Windows Analysis Report
CjFaGVmupj.exe

Overview

General Information

Sample name: CjFaGVmupj.exe
renamed because original name is a hash value
Original sample name: 48630e76e438952a2030f1db408993e088839a801243b5d42e559afda4189f33.exe
Analysis ID: 1526556
MD5: 889e6365d82a9a89b6c8c86d672b8f0c
SHA1: 59e293623e4fb828a29fb982d5ac9a4f993abc3b
SHA256: 48630e76e438952a2030f1db408993e088839a801243b5d42e559afda4189f33
Tags: DoubleFaceTeamexeransomwareuser-JAMESWT_MHT
Infos:

Detection

Score: 76
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Disable Windows Defender real time protection (registry)
Drops PE files to the startup folder
Excessive usage of taskkill to terminate processes
Installs a global keyboard hook
Modifies existing user documents (likely ransomware behavior)
Checks for available system drives (often done to infect USB drives)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Startup Folder File Write
Sigma detected: Suspicious desktop.ini Action
Stores files to the Windows start menu directory
Too many similar processes found
Uses taskkill to terminate processes

Classification

AV Detection
barindex
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CjFaGVmupj.exe Virustotal: Detection: 15% Perma Link
Multi AV Scanner detection for submitted file
Source: CjFaGVmupj.exe Virustotal: Detection: 15% Perma Link
Source: CjFaGVmupj.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Checks for available system drives (often done to infect USB drives)
Source: C:\Users\user\Desktop\CjFaGVmupj.exe File opened: z: Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe File opened: x: Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe File opened: v: Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe File opened: t: Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe File opened: r: Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe File opened: p: Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe File opened: n: Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe File opened: l: Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe File opened: j: Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe File opened: h: Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe File opened: f: Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe File opened: b: Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe File opened: y: Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe File opened: w: Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe File opened: u: Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe File opened: s: Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe File opened: q: Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe File opened: o: Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe File opened: m: Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe File opened: k: Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe File opened: i: Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe File opened: g: Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe File opened: e: Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe File opened: a: Jump to behavior
Source: CjFaGVmupj.exe, CjFaGVmupj.exe.invisible.0.dr, CjFaGVmupj.exe.0.dr String found in binary or memory: https://t.me/

Key, Mouse, Clipboard, Microphone and Screen Capturing
barindex
Installs a global keyboard hook
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Windows user hook set: 0 keyboard low level C:\Users\user\Desktop\CjFaGVmupj.exe Jump to behavior

Spam, unwanted Advertisements and Ransom Demands
barindex
Modifies existing user documents (likely ransomware behavior)
Source: C:\Users\user\Desktop\CjFaGVmupj.exe File deleted: C:\Users\user\Desktop\NWTVCDUMOB.pdf Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe File deleted: C:\Users\user\Desktop\DTBZGIOOSO\ONBQCLYSPU.pdf Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe File deleted: C:\Users\user\Desktop\FENIVHOIKN.mp3 Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe File deleted: C:\Users\user\Desktop\UOOJJOZIRH.mp3 Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe File deleted: C:\Users\user\Desktop\KATAXZVCPS.mp3 Jump to behavior
Too many similar processes found
Source: cmd.exe Process created: 543
Source: NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TM.blf.invisible.0.dr Binary string: \Device\HarddiskVolume3\Users\user\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TM.blf
Source: classification engine Classification label: mal76.rans.adwa.spyw.evad.winEXE@997/171@0/0
Source: C:\Users\user\Desktop\CjFaGVmupj.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CjFaGVmupj.exe Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6220:120:WilError_03
Source: C:\Users\user\Desktop\CjFaGVmupj.exe File created: C:\Users\user\AppData\Local\Temp\tmp.bmp Jump to behavior
Source: CjFaGVmupj.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Users\user\Desktop\CjFaGVmupj.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: CjFaGVmupj.exe Virustotal: Detection: 15%
Source: C:\Users\user\Desktop\CjFaGVmupj.exe File read: C:\Users\user\Desktop\CjFaGVmupj.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\CjFaGVmupj.exe "C:\Users\user\Desktop\CjFaGVmupj.exe"
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\taskkill.exe Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: version.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exe Section loaded: amsi.dll
Source: C:\Users\user\Desktop\CjFaGVmupj.exe File written: C:\Users\user\AppData\Roaming\desktop.ini Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: CjFaGVmupj.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: CjFaGVmupj.exe Static PE information: Image base 0x140000000 > 0x60000000
Source: CjFaGVmupj.exe Static file information: File size 9433088 > 1048576
Source: CjFaGVmupj.exe Static PE information: Raw size of .text is bigger than: 0x100000 < 0x134c00
Source: CjFaGVmupj.exe Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x76e000
Source: CjFaGVmupj.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
PE file contains sections with non-standard names
Source: CjFaGVmupj.exe Static PE information: section name: .msvcjmc
Source: CjFaGVmupj.exe Static PE information: section name: .00cfg
Source: CjFaGVmupj.exe.0.dr Static PE information: section name: .msvcjmc
Source: CjFaGVmupj.exe.0.dr Static PE information: section name: .00cfg
Drops PE files
Source: C:\Users\user\Desktop\CjFaGVmupj.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CjFaGVmupj.exe Jump to dropped file

Boot Survival
barindex
Drops PE files to the startup folder
Source: C:\Users\user\Desktop\CjFaGVmupj.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CjFaGVmupj.exe Jump to dropped file
Creates a start menu entry (Start Menu\Programs\Startup)
Source: C:\Users\user\Desktop\CjFaGVmupj.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CjFaGVmupj.exe Jump to behavior
Stores files to the Windows start menu directory
Source: C:\Users\user\Desktop\CjFaGVmupj.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CjFaGVmupj.exe Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CjFaGVmupj.exe\:Zone.Identifier:$DATA Jump to behavior
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exe Process information set: NOOPENFILEERRORBOX
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Windows\System32\conhost.exe Window / User API: threadDelayed 579 Jump to behavior
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\CjFaGVmupj.exe TID: 2536 Thread sleep time: -193000s >= -30000s Jump to behavior
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Enables debug privileges
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\System32\taskkill.exe Process token adjusted: Debug

HIPS / PFW / Operating System Protection Evasion
barindex
Excessive usage of taskkill to terminate processes
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Creates a process in suspended mode (likely to inject code)
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Uses taskkill to terminate processes
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t

Lowering of HIPS / PFW / Operating System Security Settings
barindex
Disable Windows Defender real time protection (registry)
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection Registry value created: DisableRealtimeMonitoring 1 Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection Registry value created: DisableIOAVProtection 1 Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1526556 Sample: CjFaGVmupj.exe Startdate: 06/10/2024 Architecture: WINDOWS Score: 76 40 Multi AV Scanner detection for dropped file 2->40 42 Multi AV Scanner detection for submitted file 2->42 7 CjFaGVmupj.exe 2 264 2->7         started        process3 file4 34 C:\Users\user\AppData\...\CjFaGVmupj.exe, PE32+ 7->34 dropped 36 C:\Users\user\...\CjFaGVmupj.exe.invisible, data 7->36 dropped 38 C:\Users\...\CjFaGVmupj.exe:Zone.Identifier, ASCII 7->38 dropped 44 Drops PE files to the startup folder 7->44 46 Excessive usage of taskkill to terminate processes 7->46 48 Disable Windows Defender real time protection (registry) 7->48 50 2 other signatures 7->50 11 cmd.exe 1 7->11         started        14 cmd.exe 7->14         started        16 cmd.exe 7->16         started        18 294 other processes 7->18 signatures5 process6 signatures7 52 Excessive usage of taskkill to terminate processes 11->52 20 taskkill.exe 1 11->20         started        22 taskkill.exe 1 14->22         started        24 taskkill.exe 1 16->24         started        26 taskkill.exe 1 18->26         started        28 taskkill.exe 1 18->28         started        30 taskkill.exe 1 18->30         started        32 229 other processes 18->32 process8
No contacted IP infos