c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

Analysis

max time kernel
153s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2022, 16:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf.exe
Size

92KB
MD5

1b678c066899e0dc27533f6bc2887fe1
SHA1

b632ad898a03ecbc38793a8c1cf29492e5468ab5
SHA256

c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf
SHA512

ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028
SSDEEP

1536:otIsIk/puNdsTKJtajlsOJeyvWlHFCZb9O5DwzbTiYnF+ZSgOmeWk/e2aM7xwC3R:8IsV/oN2TKJtaj7vGlCC2XF+JOme5m2P

Score

10^/10

persistence upx

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 7 IoCs

persistence

Winlogon Helper DLL

T1004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\config\\Win.exe"	sviq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\config\\Win.exe"	dc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\shell = "Explorer.exe C:\\Windows\\system32\\WinSit.exe"	c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\shell = "Explorer.exe C:\\Windows\\system32\\WinSit.exe"	Fun.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\shell = "Explorer.exe C:\\Windows\\system32\\WinSit.exe"	sviq.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\shell = "Explorer.exe C:\\Windows\\system32\\WinSit.exe"	dc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\config\\Win.exe"	Fun.exe

Executes dropped EXE 64 IoCs

pid	Process
4360	Fun.exe
2352	sviq.exe
3512	dc.exe
1872	sviq.exe
1044	dc.exe
744	dc.exe
1992	sviq.exe
4536	dc.exe
1068	sviq.exe
3024	sviq.exe
4868	dc.exe
3720	sviq.exe
4568	dc.exe
2140	dc.exe
3540	sviq.exe
3224	sviq.exe
1560	dc.exe
2340	dc.exe
3948	sviq.exe
2348	dc.exe
2380	sviq.exe
1328	sviq.exe
1984	dc.exe
908	sviq.exe
3688	dc.exe
4600	dc.exe
1804	sviq.exe
2400	sviq.exe
4736	dc.exe
3168	sviq.exe
2408	dc.exe
3736	dc.exe
1020	sviq.exe
1168	dc.exe
3176	sviq.exe
5088	sviq.exe
4020	dc.exe
2596	sviq.exe
3252	dc.exe
4604	dc.exe
2148	sviq.exe
1792	sviq.exe
3428	dc.exe
3404	sviq.exe
1476	dc.exe
3148	dc.exe
1296	sviq.exe
3540	sviq.exe
5072	dc.exe
3260	sviq.exe
4816	dc.exe
4520	dc.exe
2348	sviq.exe
4516	sviq.exe
1328	dc.exe
2200	sviq.exe
3732	dc.exe
1008	dc.exe
2956	dc.exe
3436	sviq.exe
4260	sviq.exe
4668	sviq.exe
576	dc.exe
4612	dc.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3080-133-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x0003000000022dd8-137.dat	upx
behavioral2/files/0x0003000000022dd8-138.dat	upx
behavioral2/files/0x0002000000022dde-142.dat	upx
behavioral2/files/0x0002000000022de1-145.dat	upx
behavioral2/files/0x0002000000022de0-144.dat	upx
behavioral2/files/0x0002000000022ddf-143.dat	upx
behavioral2/files/0x0002000000022ddf-147.dat	upx
behavioral2/files/0x0002000000022ddf-148.dat	upx
behavioral2/files/0x0002000000022dde-152.dat	upx
behavioral2/files/0x0002000000022de0-153.dat	upx
behavioral2/files/0x0002000000022de1-154.dat	upx
behavioral2/files/0x0002000000022dde-156.dat	upx
behavioral2/files/0x0002000000022dde-157.dat	upx
behavioral2/files/0x0002000000022de0-161.dat	upx
behavioral2/files/0x0002000000022de1-162.dat	upx
behavioral2/files/0x0002000000022ddf-164.dat	upx
behavioral2/memory/1872-168-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/memory/3080-169-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/memory/4360-170-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/memory/2352-171-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/memory/3512-172-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x0002000000022dde-174.dat	upx
behavioral2/files/0x0002000000022ddf-182.dat	upx
behavioral2/files/0x0002000000022dde-180.dat	upx
behavioral2/memory/1044-181-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x0002000000022dde-189.dat	upx
behavioral2/files/0x0002000000022ddf-192.dat	upx
behavioral2/memory/744-195-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/memory/1992-198-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/memory/4536-200-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/memory/1068-201-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/memory/4536-204-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x0002000000022ddf-205.dat	upx
behavioral2/memory/1068-206-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/memory/3024-210-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x0002000000022dde-212.dat	upx
behavioral2/memory/4868-215-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x0002000000022ddf-218.dat	upx
behavioral2/memory/4868-219-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x0002000000022dde-224.dat	upx
behavioral2/files/0x0002000000022de1-225.dat	upx
behavioral2/memory/3720-228-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x0002000000022dde-231.dat	upx
behavioral2/files/0x0002000000022ddf-235.dat	upx
behavioral2/memory/4568-234-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/memory/3540-244-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x0002000000022ddf-243.dat	upx
behavioral2/memory/2140-242-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/memory/3224-247-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/memory/3224-249-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x0002000000022dde-251.dat	upx
behavioral2/files/0x0002000000022dde-255.dat	upx
behavioral2/memory/1560-263-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/memory/2340-262-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x0002000000022dde-265.dat	upx
behavioral2/files/0x0002000000022ddf-264.dat	upx
behavioral2/memory/1560-259-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/memory/2340-272-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x0002000000022ddf-273.dat	upx
behavioral2/memory/3948-280-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/files/0x0002000000022ddf-279.dat	upx
behavioral2/memory/1328-285-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral2/memory/2380-286-0x0000000000400000-0x0000000000427000-memory.dmp	upx

Drops file in System32 directory 20 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\dc.exe	c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf.exe
File opened for modification	C:\Windows\SysWOW64\sviq.exe	Fun.exe
File opened for modification	C:\Windows\SysWOW64\WinSit.exe	Fun.exe
File opened for modification	C:\Windows\SysWOW64\config\Win.exe	sviq.exe
File opened for modification	C:\Windows\SysWOW64\WinSit.exe	dc.exe
File created	C:\Windows\SysWOW64\dc.exe	c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf.exe
File created	C:\Windows\SysWOW64\WinSit.exe	c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf.exe
File opened for modification	C:\Windows\SysWOW64\WinSit.exe	c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf.exe
File opened for modification	C:\Windows\SysWOW64\config\Win.exe	dc.exe
File opened for modification	C:\Windows\SysWOW64\sviq.exe	c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf.exe
File created	C:\Windows\SysWOW64\config\Win.exe	c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf.exe
File opened for modification	C:\Windows\SysWOW64\config\Win.exe	c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf.exe
File created	C:\Windows\SysWOW64\sviq.exe	sviq.exe
File opened for modification	C:\Windows\SysWOW64\WinSit.exe	sviq.exe
File created	C:\Windows\SysWOW64\dc.exe	dc.exe
File created	C:\Windows\SysWOW64\sviq.exe	c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf.exe
File opened for modification	C:\Windows\SysWOW64\config\Win.exe	Fun.exe
File opened for modification	C:\Windows\SysWOW64\dc.exe	sviq.exe
File created	C:\Windows\SysWOW64\sviq.exe	dc.exe
File opened for modification	C:\Windows\SysWOW64\dc.exe	Fun.exe

Drops file in Windows directory 6 IoCs

description	ioc	Process
File created	C:\Windows\system\Fun.exe	sviq.exe
File created	C:\WINDOWS\repair.ini	Fun.exe
File created	C:\Windows\system\Fun.exe	dc.exe
File created	C:\Windows\system\Fun.exe	c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf.exe
File opened for modification	C:\Windows\system\Fun.exe	c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf.exe
File created	C:\Windows\system\Fun.exe	Fun.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3080	c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf.exe
3080	c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf.exe
3080	c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf.exe
3080	c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf.exe
4360	Fun.exe
4360	Fun.exe
2352	sviq.exe
2352	sviq.exe
3512	dc.exe
3512	dc.exe
1872	sviq.exe
1872	sviq.exe
4360	Fun.exe
4360	Fun.exe
2352	sviq.exe
2352	sviq.exe
1044	dc.exe
1044	dc.exe
3512	dc.exe
3512	dc.exe
744	dc.exe
744	dc.exe
1992	sviq.exe
1992	sviq.exe
4536	dc.exe
4536	dc.exe
1068	sviq.exe
1068	sviq.exe
3024	sviq.exe
3024	sviq.exe
4360	Fun.exe
4360	Fun.exe
4868	dc.exe
4868	dc.exe
2352	sviq.exe
2352	sviq.exe
3720	sviq.exe
3720	sviq.exe
3512	dc.exe
3512	dc.exe
4568	dc.exe
4568	dc.exe
2140	dc.exe
2140	dc.exe
3540	sviq.exe
3540	sviq.exe
3224	sviq.exe
3224	sviq.exe
4360	Fun.exe
4360	Fun.exe
2352	sviq.exe
2352	sviq.exe
1560	dc.exe
1560	dc.exe
3512	dc.exe
3512	dc.exe
2340	dc.exe
2340	dc.exe
2348	dc.exe
2348	dc.exe
3948	sviq.exe
3948	sviq.exe
2380	sviq.exe
1328	sviq.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3080	c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf.exe
3080	c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf.exe
4360	Fun.exe
4360	Fun.exe
2352	sviq.exe
2352	sviq.exe
3512	dc.exe
3512	dc.exe
1872	sviq.exe
1872	sviq.exe
1044	dc.exe
1044	dc.exe
744	dc.exe
1992	sviq.exe
744	dc.exe
1992	sviq.exe
4536	dc.exe
1068	sviq.exe
4536	dc.exe
1068	sviq.exe
3024	sviq.exe
3024	sviq.exe
4868	dc.exe
4868	dc.exe
3720	sviq.exe
3720	sviq.exe
4568	dc.exe
4568	dc.exe
2140	dc.exe
3540	sviq.exe
2140	dc.exe
3540	sviq.exe
3224	sviq.exe
3224	sviq.exe
1560	dc.exe
1560	dc.exe
2340	dc.exe
3948	sviq.exe
2340	dc.exe
2348	dc.exe
3948	sviq.exe
2348	dc.exe
2380	sviq.exe
1328	sviq.exe
1328	sviq.exe
2380	sviq.exe
1984	dc.exe
1984	dc.exe
908	sviq.exe
908	sviq.exe
4600	dc.exe
3688	dc.exe
4600	dc.exe
3688	dc.exe
1804	sviq.exe
2400	sviq.exe
1804	sviq.exe
4736	dc.exe
4736	dc.exe
2400	sviq.exe
3168	sviq.exe
3168	sviq.exe
2408	dc.exe
2408	dc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3080 wrote to memory of 4360	3080	c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf.exe	83
PID 3080 wrote to memory of 4360	3080	c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf.exe	83
PID 3080 wrote to memory of 4360	3080	c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf.exe	83
PID 4360 wrote to memory of 2352	4360	Fun.exe	84
PID 4360 wrote to memory of 2352	4360	Fun.exe	84
PID 4360 wrote to memory of 2352	4360	Fun.exe	84
PID 3080 wrote to memory of 3512	3080	c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf.exe	85
PID 3080 wrote to memory of 3512	3080	c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf.exe	85
PID 3080 wrote to memory of 3512	3080	c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf.exe	85
PID 3080 wrote to memory of 1872	3080	c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf.exe	86
PID 3080 wrote to memory of 1872	3080	c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf.exe	86
PID 3080 wrote to memory of 1872	3080	c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf.exe	86
PID 4360 wrote to memory of 1044	4360	Fun.exe	89
PID 4360 wrote to memory of 1044	4360	Fun.exe	89
PID 4360 wrote to memory of 1044	4360	Fun.exe	89
PID 2352 wrote to memory of 744	2352	sviq.exe	90
PID 2352 wrote to memory of 744	2352	sviq.exe	90
PID 2352 wrote to memory of 744	2352	sviq.exe	90
PID 4360 wrote to memory of 1992	4360	Fun.exe	91
PID 4360 wrote to memory of 1992	4360	Fun.exe	91
PID 4360 wrote to memory of 1992	4360	Fun.exe	91
PID 3512 wrote to memory of 4536	3512	dc.exe	92
PID 3512 wrote to memory of 4536	3512	dc.exe	92
PID 3512 wrote to memory of 4536	3512	dc.exe	92
PID 2352 wrote to memory of 1068	2352	sviq.exe	93
PID 2352 wrote to memory of 1068	2352	sviq.exe	93
PID 2352 wrote to memory of 1068	2352	sviq.exe	93
PID 3512 wrote to memory of 3024	3512	dc.exe	94
PID 3512 wrote to memory of 3024	3512	dc.exe	94
PID 3512 wrote to memory of 3024	3512	dc.exe	94
PID 4360 wrote to memory of 4868	4360	Fun.exe	96
PID 4360 wrote to memory of 4868	4360	Fun.exe	96
PID 4360 wrote to memory of 4868	4360	Fun.exe	96
PID 4360 wrote to memory of 3720	4360	Fun.exe	97
PID 4360 wrote to memory of 3720	4360	Fun.exe	97
PID 4360 wrote to memory of 3720	4360	Fun.exe	97
PID 2352 wrote to memory of 4568	2352	sviq.exe	98
PID 2352 wrote to memory of 4568	2352	sviq.exe	98
PID 2352 wrote to memory of 4568	2352	sviq.exe	98
PID 3512 wrote to memory of 2140	3512	dc.exe	99
PID 3512 wrote to memory of 2140	3512	dc.exe	99
PID 3512 wrote to memory of 2140	3512	dc.exe	99
PID 2352 wrote to memory of 3540	2352	sviq.exe	100
PID 2352 wrote to memory of 3540	2352	sviq.exe	100
PID 2352 wrote to memory of 3540	2352	sviq.exe	100
PID 3512 wrote to memory of 3224	3512	dc.exe	101
PID 3512 wrote to memory of 3224	3512	dc.exe	101
PID 3512 wrote to memory of 3224	3512	dc.exe	101
PID 4360 wrote to memory of 1560	4360	Fun.exe	102
PID 4360 wrote to memory of 1560	4360	Fun.exe	102
PID 4360 wrote to memory of 1560	4360	Fun.exe	102
PID 2352 wrote to memory of 2340	2352	sviq.exe	103
PID 2352 wrote to memory of 2340	2352	sviq.exe	103
PID 2352 wrote to memory of 2340	2352	sviq.exe	103
PID 4360 wrote to memory of 3948	4360	Fun.exe	104
PID 4360 wrote to memory of 3948	4360	Fun.exe	104
PID 4360 wrote to memory of 3948	4360	Fun.exe	104
PID 3512 wrote to memory of 2348	3512	dc.exe	105
PID 3512 wrote to memory of 2348	3512	dc.exe	105
PID 3512 wrote to memory of 2348	3512	dc.exe	105
PID 2352 wrote to memory of 2380	2352	sviq.exe	106
PID 2352 wrote to memory of 2380	2352	sviq.exe	106
PID 2352 wrote to memory of 2380	2352	sviq.exe	106
PID 3512 wrote to memory of 1328	3512	dc.exe	107

C:\Users\Admin\AppData\Local\Temp\c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf.exe
"C:\Users\Admin\AppData\Local\Temp\c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf.exe"
1⤵
- Modifies WinLogon for persistence
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3080
- C:\Windows\system\Fun.exe
  C:\Windows\system\Fun.exe
  2⤵
  - Modifies WinLogon for persistence
  - Executes dropped EXE
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4360
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    - Modifies WinLogon for persistence
    - Executes dropped EXE
    - Drops file in System32 directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2352
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      PID:744
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      PID:1068
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      PID:4568
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      PID:3540
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      PID:2340
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      PID:2380
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3688
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2400
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      Executes dropped EXE
      PID:3736
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      Executes dropped EXE
      PID:3176
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      Executes dropped EXE
      PID:3252
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      Executes dropped EXE
      PID:1792
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      Executes dropped EXE
      PID:3148
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      Executes dropped EXE
      PID:1296
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      Executes dropped EXE
      PID:4520
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      Executes dropped EXE
      PID:2348
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      Executes dropped EXE
      PID:1008
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      Executes dropped EXE
      PID:4260
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      Executes dropped EXE
      PID:576
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:3980
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:4376
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:3080
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:3820
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:1044
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:3720
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:1376
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:2468
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:3020
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:2984
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:4816
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:4432
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:3432
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:2956
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:4736
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:3856
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:2156
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:3620
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:236
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:4896
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:2676
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:1376
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:4780
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:2084
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:4872
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:4180
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:2816
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:4300
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:2120
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:2680
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:2908
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:1588
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:336
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:3976
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:3724
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:4380
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:4604
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:4536
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:3148
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:400
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:1372
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:232
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:396
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:3676
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:2508
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:4300
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:3344
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:3288
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:1420
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:3508
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:4916
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:4656
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:4344
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:1100
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:2396
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:1448
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:1476
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:400
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:1616
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:4012
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:1688
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:4960
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:2804
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:4300
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:4400
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:4768
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:3904
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:3856
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:2792
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:228
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:856
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:4540
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:1228
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:4536
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:1264
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:4608
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:5084
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:2812
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:3220
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:2984
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:4816
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:3228
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:3900
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:4260
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:2524
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:3036
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:4404
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:1168
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:4672
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:2296
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:1876
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:3996
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:4568
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:1264
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:3148
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:3776
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:3844
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:4788
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:3412
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:2768
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:2112
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:1736
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:4432
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:2908
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:900
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:1420
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:3980
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:2168
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:1900
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:2296
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:3468
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:3428
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:3548
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:1684
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:4740
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:1616
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:4316
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:4176
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:468
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:4544
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:1212
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:1396
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:1892
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:4300
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:4312
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:4368
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:4940
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:2124
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:1592
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:4656
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:4492
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:4240
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:4540
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:888
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:3492
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:1360
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:4332
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:2228
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:2072
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:4084
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:4140
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:3208
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:4160
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:1984
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:3436
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:1516
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:1484
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:4016
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:4676
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:3496
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:3308
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:4224
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:476
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:2672
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:1584
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:4000
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:2140
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:332
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:212
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:2480
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:4180
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:4732
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:2916
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:5032
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:4512
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:3188
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:4928
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:1092
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:828
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:2240
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:2156
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:1148
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:4572
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:3620
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:1228
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:4568
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:3404
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:4352
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:1684
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:4584
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:1080
  - - C:\Windows\SysWOW64\dc.exe
      C:\Windows\system32\dc.exe
      4⤵
      PID:884
  - - C:\Windows\SysWOW64\sviq.exe
      C:\Windows\system32\sviq.exe
      4⤵
      PID:768
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:1044
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:1992
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:4868
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:3720
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:1560
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:3948
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1984
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:908
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4736
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3168
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    - Executes dropped EXE
    PID:1168
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    - Executes dropped EXE
    PID:5088
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    - Executes dropped EXE
    PID:4604
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    - Executes dropped EXE
    PID:2148
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    - Executes dropped EXE
    PID:1476
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    - Executes dropped EXE
    PID:3540
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    - Executes dropped EXE
    PID:4816
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    - Executes dropped EXE
    PID:4516
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    - Executes dropped EXE
    PID:3732
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    - Executes dropped EXE
    PID:3436
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    - Executes dropped EXE
    PID:4612
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4808
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:4264
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:3792
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:3548
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:2148
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:5020
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:1616
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:4012
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:3412
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:1220
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:1604
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:1736
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:2420
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:3972
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:828
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:4912
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:204
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:3780
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4424
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:4428
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:1372
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:4788
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4136
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:1036
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:2380
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:3228
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:1824
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:4768
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:1484
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:4612
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:5088
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:3792
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4224
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:2160
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4148
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:4876
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:220
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:3440
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4012
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:1820
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4516
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:4512
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:3100
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:1176
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4064
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:3824
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4560
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:1608
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:3468
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:2148
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4424
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:4332
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:5084
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:3020
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:3440
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:2340
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:2816
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:2304
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:2508
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:3424
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:2524
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:4500
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:3980
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:3744
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4756
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:1876
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:1164
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:3028
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:3456
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:4884
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:3488
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:1372
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:3016
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:2532
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4792
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:1328
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:2528
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:4432
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:3344
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:3120
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4940
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:336
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4676
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:4364
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4572
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:3740
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:720
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:852
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:5096
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:2764
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4000
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:4984
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:1452
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:4084
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4140
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:2916
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:3476
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:3876
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:700
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:3188
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4368
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:4728
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:2124
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:4376
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4656
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:560
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:3740
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:1436
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4424
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:4932
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:2140
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:5076
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:1304
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:1072
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4180
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:2768
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:2304
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:700
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:1220
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:3556
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:3388
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:3036
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4404
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:648
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:3560
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:4344
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4912
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:3304
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4564
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:3004
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:1684
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:5112
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:2184
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:3948
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:2340
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:4544
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4816
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:1396
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:3228
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:3044
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4312
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:2868
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:788
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:4916
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:3168
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:4588
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4344
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:4632
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:2088
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:4868
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4884
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:388
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:5084
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:3020
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:2072
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:2200
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:1980
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:3208
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4160
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:1984
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:3436
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:3736
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:3484
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:4016
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4648
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:2572
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4812
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:3496
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:3784
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:2416
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:560
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:3368
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4424
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:3148
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4852
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:3628
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4872
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:4012
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4004
- C:\Windows\SysWOW64\dc.exe
  C:\Windows\system32\dc.exe
  2⤵
  - Modifies WinLogon for persistence
  - Executes dropped EXE
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3512
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:4536
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:3024
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:2140
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:3224
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:2348
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:1328
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4600
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1804
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2408
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    - Executes dropped EXE
    PID:1020
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    - Executes dropped EXE
    PID:4020
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    - Executes dropped EXE
    PID:2596
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    - Executes dropped EXE
    PID:3428
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    - Executes dropped EXE
    PID:3404
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    - Executes dropped EXE
    PID:5072
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    - Executes dropped EXE
    PID:3260
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    - Executes dropped EXE
    PID:1328
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    - Executes dropped EXE
    PID:2200
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    - Executes dropped EXE
    PID:2956
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    - Executes dropped EXE
    PID:4668
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:2156
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4728
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:204
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:3740
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:476
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4868
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:2140
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4876
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:232
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:1152
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:2304
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:2436
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:3044
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:564
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:1176
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4404
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:2572
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:1520
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:1344
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:3820
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:4720
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4568
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:4332
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:1616
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:860
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:1836
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:3152
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4048
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:3520
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:1840
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:1804
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:1904
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:5052
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4980
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:3244
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:3620
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:2460
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:3024
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:4172
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:3540
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:4664
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:3020
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:4084
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:3212
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:2304
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:700
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:2120
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:2280
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:4168
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:1284
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:4284
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:3168
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:1880
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4072
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:3428
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:1436
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:1684
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4244
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:332
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:212
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:2480
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:3400
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:3208
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:1220
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:2120
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:900
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:4736
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:1356
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:2156
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4292
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:4620
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:560
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:476
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:5096
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:2764
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:1300
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:4308
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4788
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:1424
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:1276
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:4384
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:3532
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:1824
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4400
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:2868
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:1588
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:4284
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4648
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:3244
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:236
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:4540
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:3404
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:4536
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:3136
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:1256
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:2772
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:4308
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:468
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:2344
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:1424
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:1984
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:1932
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:3344
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4996
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:4940
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4784
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:1592
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4812
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:4492
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4344
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:720
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:2596
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:3492
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:1448
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:1360
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4332
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:4872
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:2072
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:4084
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4140
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:3208
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4160
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:3672
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:3044
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:1364
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:5048
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:3980
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4728
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:4196
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4572
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:2296
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:1164
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:2148
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:3728
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:3540
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:3768
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:3844
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:1304
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:824
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:232
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:1212
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:3476
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:1604
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:564
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:5068
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:3120
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:828
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:3856
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:2652
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:1900
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:236
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:3608
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:2244
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:3456
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:1448
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:1556
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:3908
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:400
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:2812
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:3544
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:3400
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:2528
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:4356
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:1604
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:3988
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:3388
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:508
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:788
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:1384
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4936
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:4052
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:3888
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:4492
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4232
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:2460
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4220
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:3924
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:4552
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:3376
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:1360
- - C:\Windows\SysWOW64\dc.exe
    C:\Windows\system32\dc.exe
    3⤵
    PID:2136
- - C:\Windows\SysWOW64\sviq.exe
    C:\Windows\system32\sviq.exe
    3⤵
    PID:3220
- C:\Windows\SysWOW64\sviq.exe
  C:\Windows\system32\sviq.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:1872

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

T1004

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\WinSit.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\WinSit.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\WinSit.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\config\Win.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\config\Win.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\config\Win.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\config\Win.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\dc.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\dc.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\dc.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\dc.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\dc.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\dc.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\dc.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\dc.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\dc.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\dc.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\dc.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\dc.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\dc.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\dc.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\dc.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\dc.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\dc.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\dc.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\dc.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\dc.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\dc.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\dc.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\dc.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\dc.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\dc.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\dc.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\dc.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\dc.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\sviq.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\sviq.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\sviq.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\sviq.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\sviq.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\sviq.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\sviq.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\sviq.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\sviq.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\sviq.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\sviq.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\sviq.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\sviq.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\sviq.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\sviq.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\sviq.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\sviq.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\sviq.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\sviq.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\sviq.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\sviq.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\sviq.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\sviq.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\sviq.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\sviq.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\sviq.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\SysWOW64\sviq.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\System\Fun.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
C:\Windows\system\Fun.exe

Filesize
92KB

MD5
1b678c066899e0dc27533f6bc2887fe1

SHA1
b632ad898a03ecbc38793a8c1cf29492e5468ab5

SHA256
c6ab9fe941290c0ed818d0118e22f66aa647f4fc073682d4ee03998cd95dfbcf

SHA512
ed41de5bb5284c6d6d987a9e8a6702f32134b6bb965873de07405af2dbe71738d8cca00498ec1c773937ea7432edd06e38767715370f7f049e330c16b146d028

Download Submit
memory/744-195-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/908-298-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1020-361-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1044-181-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1068-206-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1068-201-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1168-363-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1296-442-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1296-446-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1328-285-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1476-433-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1560-263-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1560-259-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1792-409-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1872-168-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1984-294-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1992-198-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2140-242-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2148-408-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2340-262-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2340-272-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2352-171-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2352-387-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2380-286-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2400-328-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2408-342-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2596-393-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2596-398-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3024-210-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3080-169-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3080-133-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3148-435-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3168-334-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3176-368-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3224-247-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3224-249-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3252-394-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3252-399-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3260-459-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3428-418-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3428-414-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3512-389-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3512-172-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3540-244-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3540-443-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3540-448-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3688-309-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3688-314-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3720-228-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3948-280-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4020-375-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4360-384-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4360-170-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4520-472-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4536-200-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4536-204-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4568-234-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4600-311-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4604-396-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4736-329-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4816-471-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4868-215-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4868-219-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/5072-454-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download