Analysis Report Ue0N2amgcH

AV Detection:

Antivirus / Scanner detection for submitted sample

Source: Ue0N2amgcH.exe

Avira: detected

Antivirus detection for dropped file

Source: C:\Windows\SysWOW64\sdra64.exe

Avira: detection malicious, Label: TR/Dropper.Gen

Multi AV Scanner detection for submitted file

Source: Ue0N2amgcH.exe	Virustotal: Detection: 90%			Perma Link
Source: Ue0N2amgcH.exe	ReversingLabs: Detection: 100%

Machine Learning detection for dropped file

Source: C:\Windows\SysWOW64\sdra64.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: Ue0N2amgcH.exe

Joe Sandbox ML: detected

Antivirus or Machine Learning detection for unpacked file

Source: 0.1.Ue0N2amgcH.exe.400000.0.unpack	Avira: Label: TR/Crypt.XPACK.Gen3
Source: 0.0.Ue0N2amgcH.exe.400000.0.unpack	Avira: Label: TR/Crypt.ZPACK.Gen

Cryptography:

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Users\user\Desktop\Ue0N2amgcH.exe

Code function: 0_2_0040DE73 CryptAcquireContextW,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,

0_2_0040DE73

Compliance:

Uses 32bit PE files

Source: Ue0N2amgcH.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED

Spreading:

Contains functionality to enumerate / list files inside a directory

Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Code function: 0_2_0040A077 PathCombineW,FindFirstFileW,PathMatchSpecW,PathCombineW,FindNextFileW,FindClose,		0_2_0040A077
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Code function: 0_2_00411039 FindFirstFileW,FindClose,FindFirstFileW,FindClose,CreateMutexW,MoveFileExW,		0_2_00411039
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Code function: 0_2_0040F89A PathCombineW,FindFirstFileW,PathCombineW,PathCombineW,FindNextFileW,FindClose,		0_2_0040F89A
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Code function: 0_2_004040B8 PathCombineW,FindFirstFileW,PathCombineW,WaitForSingleObject,RtlEnterCriticalSection,PathMatchSpecW,PathCombineW,wnsprintfW,WaitForSingleObject,RtlLeaveCriticalSection,Sleep,FindNextFileW,FindClose,		0_2_004040B8
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Code function: 0_2_00406EBD ExpandEnvironmentStringsW,FindFirstFileW,PathRemoveFileSpecW,PathCombineW,FindNextFileW,FindClose,		0_2_00406EBD

Networking:

Contains functionality to download additional files from the internet

Source: C:\Users\user\Desktop\Ue0N2amgcH.exe

Code function: 0_2_0040B44D RtlAllocateHeap,CreateEventW,InternetQueryOptionA,InternetSetStatusCallback,InternetSetOptionA,InternetReadFileExA,GetLastError,DispatchMessageW,PeekMessageW,MsgWaitForMultipleObjects,ResetEvent,InternetSetOptionA,InternetSetStatusCallback,CloseHandle,InternetQueryOptionA,InternetCrackUrlA,GetSystemTime,wnsprintfW,GetSystemTime,InternetQueryOptionA,GetUrlCacheEntryInfoW,RtlEnterCriticalSection,RtlLeaveCriticalSection,

0_2_0040B44D

Urls found in memory or binary data

Source: Ue0N2amgcH.exe, 00000000.00000002.464238365.00000000023F3000.00000004.00000040.sdmp

String found in binary or memory: https://onlineeast#.bankofamerica.com/cgi-bin/ias/

Key, Mouse, Clipboard, Microphone and Screen Capturing:

Contains functionality to read the clipboard data

Source: C:\Users\user\Desktop\Ue0N2amgcH.exe

Code function: 0_2_0040554F GetClipboardData,GlobalFix,GlobalUnWire,

0_2_0040554F

Contains functionality to retrieve information about pressed keystrokes

Source: C:\Users\user\Desktop\Ue0N2amgcH.exe

Code function: 0_2_004056B3 GetTickCount,GetCurrentProcessId,wnsprintfW,GetKeyState,GetKeyState,GetKeyboardState,ToUnicode,WideCharToMultiByte,

0_2_004056B3

System Summary:

Contains functionality to call native functions

Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Code function: 0_2_00406C0D NtQueryInformationProcess,CreateToolhelp32Snapshot,Thread32First,Thread32Next,CloseHandle,NtCreateThread,		0_2_00406C0D
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Code function: 0_2_0040528A NtQueryDirectoryFile,NtQueryObject,lstrcmpiW,		0_2_0040528A
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Code function: 0_2_00409697 CreateFileW,NtQueryObject,lstrcpyW,CloseHandle,		0_2_00409697

Contains functionality to launch a process as a different user

Source: C:\Users\user\Desktop\Ue0N2amgcH.exe

Code function: 0_2_00409CF9 GetProcAddress,LoadLibraryA,GetProcAddress,FreeLibrary,GetForegroundWindow,GetWindowThreadProcessId,OpenProcess,OpenProcessToken,CloseHandle,DuplicateTokenEx,LoadLibraryA,GetProcAddress,GetProcAddress,CreateProcessAsUserW,CloseHandle,CloseHandle,CreateProcessW,CloseHandle,CloseHandle,

0_2_00409CF9

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Desktop\Ue0N2amgcH.exe

Code function: 0_2_0040A16B ExitWindowsEx,

0_2_0040A16B

Creates files inside the system directory

Source: C:\Users\user\Desktop\Ue0N2amgcH.exe

File created: C:\Windows\SysWOW64\sdra64.exe

Jump to behavior

Detected potential crypto function

Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Code function: 0_2_00412014		0_2_00412014
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Code function: 0_2_0040DFED		0_2_0040DFED
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Code function: 0_2_0040DD80		0_2_0040DD80

Uses 32bit PE files

Source: Ue0N2amgcH.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED

PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)

Source: Ue0N2amgcH.exe	Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: sdra64.exe.0.dr	Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Classification label

Source: classification engine

Classification label: mal100.evad.winEXE@1/2@0/0

Contains functionality to access the windows certificate store

Source: C:\Users\user\Desktop\Ue0N2amgcH.exe

Code function: 0_2_00403DAD CertOpenSystemStoreW,PFXExportCertStore,PFXExportCertStore,GetSystemTime,wnsprintfW,CertDuplicateCertificateContext,CertDeleteCRLFromStore,CertEnumCertificatesInStore,CertCloseStore,

0_2_00403DAD

Contains functionality to adjust token privileges (e.g. debug / backup)

Source: C:\Users\user\Desktop\Ue0N2amgcH.exe

Code function: 0_2_0040F0FC OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,FindCloseChangeNotification,

0_2_0040F0FC

Contains functionality to enum processes or threads

Source: C:\Users\user\Desktop\Ue0N2amgcH.exe

Code function: 0_2_00405808 CreateToolhelp32Snapshot,Process32FirstW,lstrcmpiW,Process32NextW,FindCloseChangeNotification,

0_2_00405808

Creates mutexes

Source: C:\Users\user\Desktop\Ue0N2amgcH.exe

Mutant created: \Sessions\1\BaseNamedObjects\_AVIRA_21099

PE file has an executable .text section and no other executable section

Source: Ue0N2amgcH.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Reads software policies

Source: C:\Users\user\Desktop\Ue0N2amgcH.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Sample is known by Antivirus

Source: Ue0N2amgcH.exe	Virustotal: Detection: 90%
Source: Ue0N2amgcH.exe	ReversingLabs: Detection: 100%

Sample reads its own file content

Source: C:\Users\user\Desktop\Ue0N2amgcH.exe

File read: C:\Users\user\Desktop\Ue0N2amgcH.exe

Jump to behavior

Data Obfuscation:

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\Ue0N2amgcH.exe

Unpacked PE file: 0.2.Ue0N2amgcH.exe.400000.0.unpack .text:ER;.rdata:R;.data:W; vs .text:ER;.data:W;.reloc:R;.data1:W;

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\Ue0N2amgcH.exe

Code function: 0_2_004093CD LoadLibraryA,GetProcAddress,

0_2_004093CD

Binary may include packed or encrypted code

Source: initial sample	Static PE information: section name: .text entropy: 7.30372755134
Source: initial sample	Static PE information: section name: .text entropy: 7.30372755134

Persistence and Installation Behavior:

Drops PE files

Source: C:\Users\user\Desktop\Ue0N2amgcH.exe

File created: C:\Windows\SysWOW64\sdra64.exe

Jump to dropped file

Drops PE files to the windows directory (C:\Windows)

Source: C:\Users\user\Desktop\Ue0N2amgcH.exe

File created: C:\Windows\SysWOW64\sdra64.exe

Jump to dropped file

Boot Survival:

Creates an undocumented autostart registry key

Source: C:\Users\user\Desktop\Ue0N2amgcH.exe

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon userinit

Jump to behavior

Hooking and other Techniques for Hiding and Protection:

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Users\user\Desktop\Ue0N2amgcH.exe

Code function: 0_2_00407D61 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadCursorW,GetIconInfo,GetCursorPos,DrawIcon,lstrcmpiW,

0_2_00407D61

Malware Analysis System Evasion:

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\Ue0N2amgcH.exe

Dropped PE file which has not been started: C:\Windows\SysWOW64\sdra64.exe

Jump to dropped file

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\Ue0N2amgcH.exe TID: 4168

Thread sleep count: 193 > 30

Jump to behavior

Contains functionality to enumerate / list files inside a directory

Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Code function: 0_2_0040A077 PathCombineW,FindFirstFileW,PathMatchSpecW,PathCombineW,FindNextFileW,FindClose,		0_2_0040A077
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Code function: 0_2_00411039 FindFirstFileW,FindClose,FindFirstFileW,FindClose,CreateMutexW,MoveFileExW,		0_2_00411039
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Code function: 0_2_0040F89A PathCombineW,FindFirstFileW,PathCombineW,PathCombineW,FindNextFileW,FindClose,		0_2_0040F89A
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Code function: 0_2_004040B8 PathCombineW,FindFirstFileW,PathCombineW,WaitForSingleObject,RtlEnterCriticalSection,PathMatchSpecW,PathCombineW,wnsprintfW,WaitForSingleObject,RtlLeaveCriticalSection,Sleep,FindNextFileW,FindClose,		0_2_004040B8
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Code function: 0_2_00406EBD ExpandEnvironmentStringsW,FindFirstFileW,PathRemoveFileSpecW,PathCombineW,FindNextFileW,FindClose,		0_2_00406EBD

Queries a list of all running processes

Source: C:\Users\user\Desktop\Ue0N2amgcH.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging:

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Users\user\Desktop\Ue0N2amgcH.exe

Code function: 0_2_00405171 LdrGetProcedureAddress,

0_2_00405171

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\Ue0N2amgcH.exe

Code function: 0_2_004093CD LoadLibraryA,GetProcAddress,

0_2_004093CD

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\Desktop\Ue0N2amgcH.exe

Code function: 0_2_00409475 HeapCreate,GetProcessHeap,RtlAllocateHeap,GetCurrentProcessId,IsBadHugeReadPtr,GetUserDefaultUILanguage,GetUserNameW,

0_2_00409475

Enables debug privileges

Source: C:\Users\user\Desktop\Ue0N2amgcH.exe

Process token adjusted: Debug

Jump to behavior

HIPS / PFW / Operating System Protection Evasion:

Allocates memory in foreign processes

Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: 400000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: 400000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: 401000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: 412000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: 414000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: 416000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: C940000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: C940000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: C941000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: C952000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: C954000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: C956000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: C960000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: C960000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: C961000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: C972000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: C974000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: C976000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: C980000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: C980000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: C981000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: C992000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: C994000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: C996000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: C9A0000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: C9A0000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: C9A1000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: C9B2000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: C9B4000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: C9B6000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: C9C0000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: C9C0000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: C9C1000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: C9D2000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: C9D4000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: C9D6000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: C9E0000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: C9E0000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: C9E1000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: C9F2000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: C9F4000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: C9F6000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CA00000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CA00000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CA01000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CA12000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CA14000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CA16000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CA20000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CA20000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CA21000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CA32000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CA34000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CA36000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CA40000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CA40000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CA41000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CA52000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CA54000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CA56000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CA60000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CA60000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CA61000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CA72000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CA74000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CA76000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CA80000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CA80000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CA81000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CA92000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CA94000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CA96000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CAA0000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CAA0000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CAA1000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CAB2000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CAB4000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CAB6000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CAC0000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CAC0000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CAC1000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CAD2000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CAD4000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CAD6000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CAE0000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CAE0000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CAE1000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CAF2000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CAF4000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CAF6000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CB00000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CB00000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CB01000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CB12000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CB14000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CB16000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CB20000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CB20000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CB21000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CB32000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CB34000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CB36000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CB40000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CB40000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CB41000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CB52000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CB54000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CB56000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CB60000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CB60000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CB61000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CB72000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CB74000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CB76000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CB80000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CB80000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CB81000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CB92000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CB94000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CB96000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CBA0000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CBA0000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CBA1000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CBB2000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CBB4000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CBB6000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CBC0000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CBC0000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CBC1000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CBD2000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CBD4000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CBD6000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CBE0000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CBE0000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CBE1000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CBF2000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CBF4000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CBF6000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CC00000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CC00000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CC01000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CC12000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CC14000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CC16000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CC20000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CC20000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CC21000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CC32000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CC34000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CC36000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CC40000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CC40000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CC41000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CC52000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CC54000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CC56000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CC60000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CC60000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CC61000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CC72000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CC74000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CC76000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CC80000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CC80000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CC81000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CC92000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CC94000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CC96000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CCA0000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CCA0000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CCA1000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CCB2000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CCB4000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CCB6000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CCC0000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CCC0000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CCC1000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CCD2000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CCD4000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CCD6000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CCE0000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CCE0000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CCE1000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CCF2000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CCF4000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CCF6000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CD00000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CD00000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CD01000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CD12000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CD14000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CD16000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CD20000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CD20000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CD21000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CD32000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CD34000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CD36000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CD40000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CD40000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CD41000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CD52000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CD54000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CD56000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CD60000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CD60000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CD61000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CD72000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CD74000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CD76000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CD80000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CD80000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CD81000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CD92000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CD94000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CD96000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CDA0000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CDA0000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CDA1000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CDB2000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CDB4000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CDB6000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CDC0000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CDC0000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CDC1000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CDD2000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CDD4000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CDD6000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CDE0000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CDE0000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CDE1000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CDF2000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CDF4000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CDF6000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CE00000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CE00000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CE01000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CE12000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CE14000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CE16000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CE20000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CE20000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CE21000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CE32000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CE34000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CE36000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CE40000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CE40000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CE41000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CE52000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CE54000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CE56000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CE60000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CE60000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CE61000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CE72000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CE74000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CE76000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CE80000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CE80000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CE81000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CE92000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CE94000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CE96000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CEA0000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CEA0000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CEA1000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CEB2000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CEB4000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CEB6000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CEC0000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CEC0000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CEC1000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CED2000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CED4000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CED6000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CEE0000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CEE0000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CEE1000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CEF2000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CEF4000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CEF6000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CF00000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CF00000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CF01000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CF12000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CF14000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CF16000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CF20000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CF20000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CF21000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CF32000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CF34000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CF36000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CF40000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CF40000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CF41000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CF52000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CF54000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CF56000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CF60000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CF60000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CF61000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CF72000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CF74000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CF76000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CF80000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CF80000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CF81000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CF92000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CF94000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CF96000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CFA0000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CFA0000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CFA1000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CFB2000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CFB4000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CFB6000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CFC0000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CFC0000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CFC1000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CFD2000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CFD4000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CFD6000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CFE0000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CFE0000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CFE1000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CFF2000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CFF4000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: CFF6000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D000000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D000000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D001000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D012000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D014000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D016000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D020000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D020000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D021000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D032000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D034000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D036000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D040000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D040000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D041000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D052000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D054000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D056000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D060000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D060000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D061000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D072000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D074000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D076000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D080000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D080000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D081000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D092000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D094000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D096000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D0A0000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D0A0000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D0A1000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D0B2000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D0B4000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D0B6000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D0C0000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D0C0000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D0C1000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D0D2000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D0D4000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D0D6000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D0E0000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D0E0000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D0E1000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D0F2000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D0F4000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D0F6000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D100000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D100000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D101000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D112000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D114000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D116000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D120000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D120000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D121000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D132000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D134000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D136000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D140000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D140000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D141000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D152000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D154000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D156000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D160000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D160000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D161000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D172000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D174000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D176000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D180000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D180000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D181000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D192000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D194000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D196000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D1A0000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D1A0000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D1A1000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D1B2000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D1B4000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D1B6000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D1C0000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D1C0000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D1C1000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D1D2000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D1D4000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D1D6000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D1E0000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D1E0000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D1E1000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D1F2000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D1F4000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D1F6000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D200000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D200000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D201000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D212000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D214000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D216000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D220000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D220000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D221000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D232000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D234000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D236000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D240000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D240000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D241000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D252000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D254000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D256000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D260000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D260000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D261000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D272000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D274000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D276000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D280000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D280000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D281000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D292000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D294000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D296000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D2A0000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D2A0000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D2A1000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D2B2000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D2B4000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D2B6000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D2C0000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D2C0000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D2C1000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D2D2000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D2D4000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D2D6000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D2E0000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D2E0000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D2E1000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D2F2000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D2F4000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D2F6000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D300000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D300000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D301000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D312000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D314000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D316000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D320000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D320000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D321000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D332000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D334000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D336000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D340000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D340000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D341000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D352000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D354000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D356000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D360000 protect: page no access			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D360000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D361000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D372000 protect: page read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory allocated: C:\Windows\System32\winlogon.exe base: D374000 protect: page read and write			Jump to behavior

Changes memory attributes in foreign processes to executable or writable

Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: 400000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: 401000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: 412000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: 414000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: 416000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: C940000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: C941000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: C952000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: C954000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: C956000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: C960000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: C961000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: C972000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: C974000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: C976000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: C980000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: C981000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: C992000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: C994000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: C996000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: C9A0000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: C9A1000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: C9B2000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: C9B4000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: C9B6000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: C9C0000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: C9C1000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: C9D2000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: C9D4000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: C9D6000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: C9E0000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: C9E1000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: C9F2000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: C9F4000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: C9F6000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CA00000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CA01000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CA12000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CA14000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CA16000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CA20000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CA21000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CA32000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CA34000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CA36000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CA40000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CA41000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CA52000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CA54000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CA56000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CA60000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CA61000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CA72000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CA74000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CA76000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CA80000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CA81000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CA92000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CA94000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CA96000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CAA0000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CAA1000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CAB2000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CAB4000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CAB6000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CAC0000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CAC1000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CAD2000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CAD4000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CAD6000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CAE0000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CAE1000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CAF2000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CAF4000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CAF6000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CB00000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CB01000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CB12000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CB14000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CB16000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CB20000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CB21000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CB32000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CB34000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CB36000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CB40000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CB41000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CB52000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CB54000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CB56000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CB60000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CB61000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CB72000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CB74000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CB76000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CB80000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CB81000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CB92000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CB94000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CB96000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CBA0000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CBA1000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CBB2000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CBB4000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CBB6000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CBC0000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CBC1000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CBD2000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CBD4000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CBD6000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CBE0000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CBE1000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CBF2000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CBF4000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CBF6000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CC00000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CC01000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CC12000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CC14000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CC16000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CC20000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CC21000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CC32000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CC34000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CC36000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CC40000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CC41000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CC52000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CC54000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CC56000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CC60000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CC61000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CC72000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CC74000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CC76000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CC80000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CC81000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CC92000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CC94000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CC96000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CCA0000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CCA1000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CCB2000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CCB4000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CCB6000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CCC0000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CCC1000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CCD2000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CCD4000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CCD6000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CCE0000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CCE1000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CCF2000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CCF4000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CCF6000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CD00000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CD01000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CD12000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CD14000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CD16000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CD20000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CD21000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CD32000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CD34000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CD36000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CD40000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CD41000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CD52000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CD54000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CD56000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CD60000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CD61000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CD72000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CD74000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CD76000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CD80000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CD81000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CD92000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CD94000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CD96000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CDA0000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CDA1000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CDB2000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CDB4000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CDB6000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CDC0000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CDC1000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CDD2000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CDD4000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CDD6000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CDE0000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CDE1000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CDF2000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CDF4000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CDF6000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CE00000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CE01000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CE12000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CE14000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CE16000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CE20000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CE21000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CE32000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CE34000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CE36000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CE40000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CE41000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CE52000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CE54000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CE56000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CE60000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CE61000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CE72000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CE74000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CE76000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CE80000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CE81000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CE92000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CE94000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CE96000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CEA0000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CEA1000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CEB2000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CEB4000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CEB6000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CEC0000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CEC1000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CED2000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CED4000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CED6000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CEE0000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CEE1000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CEF2000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CEF4000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CEF6000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CF00000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CF01000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CF12000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CF14000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CF16000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CF20000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CF21000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CF32000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CF34000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CF36000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CF40000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CF41000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CF52000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CF54000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CF56000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CF60000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CF61000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CF72000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CF74000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CF76000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CF80000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CF81000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CF92000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CF94000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CF96000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CFA0000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CFA1000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CFB2000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CFB4000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CFB6000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CFC0000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CFC1000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CFD2000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CFD4000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CFD6000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CFE0000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CFE1000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CFF2000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CFF4000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: CFF6000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D000000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D001000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D012000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D014000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D016000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D020000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D021000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D032000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D034000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D036000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D040000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D041000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D052000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D054000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D056000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D060000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D061000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D072000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D074000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D076000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D080000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D081000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D092000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D094000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D096000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D0A0000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D0A1000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D0B2000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D0B4000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D0B6000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D0C0000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D0C1000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D0D2000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D0D4000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D0D6000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D0E0000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D0E1000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D0F2000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D0F4000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D0F6000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D100000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D101000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D112000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D114000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D116000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D120000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D121000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D132000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D134000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D136000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D140000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D141000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D152000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D154000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D156000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D160000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D161000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D172000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D174000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D176000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D180000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D181000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D192000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D194000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D196000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D1A0000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D1A1000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D1B2000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D1B4000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D1B6000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D1C0000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D1C1000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D1D2000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D1D4000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D1D6000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D1E0000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D1E1000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D1F2000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D1F4000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D1F6000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D200000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D201000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D212000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D214000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D216000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D220000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D221000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D232000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D234000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D236000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D240000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D241000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D252000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D254000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D256000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D260000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D261000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D272000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D274000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D276000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D280000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D281000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D292000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D294000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D296000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D2A0000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D2A1000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D2B2000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D2B4000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D2B6000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D2C0000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D2C1000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D2D2000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D2D4000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D2D6000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D2E0000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D2E1000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D2F2000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D2F4000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D2F6000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D300000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D301000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D312000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D314000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D316000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D320000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D321000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D332000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D334000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D336000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D340000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D341000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D352000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D354000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D356000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D360000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D361000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D372000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D374000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D376000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D380000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D381000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D392000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D394000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D396000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D3A0000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D3A1000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D3B2000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D3B4000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D3B6000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D3C0000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D3C1000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D3D2000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D3D4000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D3D6000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D3E0000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D3E1000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D3F2000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D3F4000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D3F6000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D400000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D401000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D412000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D414000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D416000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D420000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D421000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D432000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D434000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D436000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D440000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D441000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D452000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D454000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D456000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D460000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D461000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D472000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D474000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D476000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D480000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D481000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D492000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D494000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D496000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D4A0000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D4A1000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D4B2000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D4B4000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D4B6000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D4C0000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D4C1000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D4D2000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D4D4000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D4D6000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D4E0000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D4E1000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D4F2000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D4F4000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D4F6000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D500000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D501000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D512000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D514000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D516000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D520000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D521000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D532000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D534000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D536000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D540000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D541000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D552000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D554000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D556000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D560000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D561000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D572000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D574000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D576000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D580000 protect: page readonly			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D581000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D592000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D594000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory protected: C:\Windows\System32\winlogon.exe base: D596000 protect: page execute and read and write			Jump to behavior

Contains functionality to change the desktop window for a process (likely to hide graphical interactions)

Source: C:\Users\user\Desktop\Ue0N2amgcH.exe

Code function: 0_2_00409EE6 OpenWindowStationA,SetProcessWindowStation,OpenDesktopA,SetThreadDesktop,CloseDesktop,CloseWindowStation,

0_2_00409EE6

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: 400000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: C940000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: C960000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: C980000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: C9A0000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: C9C0000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: C9E0000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CA00000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CA20000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CA40000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CA60000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CA80000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CAA0000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CAC0000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CAE0000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CB00000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CB20000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CB40000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CB60000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CB80000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CBA0000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CBC0000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CBE0000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CC00000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CC20000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CC40000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CC60000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CC80000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CCA0000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CCC0000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CCE0000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CD00000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CD20000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CD40000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CD60000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CD80000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CDA0000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CDC0000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CDE0000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CE00000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CE20000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CE40000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CE60000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CE80000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CEA0000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CEC0000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CEE0000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CF00000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CF20000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CF40000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CF60000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CF80000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CFA0000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CFC0000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CFE0000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D000000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D020000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D040000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D060000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D080000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D0A0000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D0C0000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D0E0000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D100000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D120000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D140000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D160000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D180000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D1A0000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D1C0000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D1E0000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D200000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D220000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D240000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D260000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D280000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D2A0000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D2C0000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D2E0000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D300000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D320000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D340000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D360000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D380000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D3A0000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D3C0000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D3E0000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D400000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D420000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D440000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D460000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D480000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D4A0000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D4C0000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D4E0000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D500000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D520000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D540000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D560000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D580000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D5A0000 value starts with: 4D5A			Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: 400000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: 401000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: 412000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: 414000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: 416000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: C940000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: C941000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: C952000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: C954000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: C956000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: C960000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: C961000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: C972000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: C974000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: C976000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: C980000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: C981000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: C992000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: C994000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: C996000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: C9A0000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: C9A1000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: C9B2000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: C9B4000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: C9B6000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: C9C0000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: C9C1000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: C9D2000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: C9D4000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: C9D6000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: C9E0000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: C9E1000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: C9F2000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: C9F4000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: C9F6000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CA00000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CA01000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CA12000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CA14000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CA16000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CA20000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CA21000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CA32000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CA34000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CA36000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CA40000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CA41000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CA52000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CA54000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CA56000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CA60000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CA61000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CA72000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CA74000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CA76000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CA80000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CA81000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CA92000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CA94000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CA96000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CAA0000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CAA1000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CAB2000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CAB4000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CAB6000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CAC0000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CAC1000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CAD2000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CAD4000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CAD6000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CAE0000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CAE1000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CAF2000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CAF4000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CAF6000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CB00000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CB01000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CB12000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CB14000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CB16000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CB20000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CB21000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CB32000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CB34000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CB36000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CB40000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CB41000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CB52000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CB54000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CB56000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CB60000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CB61000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CB72000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CB74000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CB76000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CB80000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CB81000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CB92000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CB94000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CB96000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CBA0000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CBA1000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CBB2000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CBB4000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CBB6000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CBC0000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CBC1000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CBD2000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CBD4000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CBD6000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CBE0000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CBE1000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CBF2000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CBF4000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CBF6000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CC00000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CC01000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CC12000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CC14000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CC16000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CC20000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CC21000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CC32000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CC34000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CC36000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CC40000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CC41000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CC52000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CC54000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CC56000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CC60000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CC61000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CC72000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CC74000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CC76000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CC80000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CC81000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CC92000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CC94000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CC96000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CCA0000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CCA1000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CCB2000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CCB4000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CCB6000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CCC0000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CCC1000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CCD2000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CCD4000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CCD6000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CCE0000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CCE1000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CCF2000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CCF4000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CCF6000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CD00000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CD01000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CD12000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CD14000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CD16000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CD20000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CD21000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CD32000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CD34000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CD36000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CD40000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CD41000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CD52000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CD54000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CD56000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CD60000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CD61000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CD72000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CD74000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CD76000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CD80000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CD81000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CD92000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CD94000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CD96000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CDA0000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CDA1000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CDB2000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CDB4000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CDB6000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CDC0000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CDC1000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CDD2000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CDD4000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CDD6000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CDE0000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CDE1000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CDF2000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CDF4000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CDF6000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CE00000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CE01000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CE12000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CE14000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CE16000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CE20000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CE21000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CE32000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CE34000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CE36000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CE40000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CE41000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CE52000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CE54000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CE56000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CE60000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CE61000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CE72000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CE74000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CE76000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CE80000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CE81000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CE92000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CE94000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CE96000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CEA0000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CEA1000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CEB2000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CEB4000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CEB6000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CEC0000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CEC1000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CED2000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CED4000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CED6000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CEE0000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CEE1000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CEF2000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CEF4000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CEF6000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CF00000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CF01000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CF12000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CF14000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CF16000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CF20000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CF21000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CF32000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CF34000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CF36000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CF40000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CF41000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CF52000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CF54000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CF56000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CF60000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CF61000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CF72000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CF74000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CF76000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CF80000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CF81000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CF92000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CF94000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CF96000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CFA0000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CFA1000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CFB2000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CFB4000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CFB6000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CFC0000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CFC1000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CFD2000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CFD4000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CFD6000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CFE0000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CFE1000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CFF2000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CFF4000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: CFF6000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D000000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D001000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D012000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D014000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D016000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D020000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D021000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D032000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D034000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D036000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D040000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D041000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D052000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D054000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D056000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D060000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D061000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D072000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D074000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D076000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D080000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D081000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D092000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D094000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D096000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D0A0000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D0A1000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D0B2000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D0B4000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D0B6000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D0C0000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D0C1000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D0D2000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D0D4000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D0D6000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D0E0000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D0E1000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D0F2000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D0F4000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D0F6000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D100000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D101000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D112000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D114000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D116000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D120000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D121000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D132000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D134000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D136000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D140000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D141000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D152000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D154000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D156000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D160000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D161000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D172000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D174000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D176000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D180000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D181000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D192000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D194000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D196000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D1A0000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D1A1000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D1B2000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D1B4000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D1B6000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D1C0000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D1C1000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D1D2000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D1D4000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D1D6000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D1E0000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D1E1000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D1F2000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D1F4000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D1F6000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D200000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D201000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D212000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D214000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D216000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D220000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D221000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D232000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D234000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D236000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D240000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D241000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D252000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D254000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D256000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D260000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D261000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D272000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D274000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D276000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D280000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D281000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D292000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D294000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D296000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D2A0000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D2A1000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D2B2000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D2B4000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D2B6000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D2C0000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D2C1000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D2D2000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D2D4000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D2D6000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D2E0000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D2E1000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D2F2000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D2F4000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D2F6000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D300000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D301000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D312000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D314000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D316000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D320000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D321000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D332000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D334000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D336000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D340000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D341000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D352000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D354000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D356000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D360000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D361000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D372000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D374000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D376000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D380000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D381000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D392000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D394000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D396000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D3A0000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D3A1000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D3B2000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D3B4000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D3B6000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D3C0000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D3C1000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D3D2000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D3D4000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D3D6000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D3E0000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D3E1000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D3F2000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D3F4000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D3F6000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D400000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D401000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D412000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D414000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D416000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D420000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D421000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D432000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D434000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D436000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D440000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D441000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D452000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D454000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D456000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D460000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D461000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D472000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D474000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D476000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D480000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D481000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D492000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D494000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D496000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D4A0000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D4A1000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D4B2000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D4B4000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D4B6000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D4C0000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D4C1000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D4D2000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D4D4000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D4D6000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D4E0000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D4E1000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D4F2000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D4F4000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D4F6000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D500000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D501000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D512000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D514000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D516000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D520000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D521000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D532000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D534000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D536000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D540000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D541000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D552000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D554000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D556000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D560000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D561000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D572000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D574000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D576000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D580000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D581000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D592000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D594000			Jump to behavior
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Memory written: C:\Windows\System32\winlogon.exe base: D596000			Jump to behavior

Contains functionality to add an ACL to a security descriptor

Source: C:\Users\user\Desktop\Ue0N2amgcH.exe

Code function: 0_2_004105E8 InitializeSecurityDescriptor,SetSecurityDescriptorDacl,

0_2_004105E8

May try to detect the Windows Explorer process (often used for injection)

Source: Ue0N2amgcH.exe, 00000000.00000002.463822693.0000000000D90000.00000002.00000001.sdmp, winlogon.exe, 00000002.00000000.198836928.000002388D3F0000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: Ue0N2amgcH.exe, 00000000.00000002.463822693.0000000000D90000.00000002.00000001.sdmp, winlogon.exe, 00000002.00000000.198836928.000002388D3F0000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: Ue0N2amgcH.exe, 00000000.00000002.463822693.0000000000D90000.00000002.00000001.sdmp, winlogon.exe, 00000002.00000000.198836928.000002388D3F0000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: Ue0N2amgcH.exe, 00000000.00000002.463822693.0000000000D90000.00000002.00000001.sdmp, winlogon.exe, 00000002.00000000.198836928.000002388D3F0000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Language, Device and Operating System Detection:

Contains functionality to create pipes for IPC

Source: C:\Users\user\Desktop\Ue0N2amgcH.exe

Code function: 0_2_00409115 RtlAllocateHeap,CreateNamedPipeW,CreateEventW,CreateEventW,CloseHandle,CloseHandle,CloseHandle,WaitForSingleObject,

0_2_00409115

Contains functionality to query local / system time

Source: C:\Users\user\Desktop\Ue0N2amgcH.exe

Code function: 0_2_0040B44D RtlAllocateHeap,CreateEventW,InternetQueryOptionA,InternetSetStatusCallback,InternetSetOptionA,InternetReadFileExA,GetLastError,DispatchMessageW,PeekMessageW,MsgWaitForMultipleObjects,ResetEvent,InternetSetOptionA,InternetSetStatusCallback,CloseHandle,InternetQueryOptionA,InternetCrackUrlA,GetSystemTime,wnsprintfW,GetSystemTime,InternetQueryOptionA,GetUrlCacheEntryInfoW,RtlEnterCriticalSection,RtlLeaveCriticalSection,

0_2_0040B44D

Contains functionality to query the account / user name

Source: C:\Users\user\Desktop\Ue0N2amgcH.exe

Code function: 0_2_00409475 HeapCreate,GetProcessHeap,RtlAllocateHeap,GetCurrentProcessId,IsBadHugeReadPtr,GetUserDefaultUILanguage,GetUserNameW,

0_2_00409475

Contains functionality to query time zone information

Source: C:\Users\user\Desktop\Ue0N2amgcH.exe

Code function: 0_2_0040D054 GetTimeZoneInformation,

0_2_0040D054

Contains functionality to query windows version

Source: C:\Users\user\Desktop\Ue0N2amgcH.exe

Code function: 0_2_004106B9 GetTickCount,GetVersionExW,GetUserDefaultUILanguage,GetModuleFileNameW,

0_2_004106B9

Remote Access Functionality:

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Code function: 0_2_0040E457 socket,bind,closesocket,		0_2_0040E457
Source: C:\Users\user\Desktop\Ue0N2amgcH.exe	Code function: 0_2_0040E2D4 socket,bind,listen,closesocket,		0_2_0040E2D4