x.bin.exe	344
PID 3932 wrote to memory of 4768	3932	16x.bin.exe	344
PID 3932 wrote to memory of 2112	3932	16x.bin.exe	345
PID 3932 wrote to memory of 2112	3932	16x.bin.exe	345
PID 3932 wrote to memory of 2112	3932	16x.bin.exe	345
PID 3932 wrote to memory of 4048	3932	16x.bin.exe	346
PID 3932 wrote to memory of 4048	3932	16x.bin.exe	346
PID 3932 wrote to memory of 4048	3932	16x.bin.exe	346
PID 3932 wrote to memory of 4784	3932	16x.bin.exe	347
PID 3932 wrote to memory of 4784	3932	16x.bin.exe	347
PID 3932 wrote to memory of 4784	3932	16x.bin.exe	347
PID 3932 wrote to memory of 4816	3932	16x.bin.exe	348
PID 3932 wrote to memory of 4816	3932	16x.bin.exe	348
PID 3932 wrote to memory of 4816	3932	16x.bin.exe	348
PID 3932 wrote to memory of 4880	3932	16x.bin.exe	349
PID 3932 wrote to memory of 4880	3932	16x.bin.exe	349
PID 3932 wrote to memory of 4880	3932	16x.bin.exe	349
PID 3932 wrote to memory of 4932	3932	16x.bin.exe	350
PID 3932 wrote to memory of 4932	3932	16x.bin.exe	350
PID 3932 wrote to memory of 4932	3932	16x.bin.exe	350
PID 3932 wrote to memory of 4912	3932	16x.bin.exe	351
PID 3932 wrote to memory of 4912	3932	16x.bin.exe	351
PID 3932 wrote to memory of 4912	3932	16x.bin.exe	351
PID 3932 wrote to memory of 4976	3932	16x.bin.exe	352
PID 3932 wrote to memory of 4976	3932	16x.bin.exe	352
PID 3932 wrote to memory of 4976	3932	16x.bin.exe	352
PID 3932 wrote to memory of 5044	3932	16x.bin.exe	353
PID 3932 wrote to memory of 5044	3932	16x.bin.exe	353
PID 3932 wrote to memory of 5044	3932	16x.bin.exe	353
PID 3932 wrote to memory of 5060	3932	16x.bin.exe	354
PID 3932 wrote to memory of 5060	3932	16x.bin.exe	354
PID 3932 wrote to memory of 5060	3932	16x.bin.exe	354
PID 3932 wrote to memory of 4100	3932	16x.bin.exe	355
PID 3932 wrote to memory of 4100	3932	16x.bin.exe	355
PID 3932 wrote to memory of 4100	3932	16x.bin.exe	355
PID 3932 wrote to memory of 4108	3932	16x.bin.exe	356
PID 3932 wrote to memory of 4108	3932	16x.bin.exe	356
PID 3932 wrote to memory of 4108	3932	16x.bin.exe	356

C:\Users\Admin\AppData\Local\Temp\16x.bin.exe
"C:\Users\Admin\AppData\Local\Temp\16x.bin.exe"
1⤵
- Checks BIOS information in registry
- Identifies Wine through registry keys
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3932
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1440
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2424
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3424
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3180
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1544
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3736
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3224
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2152
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3644
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:512
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:800
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1192
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3836
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1028
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2848
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2460
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2468
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2404
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3344
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3876
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4016
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3808
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2544
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3764
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4064
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4056
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1556
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3924
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3208
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2116
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1492
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2820
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3828
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3824
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2188
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2436
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2484
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2240
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3476
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2720
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2608
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1112
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3548
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2964
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3820
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2856
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2440
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:720
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1840
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3880
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3688
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2488
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3956
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2472
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3968
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:204
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1180
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2408
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2516
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3556
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4012
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2480
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3832
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2412
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2532
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2900
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1432
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3948
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3540
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1044
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3812
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4020
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1452
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1552
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2728
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1116
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2060
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1144
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:188
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:612
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3884
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1444
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3192
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2068
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1100
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3532
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3908
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4104
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4120
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4136
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4152
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4168
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4184
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4200
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4216
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4232
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4248
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4264
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4280
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4296
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4312
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4328
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4344
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4360
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4380
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4396
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4412
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4428
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4444
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4460
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4476
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4492
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4508
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4524
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4540
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4556
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4572
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4588
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4604
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4620
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4636
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4652
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4668
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4684
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4700
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4716
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4732
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4748
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4764
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4780
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4796
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4812
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4828
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4844
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4860
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4876
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4892
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4908
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4924
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4940
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4956
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4972
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4988
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5004
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5020
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5036
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5052
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5068
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5084
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5100
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5116
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4112
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4132
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4140
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4176
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4196
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4204
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4240
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3492
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3188
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1064
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4272
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4292
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4300
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4336
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4356
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4364
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2092
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4388
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4408
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4416
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4456
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4484
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4516
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4536
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4544
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4580
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4600
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4608
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4644
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4664
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4672
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4708
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4728
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4736
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4772
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4792
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4800
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4836
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4856
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4864
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4900
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4920
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4928
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4964
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4984
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4992
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5028
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5048
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5056
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5092
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5112
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2136
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4144
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4156
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4192
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4228
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4256
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1004
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4260
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4288
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4308
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4320
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4368
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2084
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2572
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4420
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4436
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4472
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4488
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:492
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:488
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4576
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4616
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4628
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4676
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4688
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4712
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4760
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2104
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1784
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4044
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2748
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4824
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4852
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4848
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4896
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4936
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4948
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4996
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5008
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5032
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5080
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5108
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5104
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4124
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4180
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4208
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1372
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2056
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4252
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4324
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4340
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4372
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4404
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4440
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4432
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4532
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4528
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4568
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4632
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4648
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4680
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4744
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4768
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2112
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4048
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4784
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4816
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4880
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4932
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4912
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4976
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5044
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5060
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4100
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4108

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3932-2-0x0000000004B70000-0x0000000004B71000-memory.dmp

Filesize
4KB

Download
memory/3932-3-0x0000000005370000-0x0000000005371000-memory.dmp

Filesize
4KB

Download
memory/3932-5-0x0000000005370000-0x0000000005371000-memory.dmp

Filesize
4KB

Download
memory/3932-4-0x0000000004B70000-0x0000000004B71000-memory.dmp

Filesize
4KB

Download
memory/3932-8-0x0000000005370000-0x0000000005371000-memory.dmp

Filesize
4KB

Download
memory/3932-7-0x0000000004B70000-0x0000000004B71000-memory.dmp

Filesize
4KB

Download