Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
CjFaGVmupj.exe

Overview

General Information

Sample name:CjFaGVmupj.exe
renamed because original name is a hash value
Original sample name:48630e76e438952a2030f1db408993e088839a801243b5d42e559afda4189f33.exe
Analysis ID:1526556
MD5:889e6365d82a9a89b6c8c86d672b8f0c
SHA1:59e293623e4fb828a29fb982d5ac9a4f993abc3b
SHA256:48630e76e438952a2030f1db408993e088839a801243b5d42e559afda4189f33
Tags:DoubleFaceTeamexeransomwareuser-JAMESWT_MHT
Infos:

Detection

Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Disable Windows Defender real time protection (registry)
Drops PE files to the startup folder
Excessive usage of taskkill to terminate processes
Installs a global keyboard hook
Modifies existing user documents (likely ransomware behavior)
Checks for available system drives (often done to infect USB drives)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Startup Folder File Write
Sigma detected: Suspicious desktop.ini Action
Stores files to the Windows start menu directory
Too many similar processes found
Uses taskkill to terminate processes

Classification

Process Tree

  • System is w10x64
  • CjFaGVmupj.exe (PID: 6264 cmdline: "C:\Users\user\Desktop\CjFaGVmupj.exe" MD5: 889E6365D82A9A89B6C8C86D672B8F0C)
    • conhost.exe (PID: 6220 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 2172 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 1748 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 2316 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 3020 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 4588 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 2504 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 1420 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 2676 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6596 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 6424 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3320 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 1740 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 2000 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 3020 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 2256 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 4348 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 5664 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 1596 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6424 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 3220 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 404 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 1196 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 4544 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 6204 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 1312 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 4192 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3052 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 2696 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3152 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 764 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3192 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 3020 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 5436 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 5664 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 2108 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 1196 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3060 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 4548 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6984 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 4888 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 1596 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 2212 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 4296 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 7112 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 2368 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 2828 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 5300 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 3060 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 4284 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 2912 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6204 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 3020 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6208 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 352 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 5844 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 6344 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 1396 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 5776 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 5756 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 4020 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 1440 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 1196 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 2784 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 5264 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 2056 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 6568 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6912 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 6932 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6480 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 2084 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 1020 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 3412 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 1596 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 2676 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3756 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 1060 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 5776 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 1396 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 1984 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 4020 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 1272 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 2648 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3396 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 3236 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3796 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 6404 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 1420 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 6932 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 332 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 3140 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6480 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 4040 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3052 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 1740 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3320 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 6344 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 5780 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 5376 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 5440 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 2848 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3176 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 2176 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 2252 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 2920 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3896 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 5776 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 2336 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 3916 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 4904 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 1456 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 5292 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 3336 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 1196 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 1272 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3120 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 2800 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 1860 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 6384 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3396 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 2932 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6268 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 1004 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 5480 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 2164 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 2084 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 1668 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3636 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 5968 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 4408 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 1244 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 5436 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 6504 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3220 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 6008 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6964 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 3756 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 2024 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 2176 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6072 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 2668 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7140 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 4020 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 5800 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 3344 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3684 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 1456 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3288 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 3584 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 2368 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 5080 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 4476 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 5304 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 4092 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 2800 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3060 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 2364 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 5348 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 6404 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 1508 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 6912 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 2692 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 5168 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 5264 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 2484 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3084 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 3140 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6104 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 1244 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 4280 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 732 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 5324 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 4348 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 5076 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 5844 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 5436 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 3852 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 5672 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 3128 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 5812 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 3384 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 1640 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 1284 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 4048 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 4124 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6596 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 1848 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6176 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 6180 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 1988 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 6260 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6312 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 6408 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3632 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 6536 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6968 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 6580 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6560 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 6656 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6744 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 6816 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6832 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 6788 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6888 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 6996 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7120 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 7160 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3176 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 1784 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 2104 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 3736 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 2668 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 6072 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 5756 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 2648 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 2088 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 1892 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3588 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 2368 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 5496 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 2568 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3156 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 2996 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 888 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 5292 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 4080 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 6516 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 2792 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 6348 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 4476 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 4128 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 5300 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 2476 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6020 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 6480 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3888 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 3808 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 1004 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 3384 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 4336 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 5460 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3812 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 2200 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 5124 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 2924 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 4852 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 6160 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 2084 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 3412 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6204 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 6564 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 4588 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 6760 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 4040 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 3496 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6424 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 5040 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3652 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 1748 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 4348 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 3320 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 1012 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 5672 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 1856 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 2848 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3852 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 4904 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3492 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 2180 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3272 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 4428 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 5500 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 7736 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 2004 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 7596 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6352 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 7588 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6180 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 7760 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 884 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 7440 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 1988 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 7868 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6164 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 7876 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6176 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 7752 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6244 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 8312 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6372 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 7432 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6472 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 8556 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6688 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 6968 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6772 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 7884 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 1068 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 5848 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 1060 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 8572 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6828 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 8368 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6864 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 8400 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6152 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 9204 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7076 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 8392 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7016 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 8376 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6996 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 8384 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6832 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 8352 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 1716 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 2828 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 6812 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 8360 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7036 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 9212 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 2844 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 9700 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 2088 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 9556 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 5696 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 9848 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 4268 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 2368 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3336 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 9084 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 340 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 9828 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 1272 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 9092 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 5800 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 9548 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3236 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 9928 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 2364 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 9448 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 5924 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 7208 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 5080 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 10004 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3732 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 9920 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 3704 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 9936 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 5000 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 9944 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7180 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 9952 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7196 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 10200 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7216 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 10192 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7248 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 9012 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7264 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 9976 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7272 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 7476 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7280 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 7388 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7296 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 10208 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7328 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 10216 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7336 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 9960 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7352 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 9968 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7380 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 7484 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7396 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 10600 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7512 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 10424 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7528 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 9188 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7540 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 9752 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7564 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 9760 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7580 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 10432 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7612 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 7788 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7624 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 8548 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7632 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 10760 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7640 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 9856 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7648 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 10340 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7656 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 10576 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7672 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 10584 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7696 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 10592 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7720 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 10416 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7744 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 7900 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 10736 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7916 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 10744 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7924 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 10752 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7964 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 7972 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 10224 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 7988 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 8216 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 8004 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 8800 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 8012 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 8224 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 8024 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 10616 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 8044 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 8052 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 10464 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 8060 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 8080 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 10440 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 8100 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 6268 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 8112 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 1344 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 8140 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 10728 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 8148 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 9464 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 8156 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 10608 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 8164 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 10720 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 8176 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 10448 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 8184 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 10232 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 8204 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 9456 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 8248 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 6568 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 8256 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 8424 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 8276 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 8284 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 10472 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 8296 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 8320 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 8440 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 10496 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 8468 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 8480 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 8488 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 8500 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 8512 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 10480 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 8528 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 10488 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 8540 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 8564 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 10028 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 8616 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 8672 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 10012 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 8684 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 10020 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 8704 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 8732 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 10036 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 8740 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 8768 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 10456 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 8792 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 8828 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 10780 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 8900 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 8908 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 8916 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 8924 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 10788 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 8932 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 8940 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 8960 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 9116 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 9164 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 9196 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 9248 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 9324 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 9372 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 9440 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 9472 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 9564 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 9576 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 9584 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 9592 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 9600 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 9608 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 9624 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 9636 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 9668 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 9684 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 9692 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 9708 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 9720 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 9736 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 9744 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 9820 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 9836 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 9880 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 10044 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 10092 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 10104 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 10128 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 10144 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 10296 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 10356 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 10376 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 10392 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 10400 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 10408 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 10532 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
    • cmd.exe (PID: 10640 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • taskkill.exe (PID: 10824 cmdline: taskkill /f /im mmc.exe /t MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
    • cmd.exe (PID: 10832 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Startup Folder File Write
Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\Desktop\CjFaGVmupj.exe, ProcessId: 6264, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CjFaGVmupj.exe
Sigma detected: Suspicious desktop.ini Action
Source: File createdAuthor: Maxime Thiebaut (@0xThiebaut), Tim Shelton (HAWK.IO): Data: EventID: 11, Image: C:\Users\user\Desktop\CjFaGVmupj.exe, ProcessId: 6264, TargetFilename: C:\Users\user\AppData\Roaming\desktop.ini

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CjFaGVmupj.exeVirustotal: Detection: 15%Perma Link
Multi AV Scanner detection for submitted file
Source: CjFaGVmupj.exeVirustotal: Detection: 15%Perma Link
Source: CjFaGVmupj.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\CjFaGVmupj.exeFile opened: z:Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeFile opened: x:Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeFile opened: v:Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeFile opened: t:Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeFile opened: r:Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeFile opened: p:Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeFile opened: n:Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeFile opened: l:Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeFile opened: j:Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeFile opened: h:Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeFile opened: f:Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeFile opened: b:Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeFile opened: y:Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeFile opened: w:Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeFile opened: u:Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeFile opened: s:Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeFile opened: q:Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeFile opened: o:Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeFile opened: m:Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeFile opened: k:Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeFile opened: i:Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeFile opened: g:Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeFile opened: e:Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeFile opened: a:Jump to behavior
Source: CjFaGVmupj.exe, CjFaGVmupj.exe.invisible.0.dr, CjFaGVmupj.exe.0.drString found in binary or memory: https://t.me/

Key, Mouse, Clipboard, Microphone and Screen Capturing

barindex
Installs a global keyboard hook
Source: C:\Users\user\Desktop\CjFaGVmupj.exeWindows user hook set: 0 keyboard low level C:\Users\user\Desktop\CjFaGVmupj.exeJump to behavior

Spam, unwanted Advertisements and Ransom Demands

barindex
Modifies existing user documents (likely ransomware behavior)
Source: C:\Users\user\Desktop\CjFaGVmupj.exeFile deleted: C:\Users\user\Desktop\NWTVCDUMOB.pdfJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeFile deleted: C:\Users\user\Desktop\DTBZGIOOSO\ONBQCLYSPU.pdfJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeFile deleted: C:\Users\user\Desktop\FENIVHOIKN.mp3Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeFile deleted: C:\Users\user\Desktop\UOOJJOZIRH.mp3Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeFile deleted: C:\Users\user\Desktop\KATAXZVCPS.mp3Jump to behavior
Source: cmd.exeProcess created: 543
Source: NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TM.blf.invisible.0.drBinary string: \Device\HarddiskVolume3\Users\user\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TM.blf
Source: classification engineClassification label: mal76.rans.adwa.spyw.evad.winEXE@997/171@0/0
Source: C:\Users\user\Desktop\CjFaGVmupj.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CjFaGVmupj.exeJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6220:120:WilError_03
Source: C:\Users\user\Desktop\CjFaGVmupj.exeFile created: C:\Users\user\AppData\Local\Temp\tmp.bmpJump to behavior
Source: CjFaGVmupj.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Users\user\Desktop\CjFaGVmupj.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: CjFaGVmupj.exeVirustotal: Detection: 15%
Source: C:\Users\user\Desktop\CjFaGVmupj.exeFile read: C:\Users\user\Desktop\CjFaGVmupj.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\CjFaGVmupj.exe "C:\Users\user\Desktop\CjFaGVmupj.exe"
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dll
Source: C:\Users\user\Desktop\CjFaGVmupj.exeFile written: C:\Users\user\AppData\Roaming\desktop.iniJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: CjFaGVmupj.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: CjFaGVmupj.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: CjFaGVmupj.exeStatic file information: File size 9433088 > 1048576
Source: CjFaGVmupj.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x134c00
Source: CjFaGVmupj.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x76e000
Source: CjFaGVmupj.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: CjFaGVmupj.exeStatic PE information: section name: .msvcjmc
Source: CjFaGVmupj.exeStatic PE information: section name: .00cfg
Source: CjFaGVmupj.exe.0.drStatic PE information: section name: .msvcjmc
Source: CjFaGVmupj.exe.0.drStatic PE information: section name: .00cfg
Source: C:\Users\user\Desktop\CjFaGVmupj.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CjFaGVmupj.exeJump to dropped file

Boot Survival

barindex
Drops PE files to the startup folder
Source: C:\Users\user\Desktop\CjFaGVmupj.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CjFaGVmupj.exeJump to dropped file
Source: C:\Users\user\Desktop\CjFaGVmupj.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CjFaGVmupj.exeJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CjFaGVmupj.exeJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CjFaGVmupj.exe\:Zone.Identifier:$DATAJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeWindow / User API: threadDelayed 579Jump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exe TID: 2536Thread sleep time: -193000s >= -30000sJump to behavior
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: Debug

HIPS / PFW / Operating System Protection Evasion

barindex
Excessive usage of taskkill to terminate processes
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\CjFaGVmupj.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im mmc.exe /t

Lowering of HIPS / PFW / Operating System Security Settings

barindex
Disable Windows Defender real time protection (registry)
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time ProtectionRegistry value created: DisableRealtimeMonitoring 1Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time ProtectionRegistry value created: DisableIOAVProtection 1Jump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Replication Through Removable Media		1
Windows Management Instrumentation		12
Registry Run Keys / Startup Folder		11
Process Injection		1
Masquerading		11
Input Capture		1
Security Software Discovery		Remote Services11
Input Capture		Data ObfuscationExfiltration Over Other Network Medium1
Data Encrypted for Impact
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		12
Registry Run Keys / Startup Folder		21
Disable or Modify Tools		LSASS Memory1
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
DLL Side-Loading		1
Virtualization/Sandbox Evasion		Security Account Manager1
Application Window Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
Bypass User Account Control		11
Process Injection		NTDS11
Peripheral Device Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA Secrets2
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Bypass User Account Control		Cached Domain Credentials2
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1526556 Sample: CjFaGVmupj.exe Startdate: 06/10/2024 Architecture: WINDOWS Score: 76 40 Multi AV Scanner detection for dropped file 2->40 42 Multi AV Scanner detection for submitted file 2->42 7 CjFaGVmupj.exe 2 264 2->7         started        process3 file4 34 C:\Users\user\AppData\...\CjFaGVmupj.exe, PE32+ 7->34 dropped 36 C:\Users\user\...\CjFaGVmupj.exe.invisible, data 7->36 dropped 38 C:\Users\...\CjFaGVmupj.exe:Zone.Identifier, ASCII 7->38 dropped 44 Drops PE files to the startup folder 7->44 46 Excessive usage of taskkill to terminate processes 7->46 48 Disable Windows Defender real time protection (registry) 7->48 50 2 other signatures 7->50 11 cmd.exe 1 7->11         started        14 cmd.exe 7->14         started        16 cmd.exe 7->16         started        18 294 other processes 7->18 signatures5 process6 signatures7 52 Excessive usage of taskkill to terminate processes 11->52 20 taskkill.exe 1 11->20         started        22 taskkill.exe 1 14->22         started        24 taskkill.exe 1 16->24         started        26 taskkill.exe 1 18->26         started        28 taskkill.exe 1 18->28         started        30 taskkill.exe 1 18->30         started        32 229 other processes 18->32 process8

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
CjFaGVmupj.exe15%VirustotalBrowse
CjFaGVmupj.exe5%ReversingLabsWin64.Ransomware.Generic

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CjFaGVmupj.exe5%ReversingLabsWin32.Trojan.Generic
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CjFaGVmupj.exe15%VirustotalBrowse

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://t.me/0%VirustotalBrowse

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://t.me/CjFaGVmupj.exe, CjFaGVmupj.exe.invisible.0.dr, CjFaGVmupj.exe.0.drfalseunknown

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1526556
Start date and time:2024-10-06 10:01:10 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 9m 45s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:538
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Sample name:CjFaGVmupj.exe
renamed because original name is a hash value
Original Sample Name:48630e76e438952a2030f1db408993e088839a801243b5d42e559afda4189f33.exe
Detection:MAL
Classification:mal76.rans.adwa.spyw.evad.winEXE@997/171@0/0
EGA Information:Failed
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 0
  • Number of non-executed functions: 0
Cookbook Comments:
  • Found application associated with file extension: .exe

Warnings

  • Connection to analysis system has been lost, crash info: Unknown
  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe
  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
  • Not all processes where analyzed, report is missing behavior information
  • Report size exceeded maximum capacity and may have missing behavior information.
  • Report size getting too big, too many NtOpenKey calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.
  • Report size getting too big, too many NtSetInformationFile calls found.
  • Report size getting too big, too many NtWriteVirtualMemory calls found.

Simulations

Behavior and APIs

TimeTypeDescription
04:02:38API Interceptor261x Sleep call for process: CjFaGVmupj.exe modified
09:02:05AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CjFaGVmupj.exe

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\Public\Documents\desktop.ini.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):1340
Entropy (8bit):5.46205676928564
Encrypted:false
SSDEEP:24:4BMH/GILGr92/VSK9myhsQHOIRvWOUbatNiMdLaj2flWb3xnV5UdfgyxFBmayn:4BcGILGA8yFhRe78d+2NWb3NwfgynA
MD5:1EC0C0DCF8D54549B8311EA58D10F966
SHA1:88A61AFD50667650FE4A65A3A164436D1DE6CB71
SHA-256:3F7C8043554AC9F6B99DAFCFCD7AC9DCB5B400950E8295809C6ED42DB450BAFE
SHA-512:584C2B42DD835AFB7174E6BC2391E0346336E654BE9B8F7B6539EC93299459C846970BCFDD3EF6C108ADE19A3B73720C404E941A082120C5B173B799F3791B1A
Malicious:false
Preview:w.D.70...E.8...S?..T-......J....2.W...`]#..X?.a..Y?U.e. ..F$J?.y..h.p..j.H.C. .>..7;YN.......M!.%P.l... ..........A......r.'.i.N....$...aj.V.....{X=}.^t..K..b...[.......s..k..Q.#..l./.#.. ......}.]|j.m..g[..7`. ./..b.f.9Zbp..;wX.).5.|S-..;....d....W)!yJ0..i.D.(..{......ul.d.-....So....O.....U./---*8+8*---9021c84367bdc192e5fcb2b64e488cb04c332a2d14c5b7b0a6d3302b1cfa59a41ed1142db46f32a1a3c8535e3c06a79e38635ce562294ea6e5fee09f5e0e77ba50abc2a6b3121d9302355eaceaca42b04b1cd1210689eb8d0edaf4e791550bfca13fb8f64d2df7caa2e596b145a49142934731c12a50a0752bf527eba4747fba984361dcaade97b6791fcb737dc021e8ab75cd8be8b47617c6eef5e646f0d4033bd9e115115fb6f4c7fc9aafac452598c8f49de5ac18f686556bdec87bde3a82eb5e4e2a72b647a70665da11f1fb30217b06a79c59993ad594a66a783d529ea8b226b99b3a113870b8d3c1bbd1d784770978b56261bd0119a01ed630d3565e6687e126b4b9204d2134f2dbcbbf098a0f629da99ddf4ad2a5db37e45608645467799c3a1f424cf2b75c697293a3b7a08ecb3653e61f7a178851290e767896a70c82c821d766c2e9ae3375239602ef3231ab6211a7c3693

C:\Users\Public\Downloads\desktop.ini.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):1228
Entropy (8bit):5.0730657434065325
Encrypted:false
SSDEEP:24:4BMH/GILGr92sjCsQHOIRvWOUbatNiMdLaj2flWb3xnV5UdfgyxFBmayn:4BcGILGAsjihRe78d+2NWb3NwfgynA
MD5:1135EA5034157AEC8D61ADBC8CC41E2B
SHA1:F31695F44C58AECFE3999697F7C84EAD61661819
SHA-256:AB83FB9D87EAD26E8A1A8F3BC5BDDBA1D6F514A84B2D18674CC83AAB05BBFC0D
SHA-512:FFCBB85E7ED8B52DB135768196C8F5DF5197F51FBC95A3807CFA5F060880F41594081E83EC4BE82A915EE0767D92A10A7EE3B59281178822C5774C1DF7608B51
Malicious:false
Preview:w.D.70...E.8...S?..T-......J....2.W...`]#..X?.a..Y?U.e. ..F$J?.y..h.p..j.H.C. .>..7;YN.......M!.%P.l... ..........A......r.'.i.N....$...aj.V.....{X=}.^t..K..b...[.......s...~..p.vC.A....V---*8+8*---9021c84367bdc192e5fcb2b64e488cb04c332a2d14c5b7b0a6d3302b1cfa59a41ed1142db46f32a1a3c8535e3c06a79e38635ce562294ea6e5fee09f5e0e77ba50abc2a6b3121d9302355eaceaca42b04b1cd1210689eb8d0edaf4e791550bfca13fb8f64d2df7caa2e596b145a49142934731c12a50a0752bf527eba4747fba984361dcaade97b6791fcb737dc021e8ab75cd8be8b47617c6eef5e646f0d4033bd9e115115fb6f4c7fc9aafac452598c8f49de5ac18f686556bdec87bde3a82eb5e4e2a72b647a70665da11f1fb30217b06a79c59993ad594a66a783d529ea8b226b99b3a113870b8d3c1bbd1d784770978b56261bd0119a01ed630d3565e6687e126b4b9204d2134f2dbcbbf098a0f629da99ddf4ad2a5db37e45608645467799c3a1f424cf2b75c697293a3b7a08ecb3653e61f7a178851290e767896a70c82c821d766c2e9ae3375239602ef3231ab6211a7c36932fe349da10c87fc82129a90f9b9a79792b85ff5d56e206d9ea86801c8a2aec335e6b627510a52303bc962c296fa761de01bae47526bea922

C:\Users\Public\Music\desktop.ini.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):1436
Entropy (8bit):5.7591383254100945
Encrypted:false
SSDEEP:24:4BMH/GILGr922qBJ33KsQHOIRvWOUbatNiMdLaj2flWb3xnV5UdfgyxFBmayn:4BcGILGA2qBN6hRe78d+2NWb3NwfgynA
MD5:5F07939B9914773670D7B7C60CD946DC
SHA1:E3827A643F96665F6D5A642CD3F2E9EFFBEEA8B5
SHA-256:9D07BF553128ABBE9A93BA8BC353B128E70C9AE953CFD7047D0B527371E4C1FC
SHA-512:51D0A51B50F97330E96840832632D7E72EFB9FF0A7FCA085607C7C285E4FF756FEDC75DE9DC82071474143E8C48AB827AA9A82A4BBE37363A38D7E37F907EDB5
Malicious:false
Preview:w.D.70...E.8...S?..T-......J....2.W...`]#..X?.a..Y?U.e. ..F$J?.y..h.p..j.H.C. .>..7;YN.......M!.%P.l... ..........A......r.'.i.N....$...aj.V.....{X=}.^t..K..b...[.......s.g`...1..T/o?.`.J)!{....&.s...q.Z^....p.MQ.x...d.z..Fg.^U....`fCS..B..j...y..1#...> .<..$......B.";y...u\o;].&{M..4.|..4\K...*..........:..O..@5....0........9...d...Y\.......Qv.C?..{.........@u..+8.......uHVD.D....4---*8+8*---9021c84367bdc192e5fcb2b64e488cb04c332a2d14c5b7b0a6d3302b1cfa59a41ed1142db46f32a1a3c8535e3c06a79e38635ce562294ea6e5fee09f5e0e77ba50abc2a6b3121d9302355eaceaca42b04b1cd1210689eb8d0edaf4e791550bfca13fb8f64d2df7caa2e596b145a49142934731c12a50a0752bf527eba4747fba984361dcaade97b6791fcb737dc021e8ab75cd8be8b47617c6eef5e646f0d4033bd9e115115fb6f4c7fc9aafac452598c8f49de5ac18f686556bdec87bde3a82eb5e4e2a72b647a70665da11f1fb30217b06a79c59993ad594a66a783d529ea8b226b99b3a113870b8d3c1bbd1d784770978b56261bd0119a01ed630d3565e6687e126b4b9204d2134f2dbcbbf098a0f629da99ddf4ad2a5db37e45608645467799c3a1f424cf

C:\Users\Public\Pictures\desktop.ini.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):1436
Entropy (8bit):5.734311414591963
Encrypted:false
SSDEEP:24:4BMH/GILGr92poF+N/jArsQHOIRvWOUbatNiMdLaj2flWb3xnV5UdfgyxFBmayn:4BcGILGApoF+N/jAXhRe78d+2NWb3NwC
MD5:147F6B4ADC21541C64839D72610CD6B2
SHA1:84E165C52A50BE050E46BDA049A84456D19DD6CC
SHA-256:344A01A879E0CE04DFA605BD3E592E7995AEC0AEF9473296AB7CAE3226DEBEE7
SHA-512:50B517817BF2449AD221B8EF32A130DC46259A50FCED80B244837871B3E771B3975C8C1BEFF88FCBBB078155E0CC8F2A89B0654EF076D46148690820A0A342B2
Malicious:false
Preview:w.D.70...E.8...S?..T-......J....2.W...`]#..X?.a..Y?U.e. ..F$J?.y..h.p..j.H.C. .>..7;YN.......M!.%P.l... ..........A......r.'.i.N....$...aj.V.....{X=}.^t..K..b...[.......s.....&.....D......q..t....:.U..6u...ou.h.m..^....5mK.J..y.lK...f.g..'.B.}..6...G@.p-Z..o.4[.....u.V....2........6.w....kN.e.....J.......ol1.2k.q.d.=...q_..xU^.a.........{.!A.Q.D.v!1.......b....T.%.......z..j.KE.---*8+8*---9021c84367bdc192e5fcb2b64e488cb04c332a2d14c5b7b0a6d3302b1cfa59a41ed1142db46f32a1a3c8535e3c06a79e38635ce562294ea6e5fee09f5e0e77ba50abc2a6b3121d9302355eaceaca42b04b1cd1210689eb8d0edaf4e791550bfca13fb8f64d2df7caa2e596b145a49142934731c12a50a0752bf527eba4747fba984361dcaade97b6791fcb737dc021e8ab75cd8be8b47617c6eef5e646f0d4033bd9e115115fb6f4c7fc9aafac452598c8f49de5ac18f686556bdec87bde3a82eb5e4e2a72b647a70665da11f1fb30217b06a79c59993ad594a66a783d529ea8b226b99b3a113870b8d3c1bbd1d784770978b56261bd0119a01ed630d3565e6687e126b4b9204d2134f2dbcbbf098a0f629da99ddf4ad2a5db37e45608645467799c3a1f424cf

C:\Users\Public\Videos\desktop.ini.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):1436
Entropy (8bit):5.744174934372901
Encrypted:false
SSDEEP:24:Aj4IpcfiE3P7uLH87zR/ugEtjD3vsPh1L7Zm2QyDQ9iM62PFuBfZTgRsgWYfjDI:k5yfiWPBGzhD3U37EniMFduBhssg/I
MD5:1228D9B74D06C7A673D2538E9B8D4B69
SHA1:7C013C52D88179385FFF47CFD180D3F771E0BD80
SHA-256:08C59233C670543BBBB3F2A06CCDF049581DDF66FE83F7A60D10E0D2C7373C56
SHA-512:BD676760F1340B5FF434DC208733EC6BC11F65EC1673F16DA85A2E05D316ADFF9EFDDBC586C2BE87964E187B6D6FE7F2D0ED88AD042387C781BA7CF49CEA4A00
Malicious:false
Preview:z(.y*.....%dj...7.6..<..Fk.(..J...h^x.......MJ.bP<.$.S%..........<.?%...O.?j.g.?....%.d......j.$......y......g....gVG.P....evM..1. ....,..Vp...e.C...'.S.\..sJc..N..E(.H......@G.Ef....*.I..t.c.m.c'a!`.m..s.....!42l..O.M...... ..K.'.X..q.|..K`.I....r...x.9c5.N..W.lD!...I.TU*...*C.t......h<.......w...w..>...V$D.#.k.(...mPA~:\....gq.....E...W....zu..3_P..M.....@].6zB......(.*h.....e..---*8+8*---9919f11dee86088b73bff58b97cf74f8ddbb0124a0f6d11431c392a6623d34c7f2d699ccf98944b577bd833ecd6078cf2e798502e372e42916922f6aaa5e1617d384080aa5a07c6dcf60aac910ffc37a1a6928d5fa2060eb51be0cb943e31f98abb87fc2ee146c8b8d52cf86741717f23b8f3e61bef6608d6dc886f4b390ec13fe31bcbbc1c4221d9c0478deb2c11b8fb92196dc9c672c019dd6180a6f10163b5411babd5a2b4ec89db171f6b314a0008593c485c5ba70d01ab6a469d756b324c74ff7c24bdfa0a6aeeacdc9e877dd657c8b24bae2551a63d43357bf8fb52a186ddc3624383271519156fa9f8683fe363b3c4c5e2daccfe0bddd6056bac362b0121387d0bd2fa8123df331114577b5a4c1d21069a1fe45df41969e2dd7293fcaac671a58383f0

C:\Users\Public\desktop.ini.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):1228
Entropy (8bit):5.055199557396876
Encrypted:false
SSDEEP:24:4BMH/GILGr92NsQHOIRvWOUbatNiMdLaj2flWb3xnV5UdfgyxFBmayn:4BcGILGAJhRe78d+2NWb3NwfgynA
MD5:ADFABD3DD0A402D699ECDC1058E7EBF5
SHA1:4345B8449BFF7E9964FE381E7F195F9359F29B14
SHA-256:BE7F57312913FE9DCFD6A588363A574AB7D0FD7570B0BFB58A75733F33EB20B6
SHA-512:97DCDD52CF5A630942B86C763D034BCEBF747ECACC24A0AE2262A3FBDC433F0C868BA01A75F73F45026C4E63CE0966ECF72EBA2D01FA24B1E4A5A8CDCF75E8EE
Malicious:false
Preview:w.D.70...E.8...S?..T-......J....2.W...`]#..X?.a..Y?U.e. ..F$J?.y..h.p..j.H.C. .>..7;YN.......M!.%P.l... ..........A......r.'.i.N....$...aj.V.....{X=}.^t..K..b...[.......s...63..h.w.i.Z..---*8+8*---9021c84367bdc192e5fcb2b64e488cb04c332a2d14c5b7b0a6d3302b1cfa59a41ed1142db46f32a1a3c8535e3c06a79e38635ce562294ea6e5fee09f5e0e77ba50abc2a6b3121d9302355eaceaca42b04b1cd1210689eb8d0edaf4e791550bfca13fb8f64d2df7caa2e596b145a49142934731c12a50a0752bf527eba4747fba984361dcaade97b6791fcb737dc021e8ab75cd8be8b47617c6eef5e646f0d4033bd9e115115fb6f4c7fc9aafac452598c8f49de5ac18f686556bdec87bde3a82eb5e4e2a72b647a70665da11f1fb30217b06a79c59993ad594a66a783d529ea8b226b99b3a113870b8d3c1bbd1d784770978b56261bd0119a01ed630d3565e6687e126b4b9204d2134f2dbcbbf098a0f629da99ddf4ad2a5db37e45608645467799c3a1f424cf2b75c697293a3b7a08ecb3653e61f7a178851290e767896a70c82c821d766c2e9ae3375239602ef3231ab6211a7c36932fe349da10c87fc82129a90f9b9a79792b85ff5d56e206d9ea86801c8a2aec335e6b627510a52303bc962c296fa761de01bae47526bea922

C:\Users\desktop.ini.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):1228
Entropy (8bit):5.088662230881962
Encrypted:false
SSDEEP:24:hHrzT14xGUfIpf69XLaKcd0xFwrq/K0XGthtS/86/MP6hlqF5FlQmEqPI:JzT14xGUg0Za7MFz/KeKhtShMGwY
MD5:25F1C09D813AD02139593ACD0F800C62
SHA1:2134F35D0DE45FB757FF0AE962166432714316EB
SHA-256:E0F22F658F8332D4C509B97BD098D2E96ECE06DDF8AEE3FDF04ED24A59AD29F2
SHA-512:AF008D2F2781EB19E2B3842F6FA67253A44823D11F22B1D9AF2C5743E6BA5848597B51DA7534C7091244380689958D9AFC7EF20CE90515F12C70A19B64819F33
Malicious:false
Preview:W.8.;..H.^.}l...o`....._..b".....sv..y...W {.........zE...N.....AV....%[......+.V..1I@.2..........r.m....~........_...t..).".U..I:.S..|C.k....$......-=.........s..9..P.~w}...W.I..a....---*8+8*---7659e66960fd5d36a9d1b2c9e06375be7fa52ccee2ac71e7a3180c85f28e27af1a43cf3c7137a7e7c2e25c69cc5559d873359d2f5770d9631a7ecf354dfea0f5c3e432526fd24285c4d6014f5523021a5e4d13d06eba7bdcb23263ebac6ae76980c914764014d30049b5bd71d5733dac8ada7f7dd84cedfad4fe8987c3de6481f07453980ffe25c57c8b1f731ce1ecc13bf228df1b029e5958bda46ec4cd4e66fa7fe93c9839e3738e3ba24b842a8d2b38c8fe9c9011546d0f440a11a9b99c1428ab9b4ada81b6f27d6fe43d5e8321bd185fba31b152baa381f729f7c77eea2401755babed5fde133a3ea30d9be35d7c60181aeced95c6ee5d281c72bd501346f8547460dbed91b76fd4ff684d9e286845acbd2d9f50e3f680a3b6de969491f27ce3d991aa72435b436f22aa1157569e8bc7060979c8881dfc90d36ed40443b3b2937002f7f54c72ef60d685333d656080841b8406403a90cecaf343a1ba43666e884eac3305c7e1e76a3f067eb5eb01f828b17dbf05294c6a0506da7a956c8f4fc0710b64893184a8af02a05f84f

C:\Users\user\.curlrc.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):1068
Entropy (8bit):4.255320889739116
Encrypted:false
SSDEEP:24:hH5f69XLaKcd0xFwrq/K0XGthtS/86/MP6hlqF5FlQmEqPI:qZa7MFz/KeKhtShMGwY
MD5:EF605768FD40F76E234B6E6A77EDA40E
SHA1:1D24B29D3D226061860658E87B30469A8DC0F6EA
SHA-256:7D79DB94EBD3C31F1A608D755129769E8ADDBF99ABD5ED4FB220B7235CC37007
SHA-512:0BCED2DCD89D9AF5BF9CB3A975DE6E3EC309C65E20DC14E7574A880E02FD548C374318E81D6F385EB880F4CAACABD52670D252DC9B1504104D21CDA7665FEDFA
Malicious:false
Preview:W.8.;..H.^.}l....4.@!'..UR.?..F.---*8+8*---7659e66960fd5d36a9d1b2c9e06375be7fa52ccee2ac71e7a3180c85f28e27af1a43cf3c7137a7e7c2e25c69cc5559d873359d2f5770d9631a7ecf354dfea0f5c3e432526fd24285c4d6014f5523021a5e4d13d06eba7bdcb23263ebac6ae76980c914764014d30049b5bd71d5733dac8ada7f7dd84cedfad4fe8987c3de6481f07453980ffe25c57c8b1f731ce1ecc13bf228df1b029e5958bda46ec4cd4e66fa7fe93c9839e3738e3ba24b842a8d2b38c8fe9c9011546d0f440a11a9b99c1428ab9b4ada81b6f27d6fe43d5e8321bd185fba31b152baa381f729f7c77eea2401755babed5fde133a3ea30d9be35d7c60181aeced95c6ee5d281c72bd501346f8547460dbed91b76fd4ff684d9e286845acbd2d9f50e3f680a3b6de969491f27ce3d991aa72435b436f22aa1157569e8bc7060979c8881dfc90d36ed40443b3b2937002f7f54c72ef60d685333d656080841b8406403a90cecaf343a1ba43666e884eac3305c7e1e76a3f067eb5eb01f828b17dbf05294c6a0506da7a956c8f4fc0710b64893184a8af02a05f84f365a41648f53768e45c516e78e2aa52a13633c9d8529a54202500fc5884fd02d2dfba77b6470fd5097403dcbf9a92ea72e37c3d4e7849e6f667c3ebda85b9c83114e195b0cdff885773f61c7f640e580

C:\Users\user\3D Objects\desktop.ini.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):1356
Entropy (8bit):5.554306532719494
Encrypted:false
SSDEEP:24:hHrzT1YQfjLouf69XLaKcd0xFwrq/K0XGthtS/86/MP6hlqF5FlQmEqPI:JzT1YQfjLo1Za7MFz/KeKhtShMGwY
MD5:6201CE2A0DB8D4F898AE688EB1DF916B
SHA1:FA98D6770FA512091331DAF6A095AFDFECF45D41
SHA-256:C2ED7DB5EF97EE7657ABB00597DD01FF5FED99F47E008E2C9F15C376FB46FB97
SHA-512:3230B47D69ED048ACABA652AD34EBD994931FA2F80FEFFF6EBEF9D221ED8BE9192E1E21A0FEDC20693FA0DFAB444322670F876ED95271BE891CE40C0EE8943FB
Malicious:false
Preview:W.8.;..H.^.}l...o`....._..b".....sv..y...W {.........zE...N.....AV....%[......+.V..1I@.2..........r.m....~........_...t..).".U..I:.S..|C.k......+........i...]...D.........j..J.5.S.3T.C.F.kpF.^T..5. ...R.vm...wn..]...*%......Sy....<.C..!&~B..h.ze.).1...X.<./o.;~..K..T...M.K.o..2OP.v...0.b/.j&.,.C..aQ(.~5m..---*8+8*---7659e66960fd5d36a9d1b2c9e06375be7fa52ccee2ac71e7a3180c85f28e27af1a43cf3c7137a7e7c2e25c69cc5559d873359d2f5770d9631a7ecf354dfea0f5c3e432526fd24285c4d6014f5523021a5e4d13d06eba7bdcb23263ebac6ae76980c914764014d30049b5bd71d5733dac8ada7f7dd84cedfad4fe8987c3de6481f07453980ffe25c57c8b1f731ce1ecc13bf228df1b029e5958bda46ec4cd4e66fa7fe93c9839e3738e3ba24b842a8d2b38c8fe9c9011546d0f440a11a9b99c1428ab9b4ada81b6f27d6fe43d5e8321bd185fba31b152baa381f729f7c77eea2401755babed5fde133a3ea30d9be35d7c60181aeced95c6ee5d281c72bd501346f8547460dbed91b76fd4ff684d9e286845acbd2d9f50e3f680a3b6de969491f27ce3d991aa72435b436f22aa1157569e8bc7060979c8881dfc90d36ed40443b3b2937002f7f54c72ef60d685333d6

C:\Users\user\AppData\Local\Temp\tmp.bmp

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:PC bitmap, Windows 3.x format, 1920 x 1080 x 24, image size 6220800, cbSize 6220854, bits offset 54
Category:dropped
Size (bytes):6220854
Entropy (8bit):0.023659002560192918
Encrypted:false
SSDEEP:768:1MJWWWWW19999999999999TsDFo99999999999990:1MJWWWWWUDFt
MD5:C09F3B2A45D2AFAF362AB1B4B488EC29
SHA1:C20661F43F785B8AEAB34BFE01D89774CC04B1F9
SHA-256:154D1781B19070885989F92C1F77086E2E06DB413EA95E1884BE39570B80343C
SHA-512:052F198462CFBDDBA68CAEC31AC7A4372AFD8808E97A4D22D6C8C9D80B80E14CAAB43E81307036842B80CCBB16B3B8881164BC0F4D9FEC5A5442CBC832E94383
Malicious:false
Preview:BM6.^.....6...(.......8.............^...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\0850066689

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:ASCII text, with no line terminators
Category:dropped
Size (bytes):36
Entropy (8bit):4.173416585305445
Encrypted:false
SSDEEP:3:oNt+kiEaKC5SK:oNwknaZ5SK
MD5:D4DC5DBB4716A7BA0C2E8554C83E1B16
SHA1:3D3EDC2198FCE4D563E10AB8D134933399545752
SHA-256:4372BF4F54A8CB52087976B319E1CB39AFF0ACC345D83550244A23F44C8FF59E
SHA-512:87FEAD96A3354CA298F499B32FDAC5B48A70DDAB8E8E7CD22DD1F7F2E245D79A1FACE6B40E524C2B2B9EAE50224AFB34B0A1E5E86FD1F1AD8FDFFBFBACEDC952
Malicious:false
Preview:C:\Users\user\AppData\Roaming\Micro

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CjFaGVmupj.exe

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:PE32+ executable (console) x86-64, for MS Windows
Category:dropped
Size (bytes):9433088
Entropy (8bit):1.6241734188941572
Encrypted:false
SSDEEP:24576:i09gMRNaC6s6Hp15O3N22845VjpQaRdQtzHmhwFb+a:nWAd6sQp15/VgV9RdQxHmhwFb+
MD5:889E6365D82A9A89B6C8C86D672B8F0C
SHA1:59E293623E4FB828A29FB982D5AC9A4F993ABC3B
SHA-256:48630E76E438952A2030F1DB408993E088839A801243B5D42E559AFDA4189F33
SHA-512:CAE479080F68F4F935A0694A5F948675C5C4BE1A5DBCF437512AF7F0CA801A129313DAF915CEFECBB62484B90C0579D1E50C9C4951BCC84DCDF5C814A8B231C0
Malicious:true
Antivirus:
  • Antivirus: ReversingLabs, Detection: 5%
  • Antivirus: Virustotal, Detection: 15%, Browse
Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O.^..k0..k0..k0.@.3..k0.@.5..k0.@.4..k0.@.1..k0..k1..k0...3..k0...4..k0...5.7k0...5..k0.....k0...2..k0.Rich.k0.........PE..d......f.........."....(.L....}......:.........@..........................................`..................................................(..x....p....v..P...............P..........................................@............ ...............................text....J.......L.................. ..`.rdata...C...`...D...P..............@..@.data............6..................@....pdata..h....P......................@..@.idata..."... ...$..................@..@.msvcjmcF....P......................@....00cfg..u....`......................@..@.rsrc.....v..p....v.................@..@.reloc...M...P...N..................@..B................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CjFaGVmupj.exe:Zone.Identifier

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:ASCII text, with CRLF line terminators
Category:dropped
Size (bytes):26
Entropy (8bit):3.95006375643621
Encrypted:false
SSDEEP:3:ggPYV:rPYV
MD5:187F488E27DB4AF347237FE461A079AD
SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:true
Preview:[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Roaming\desktop.ini

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:ASCII text, with no line terminators
Category:modified
Size (bytes):5
Entropy (8bit):2.321928094887362
Encrypted:false
SSDEEP:3:Lk:I
MD5:1766FFF4851AC9C11F3200477FB8CC76
SHA1:AF8445FCC379ECEA22FA19CD624EC14CD5A20FF7
SHA-256:93A7AEF5296E288F3A39F8C1C0DCB8935C9657F5C87378408E5D1910444E7C70
SHA-512:44C8AC41730D1AD36ED943DCAC2AFD02379D4F7C4BDDACF7899ADC5837B4B4B3D8425C7BF957922F900CBB9F9EB9CBC9A727A58442D905991552C0B7F5AAFED1
Malicious:false
Preview:17926

C:\Users\user\Contacts\desktop.ini.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):1468
Entropy (8bit):5.862735944380513
Encrypted:false
SSDEEP:24:hHckRehTSOFx51f69XLaKcd0xFwrq/K0XGthtS/86/MP6hlqF5FlQmEqPI:xReGOFxiZa7MFz/KeKhtShMGwY
MD5:7DDBDB466F3572F7150178AA7DBC3B5F
SHA1:CD6C0E20E220418357D2969808A408F65B203027
SHA-256:4F154C4E815185B9D0D7B66078AEBF52AA800502BEE4A36D0204DB25A08BE741
SHA-512:B4BFD20E79D41E78CE9729DCD5326CD46AA6C1D7515A2819483670F150E39A4980891FCF9DCE8BB43FD66FBECA176C026D1D331A7A3281A4BADB25C032CA7D2F
Malicious:false
Preview:W.8.;..H.^.}l...o`....._..b".....sv..y...W {.........zE...N.....AV....%[......+.V..1I@.2.......:R.J....A.)...|.s!.....X. .>..j.=....o..O......L[q9en..x........\...A.;....>..2M..U.....^...vU...P.T.....%.kzt..k_Ys;.......P...9..:V....u..sn4j..}.<].%.e..~.......i..o.<+..2.id.....7....t..4m.ne......Qu....w8._s. .Qk.J..&%:T...p....l..hA...5.>2.<8....,..|s.t.:......7H.........ux.j..l.,.Q..M..X.QS..#........L......---*8+8*---7659e66960fd5d36a9d1b2c9e06375be7fa52ccee2ac71e7a3180c85f28e27af1a43cf3c7137a7e7c2e25c69cc5559d873359d2f5770d9631a7ecf354dfea0f5c3e432526fd24285c4d6014f5523021a5e4d13d06eba7bdcb23263ebac6ae76980c914764014d30049b5bd71d5733dac8ada7f7dd84cedfad4fe8987c3de6481f07453980ffe25c57c8b1f731ce1ecc13bf228df1b029e5958bda46ec4cd4e66fa7fe93c9839e3738e3ba24b842a8d2b38c8fe9c9011546d0f440a11a9b99c1428ab9b4ada81b6f27d6fe43d5e8321bd185fba31b152baa381f729f7c77eea2401755babed5fde133a3ea30d9be35d7c60181aeced95c6ee5d281c72bd501346f8547460dbed91b76fd4ff684d9e286845acbd2d9f50e

C:\Users\user\Desktop\BPMLNOBVSB.jpg.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.756189763346899
Encrypted:false
SSDEEP:48:5bSN1T7OP6322NZZBgAbQZa7MFz/KeKhtShMGwY:5s1TCymMZBHsZaoFrKeK6hMBY
MD5:C25599DB918319D91BF69E7C35E27FCB
SHA1:D4E990C68062F6722AA18E5317A450C62D5E8AC9
SHA-256:C73792A97FBD892AFDDD8BE87C3BA72EE9247024E07ADD5F8681B7B280E39117
SHA-512:9CDD6FBE4DD1A39F0E055F9BC3DB073E0BF64A023A9BAC204486197EFFB0A088018A23E2AD56EC2C5270E6722CB286AF1C0BA666542D4A707354EC3E7031C7EC
Malicious:false
Preview:W.8.;..H.^.}l...a.XL.]...Y5L'....9r..)..$S.PpogU..R...(<*p.......G....$..`..H+.Tq......h.dW......Q..T.........b+.S..K.m...l...<U.}r.p..GTIF^..L.).b...TB..r..Y..b;...`.sa[.v.(.$x..V-....@jx.GT_........2......Xj[.v.D.iUC.#.l...=.`=..E.R..Jyc..../T.v.z...QR.}.kdN.0BIq.!tD.o...,E...Lmi.!.......C..ka ...sVrM.....D..G....9.'.....V..SB..3.....%.].].sq.=#4v..|(hK\o.:...1.+......3...W..@{....Z%JU.../.Z.@.Q..O..6.0..Q.|tX.T.'XHZ..2k.U.h..E.D...M...B...].B.\..wP.s.rs;dc...\w.+O$v..9.B...I.X..T.\..E..a^.K.Vi.@.....dW:6.Qr8....y.5...2...JqU..)6`./&.1!g..R.y..#.......Cu.$.....^..x.I.U..\..e(.}...^f.(..a;...hY9)7.......!...%..l...fh.y5.;M.H.-....6j......cF\o|(....sI.W..$f.%r.c..,..+.q.Tt..gG...b.s.TK....A2......3.T|4..c..|..U?..........a..W.!.7O..@...zQJU..M1......3.eK..$....D..:....L-..s.....N?C.@j\..SS.?X.N.....a..........A<..1...o{..b.\.<.Pi.....8M.....{..S.:Z..-Y*..P....:.{...G....l..Ep..S.?.E...{.+...:...~}$..wXz...p...F..Z.c..=>H]2mc...

C:\Users\user\Desktop\CjFaGVmupj.exe.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):9434140
Entropy (8bit):2.5672928341761807
Encrypted:false
SSDEEP:49152:m4Q6ssprEHQEwmvOm3+xnTH79TuQ5Hugfo9Rvuw:mXOmuxnTHj8vf
MD5:588C7E69A4F31D527E27DD310CA46B69
SHA1:3C10FC3509426E5D8BD33F3EC2779FD968C09D76
SHA-256:EA0AE3E7F53E5E150A15CC3E2839F9DC18FDBEC003CFEF8669F4B5558B3EAFB9
SHA-512:9A6FD2E100ADC22EE7BD0231C714C257143E96895A0F06B0D0C2C2F2F0D27F954A5AA276C5F49B8ABC50692CD6DA1CCC520B18826DF1BD3548464176AD5F662F
Malicious:true
Preview:.....z{....mS.0C<.:'.$".........R.w.>J9S.Rb.....'.qF...*c..*........E.x..[.S.&.;s..^....`.C.J........ky.PF.Q..>sj.f.q~eV........?R...r!7..f5.N......O.FU.B.9N.......I..R.-...|..f.^.i1.........R..3m...r.....7.q......|.dL.ma..d...].uP...W.........2..U..=..SEP.l.t.....E...6.-.'...0V ..wH}..vu...1..TH.<!......i....<A...A...k... KzB....T.....c..s..R4....I.HB....Q..#..9Q..`..G...L9..seY... ...s...bd".A.^o..H.1.vH...j.z.F....L../-Ni=....=L.S>.j@....&.C.....[...f..F..X...U.3c..Q.&.lA.m....i...&y.?rWu..i.../"`..E..(..>..%.......P.....qa..F.@.nm.r.!L....c.h..R....;.....|..+,.. .U&...S..~M....../.Y..u.P..........-.Z.N.K.....5...k..~..C..3..k.K.N]....e$.....y9-...!.].W.,...CT..N.}gd...... 0..=....%.6......6...J.-...Q..Q..9..{.G..,.R.....I.x....oJk..N.........B...G..0....j~P.oQY-n.....RI....[.s.28.<.&.3.^%..k.........X...Ei.\.OQ.........h.t|.,.R..."...'}v.m.M).R%....@X..bL*.F;(^....9.(.(....P2h.Rv...o+.1............[..........8........_...}.o...s...

C:\Users\user\Desktop\DTBZGIOOSO.docx.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.73267529082535
Encrypted:false
SSDEEP:48:3K/fe0lcDhc0nY0dvaoWeUS7LBArxilxB7WQzBG527CGDmvo:6ne02Dhc0nY0NMeUUNWQ0MCUmvo
MD5:DBD6EE931BD2560FB5105B2E963E5823
SHA1:8A8E37212972298063AE684329EE4AAF9E48137D
SHA-256:185515E0B82D67380C8D42EB65CE9B30F585391975E7EDD4254CEF829A650C98
SHA-512:DD395EA89A01FA49C8065F9622813F791B4992A7FA35417AA8F35284ED4BBE33DF627C7C10C38E3E0C590B9D760E8E0F9935F4CC340DDDB6FB2A68F1421FB21A
Malicious:false
Preview:Z(F.-.2..q..fB.{,.......h6...tlB.".Z....u.t.t\hk#.O=D.E...,..4Cj.`)..v|...r..)}\..8%..V...0..N..z..;*...D.I+..a.~.c..?../.?.:...zB\..#...,T.....H.c..Cxs(TQ^k....{......b.1[..b5}..G.v....W...5......J.....(a..i;.|.p..+..C........c{.Az......O.!..3P.`....p...w........Lp[=k.E..&5.Sanky....a"...S............Q.L..v.s.<{............b....t0.M.?o..~..5.....n.qE.}I.>vtH..3...)`...=..[Z.fc^Bxeq...> ...y..g=.C|[....=a...c..o.RU.M...\.........5.*.-bA..{..B.K.6..A.-......0.v.......K.2..5.1......x..$.V.Z#..-.HD.H..`.......}v11HG.n.C.V...c.:.....$.3....4.......A.....Y.t...x.K."...n._.)I'......W./..ct.h.:......O.p!q.Co....Q..g.....Hw.b.]...W.J."J.....SO.h.&*.7g...*C..kYK..1....[.B.{..KP.\x.O..........2..x....7..A......Ro8n..qh.EJ.,P....aDmn.fw."1b..0....-.s,.nEd..(...Q.g.f.z.a.j.v..d..R.W..-..8Ra..S..........H.....M..+.......\#.v.D....>..^.I..J..B.q.Fa..pU...F11^.8.1.7...+4.j...2;7.<.9.E|.n......1BY.z...:.a.Q.9.>S....G.......uXv...=.....adEX<il&....2...

C:\Users\user\Desktop\DTBZGIOOSO\DTBZGIOOSO.docx.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.73267529082535
Encrypted:false
SSDEEP:48:3K/fe0lcDhc0nY0dvaoWeUS7LBArxilxB7WQzBG527CGDmvo:6ne02Dhc0nY0NMeUUNWQ0MCUmvo
MD5:DBD6EE931BD2560FB5105B2E963E5823
SHA1:8A8E37212972298063AE684329EE4AAF9E48137D
SHA-256:185515E0B82D67380C8D42EB65CE9B30F585391975E7EDD4254CEF829A650C98
SHA-512:DD395EA89A01FA49C8065F9622813F791B4992A7FA35417AA8F35284ED4BBE33DF627C7C10C38E3E0C590B9D760E8E0F9935F4CC340DDDB6FB2A68F1421FB21A
Malicious:false
Preview:Z(F.-.2..q..fB.{,.......h6...tlB.".Z....u.t.t\hk#.O=D.E...,..4Cj.`)..v|...r..)}\..8%..V...0..N..z..;*...D.I+..a.~.c..?../.?.:...zB\..#...,T.....H.c..Cxs(TQ^k....{......b.1[..b5}..G.v....W...5......J.....(a..i;.|.p..+..C........c{.Az......O.!..3P.`....p...w........Lp[=k.E..&5.Sanky....a"...S............Q.L..v.s.<{............b....t0.M.?o..~..5.....n.qE.}I.>vtH..3...)`...=..[Z.fc^Bxeq...> ...y..g=.C|[....=a...c..o.RU.M...\.........5.*.-bA..{..B.K.6..A.-......0.v.......K.2..5.1......x..$.V.Z#..-.HD.H..`.......}v11HG.n.C.V...c.:.....$.3....4.......A.....Y.t...x.K."...n._.)I'......W./..ct.h.:......O.p!q.Co....Q..g.....Hw.b.]...W.J."J.....SO.h.&*.7g...*C..kYK..1....[.B.{..KP.\x.O..........2..x....7..A......Ro8n..qh.EJ.,P....aDmn.fw."1b..0....-.s,.nEd..(...Q.g.f.z.a.j.v..d..R.W..-..8Ra..S..........H.....M..+.......\#.v.D....>..^.I..J..B.q.Fa..pU...F11^.8.1.7...+4.j...2;7.<.9.E|.n......1BY.z...:.a.Q.9.>S....G.......uXv...=.....adEX<il&....2...

C:\Users\user\Desktop\DTBZGIOOSO\KATAXZVCPS.mp3.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.7871289391882295
Encrypted:false
SSDEEP:48:nO7+qS/w7bWVhnyuEo4hrluaS7LBArxilxB7WQzBG527CGDmvo:nO9S4on2oyoaUNWQ0MCUmvo
MD5:AF70217F846CCC6964B6CE24891932DA
SHA1:690D23236E073CAAAAD9732EB3726BF18DCF35C2
SHA-256:E0564B0CA2CF3FCD27A137A935B891300DE5AC34556C0C161F03844DA94B9C1A
SHA-512:A8884E61D538F4E14C8C980D931348226C32BC0F25739EA3C07B02FD79BCBA863BE71611AC54595BE0D867CE9F2EABEE825F8EA6DE7B2A275A3B0C8A5B52BB70
Malicious:false
Preview:Z(F.-.2..q..fB.u.F.Z........sb.'..#AS.^..0*X....YSB.8...3.v._."a.G.......>..^....<...<x`..j.:..y.$y.>...X..{.......6...u[.........HV..k.J.B.>b..jx.G@Gp...2.a5.R..l.........I>..7.h...^.~h..T.>.}.?td...!#jw.z.vWt..I|hYN......]#.'+./.{.1yg.b?..C}'.F....S..G!..`>..Q.U.@...;......C[.M.[..XA.)Z.......3h;......``.\<..:..V..W.b...{h....(...T.g..3..e.."\l*..Nmf?.+....y...4wz.m...~.7........$..d&c{.d.....q...8..i.3{..K......#...Ud.Nq`.t..2....)...X.Ew.[...>.cD. ..A.z.W.o=.wx..C.T..r.G..*|M...;.m..'F.....y..Z.........._"....E.Ney...|.]..)..k.L.e...z.x1.....w.r%.IP.h..y.w%.....aK..F.R....s.7..p....~..0.......4..*..G....V...S.uk.F.;....-...$1t..m......L...a..i.La.yM+.*y.,.q8K.p$.{..H...%(...".G....Q.$.......c.{..E.N.}..6....@.."j..........9.L|....Sk%I..?..T........].&E..X...a...y...\.i.p.....l...AG.)w.n....{.......N..{.y....!....gD.R..=.o.%>`.y...$C...7.+.'.j.....W....%.V6.....OXN.@...C..T.Pe.>..k.n.6y.m.....1....V..;!......F.....l..

C:\Users\user\Desktop\DTBZGIOOSO\ONBQCLYSPU.pdf.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.743229116180607
Encrypted:false
SSDEEP:48:zo3gsxKI9U0BNw7OS7LBArxilxB7WQzBG527CGDmvo:z9SRBeiUNWQ0MCUmvo
MD5:DADB454121BF02A4AB1F3498B3832FAD
SHA1:20A27C17E1930F3D88D5ED9B4C5D261E014C1CE4
SHA-256:73C3D999C6C95051B673C2D6E68805C106001884A0220C8C00264E6EE5E61927
SHA-512:0B773D50B6539FAE1B87BC10BE2A62018F2FBA99938FBFBA0C3C154C9D23C72D73EC6131962FC1B5BCCF55FCD96FD42E29D123078B1EC5446F333FBFE5875048
Malicious:false
Preview:Z(F.-.2..q..fB.2.Lo5{e....mf.....J....M.W..:d.w.e..Ek..4....y5P{..J......[.l..@.M9...B_`dYuMx...^E..!f....$..Fz...../..N.w<7...[..;.w.l%T....x=QQ..lv/O...j......;..x.......)u./..h..:.f_....P|`..;.....g....Y...j\`..,o..(+..h....~ujM..t..h.gJz..0..z...d..b.....QO.....0...QA&.....~...E..H.ky......A.a....y.G.....G1..............B..>#.......+..]r.B.I.6.Z8..E.....E.....F....u..M.G.:..)1...1...7..u...@h..........ij.*.y.d.t.37..J..n.H.E..u4...9..P.....!....O.m.,%.l.*.?oy,....i.}.@..Z.>..*.z..,$.U..>..v.YYfPV.S..9...a.......$.G..n..0.1..3....B.Zg...M..e.,..)...,.].R..n]....>.V......jX..o....}7d4D.....-....\..O<.K...M......g.88a..h..$Y.GU.....5._=..F....8nZ-.Q`..,B.........?....]. .%..)O....t...|C...hS..N..jn..[?..v.].V;%.i|..0.,..61Iy......7.I.nu..."...vX*....O2.l...../jX..S...6g.|..cczb...)m...a.~.v>.....'o...Z]...$...S..C.|..D.G.z..M_....iT.z,......%|.p.+.f0..gp.....IHC<...3........K-$....!....q.u...a........9L..:rn....o...=..$//..6....

C:\Users\user\Desktop\DTBZGIOOSO\UMMBDNEQBN.png.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.760072057471267
Encrypted:false
SSDEEP:48:zxSRsVolTL7+kroQ5LS7LBArxilxB7WQzBG527CGDmvo:zw4YP9roQ9UNWQ0MCUmvo
MD5:ABACBB67FBE15AD6BD2CE8A3813C292F
SHA1:A00E29D1DE828E391674B7FE0853F26E0660CF80
SHA-256:0507C8B7E8CE1AB25ABC0D543907D40BE7E169EA453D54076434FF66C25FFBCB
SHA-512:36EA9B12C7E1A274E64F70EC53E123F370164A013FD48458F18D9715FCBE2976889C592AA6858B01A4247C77724CC69DA26788A9B4118C17E1E5299C3C8C1B0F
Malicious:false
Preview:Z(F.-.2..q..fB....X.y......Q...F.u.Kz..~}g....m.......#%.RB.zi5.....[u.....x......;..a...h...g..% ..~...m..|Zqv[.:i.DX#.:.I..K.)@;....TC....H...A..y...r...c.t.^\0.o-.c..?..... ..J"G..,.p.P..oa....>..>.....0..cT.1...P..'.PYN0...H...J....T..^R^Nf.......I....Nu^z~1(....SD.}..(.]Y...b.....l.v.%.1.WJ.....x...J..z.@.^..2...&U?.4X.GH.."..5L..)....U.n..>....p.0y.d.S.R'.0.....*..\....7.7.j.N+.....%;hv,4)..k..%.....I......In.[..".p.5....M=.W..X.o{X}.].......y..?...w.!k.%...!m..JE..8....9W.{=s(......1..%...L........yj5+p.....3.......0..Q.|!.}B~...U.]..j5..\..yR2.?&&.D......>.C5.;...;YR..w..v..N.mA....u.....xy.q.>.....X...RD.Y.-......G9.E..h>d..R.(n..U.....Y.".X..\P.H.R......lU..X.....H.Q..Y...?.R;c.!..Gi1..U..A...ASn.z......X.UH...Y....u..r.....C.i0oa.#/4+n.mO.*.................J..hgb..w...p.9y.S.%..h..C5.....9.OL.M(....p.....n.L..J...C.!.0...c..i....@K..1 ..=j...M.](_4r..4TVh...(. ..%7...f6.9n.p~. ..".......z.|........<..,....).%...ey>M.s...;.

C:\Users\user\Desktop\DTBZGIOOSO\VLZDGUKUTZ.jpg.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.771045125473332
Encrypted:false
SSDEEP:48:HOpmQvBS6wC+i+IrQS7LBArxilxB7WQzBG527CGDmvo:HOVS6wWMUNWQ0MCUmvo
MD5:8ED63DD1CF3C1142108DAD5395E1A5AC
SHA1:3C1F891ACEBC42198152593289C2AD8572456740
SHA-256:86FF74E9322A2F17CFC0B33BA0D730ED7D6B10348A5578852035290745C42554
SHA-512:36EEC939F0CF41D598B2E7BCB4E47A9700F541EAA9432440E4C9B6E5BA8AD400CACAC89296ED61B925A4DE4D69025DAC80F583C037E528D473F94783F123690A
Malicious:false
Preview:Z(F.-.2..q..fB....!X..kl8...i.!./..,.....0F...2O...r.0. H..A.....)f(1.A.53N.....|...'....X1.........t.f.tzf..."~2...z4.....&...8dn...u.S..L.H..".$.5+.........t0.^.m.24.A..6..!^..3..OB.0X...:(..q...@>".......l....G..@..3...(EB.r:w-.2rLS....=.c.n].>j..n.F...2..!...{..{...V MfN...i.......,(.H..T.6.`}....}._.o....M...JX]8.+<bkH..A.OA.PR....X...5Y.;....'.I..$...o...(v.!/*..~....t..r.Ai:.T..*j.....Dh@.....`...(+..I....j...}...HC.7......(.n.<.}.V....8E...@[rH#.....{.........1E.5Q...9]>P...?....mwb~+.k..4.....R*...<Hx........m..z}..V...+..T..`!..I..mpS..M........a..$.....If......V.....#.=...V.Sm7.6$..s..!......HE..v.W".?;;.....%ga:...tI. !..'#.R&...)k...9g...t-_u|....Y.:[.A....p)........<......._........T.yQS.Hd...cA..#ab[.ff...O...u.....jf5........Dx[v.~@..J.Q... &yj......w....5a....'0Y.$.|...f......N....S#C.*.~.............&........`....xi.e.I.g..).O*........`!.......8..i.!...zn.]...my.A....%.o..Zk#%.V.M.!...<...$..2j..S@.nyv.v....E...sB.)x

C:\Users\user\Desktop\DTBZGIOOSO\XZXHAVGRAG.xlsx.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.714774132925133
Encrypted:false
SSDEEP:48:QPaBH6PMRDSKS5T8GhyEZjPMilS7LBArxilxB7WQzBG527CGDmvo:QPeSUKzhyEe8UNWQ0MCUmvo
MD5:2CC3B96310FAECCF1EFBC947B4537464
SHA1:52083D77EDCF333003CD4AE51B1038F08696D7F5
SHA-256:40439935A3E4E4F99DE09CCCD4B239F897CC2C5EE4458B9585B682A998BC0AC3
SHA-512:B07A13CB3E4D186D6DE44635324D1FED576C52CAF22E632C7E581EF0B6A1D68B5C9BD1D97F881295D9991FC1543A965D7481A877C6E1EF971A4D11B1582FE937
Malicious:false
Preview:Z(F.-.2..q..fB.no..~R..,..?I..?tRI..x..$|.ZV../.......O.P$.9.S..Q47..q-`NH8...H.|...A@Z23+\...I}.Q...k...lp.7R<I.;:P@. .}..C?..++.yX".WnXv...eFZSr..e:..5.....{..#.$.E...u.!..............E.....N...CHr_,_a....X%.!..D5....4...L...C..3.1V.Gf..Z+uS....2$.+...Y../.r...mw}q.D!..psv..p...c.G.e...2.a^..a..~..NE.'N=....{..lz.6O.j.$.5<_.....0Z......A.#1...~...a.v........!..vE........G....v....K.}..^A.d..B$S...t(7..M..>..#}0....&..].uG3._:......$.#W.Qr+...S#.?.CxM.~..>@F9Ui.......QVZ...;..=...Zx....7B.sP.x.D.~...Z....,.1...v(5)...k....e>..|.t.9.D8....Ft.DR......0..V1.GW./.R.oR........i.....1F...D...O..k........r...[..zHe.g.K.tf-{2..U...B.m;.2.b,.a..f.I.K...MI.2W4.....PC...N..t.E.=9...jy.....b9.}0.j.].6...@.e...."}o...}..2z...;...r...?..97..?.=0.0..!..A....G....@Nf....`x..kS......T#..6....GWuZL.Hja....#..;4{..v...B.......{..e..7..=. .8../..8..EjV>.u(e......1A;O..i.;W..Z.".......|....Q#j6.v..Cd...~..}...q7.....S....np.`...._M."G...m..so..i.s...c)M

C:\Users\user\Desktop\Excel.lnk.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):3507
Entropy (8bit):6.056888119245687
Encrypted:false
SSDEEP:48:oZuZLRyFVrP1A4RQdCMOXudSdMh0+jW7AjjvAKS7LBArxilxB7WQzBG527CGDmvo:COROVrPBk4uPh0+jpnUNWQ0MCUmvo
MD5:A5A1EC73DAACD321541FA9A163534A68
SHA1:7D2556B277254C27175E5F893F398828E5297581
SHA-256:276EF2B2A5C7EFC8DAB717AF8808D70713A6168248EDC082F0A6BE0746110703
SHA-512:79CFAC885299DA9B87E2AFE8ECCB82DCBD3ED3C9614F18F5A744C6161E6B6AA15B683F24E18FEEEF637576396CCBA8BF0E73A7527AD1147C8A14ADECB7B42B13
Malicious:false
Preview:Z(F.-.2..q..fB.V.'.<>`X..y$...0l..{......-].\F....`.oS...}o....:.>T,..P4}....-u.z..~).7..N....w)...S$.H.;A......u......eZ.T.....vfTo...>..h-;.r...v1J.[,Z...H......p#C......$.:..A.=..#.....v..'.......|)_.A...;....k.P!|.:PI.....RZ.*.#...x.@....D......~~%o.S.d!CX..U..EHl...................o...F.>..3.i..&R} 6.s.L....j.(....iZ.1Zb...B].)..N8...a_.].h...._..a&O..nQ....T..G..$...... .4w+.*.%vKH.lb..!.J.0V.Cw.....uA.&..'...~J.Askn.\.L...`...5<x..OJ..5.f.P..k...8u.......ZE..y*...1.jb..C*........o!\..Yn.W...9......}#.+..?..."..pRP.....Zo.<|..~K...4.v.....j|o.I...K...:...ws.J..Ml..mX.8d..Ol..G..H.RBp|:u...|\G..R;.0...n6.....2.71......H.L...6..7...9...k....8....g.C..&..."Rd?dzS_x....N...G.}ew.G/..2....E..!.!.4.`W...4...4.+v.3..H...U...T8=oSY...A|\D...B.............E..G..+.Df.Y.K....i....4WG.x..)...rB>.N...Y.......x......OR/..`..]..{.@......b4......^....x|........R0.......Zo`B&...hG#..Y..]..YX.,..Q3...qz...R.Ti~%.0y....\y......F.wk_..z..K)..

C:\Users\user\Desktop\FENIVHOIKN.mp3.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.750455056673694
Encrypted:false
SSDEEP:48:A9OMoi/SeNp7rseYYF3YiLS7LBArxilxB7WQzBG527CGDmvo:AIdROlsevF3TUNWQ0MCUmvo
MD5:26898D1E4F663C937EA538CB2341C2E4
SHA1:EC23456B560B136B78A2EBCB367A678B34239792
SHA-256:02D89F4E81AA592AB388613EDA562F83723CFCFBDDE9348FA07ADD83799C5C4B
SHA-512:A3F3121E02C75C50EB108D655D2E6E305CB8A4792E121EC5F09A8C698035B794E87118E9528CDC1333C376E8556EB998E4ACDE1D35AD84406CAF19643BF931C5
Malicious:false
Preview:Z(F.-.2..q..fB.m...h....!....*......1...b.[i.W.....%i. {x..'.C.|.J%..P.h..... KM.....c.$9....m.o.S..w\@^t .i...50.XA| K|V.h..;[YmH.|..[>.I.........A..4..s...2F...2?..$.+.n.='A..P.i......T.&......."ZD..^..."].Lv........)..........o..K.$..X.O....; .h\Mn....4.2.j..?..V......(.M.Q..~....bsapE..;...HUe..U.u.w.r.gG..7..P.}bK...H....Q...Kn...,`.+...1.]U'.L...P....gE.&...o...../$....5........%.s:..KT..B.........H.f.iWv..+...;9..l:M$.j....h...+....L..0R....).._.......%..b...P1zs,..D.]..P.G..e.3........Z..K........R3G.).}~.W..1.......Q.......|..7S.3oh....Z.\...Q..E...MN....{`.I..(..?.f...Y..kq..rW.OR....C....K.&..._...v. .O53.<.KhaA{X.:<}..0q.....u.0v.....X.Ru...q.m........q......|%F{..*1~..X+,..yr..pD...eD1.6WF.......E0.Xr!....{j...#6P....m.].PMA..+G~...D.O.x...E.5.........+..=@.u.....E3..1.]..|..v.d.0e6.)...>......+ Z.o.c..p..qR,,..u@qKYK?...4...V.d.f.g^.......:.......d.r73..-...=.?..}.Vh...\+.,?t.+/F.......k.C...f2;[.c.d.n....y.7.....f.M.

C:\Users\user\Desktop\HTAGVDFUIE.pdf.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.763460170904387
Encrypted:false
SSDEEP:48:auVw/cGb6pzYxdvXn8oS7LBArxilxB7WQzBG527CGDmvo:BK76pzY7X8oUNWQ0MCUmvo
MD5:CCB2DCBF2EF1A6F7B3143F2268AD79E2
SHA1:4E937238550B89AFDD05F8345F8F73A7CE07D6A2
SHA-256:92B583DABDE55FE99727EECDB871D47725FA100C0555BD936DC50FA22B39B910
SHA-512:6AC2B387BEFAEA20F785D9DD794CB3C2308AEABE9AE89B89DFD44CEB6C7D35224CC2329063E87BDB1CC29F5DD2F0190E2EA5D9ECAFA0608A7A79FAF486CA75A7
Malicious:false
Preview:Z(F.-.2..q..fB.A......aE3n.s..k.t..'{....%...,a....`p..e..n.....M..;=74.XVt..H..nD....J/!...... Qf".e.e..3?.......-i.3uT.FY=]k[..$.]:....Yz|K...P.D.*.H.?.Y.unY<..Nh..#.r+.?...2..YD...k.E..Y..&..{Sh.pU..+.i..4Kq..F...li...1.?=.k.4`...Q.U.)%..O...gc...e ...PZ!t.b2.N..V[.{...G..).z...X...h...B&.. .<.B.Zq..........~w.m.d.......?.:......o7.Q...7._...E;T..8....F.?...}.7..[s...&:...a|%........u.KG..tL,..&>.m,E.B.)3.<.m....b.5.....s..P...VE.~E...bJXZ...I,.o...AI.w7\...Q4.y...O*...d.=|..@_5Q..i.{..m..M>.....v.p..7}{.v.;..U{x...F......,.,.C4.,.@..Dm.G..>N...*.*U-._^z......:L..:r.....z../.<7....ECu.)Zb.c.8Vs.QX8.-}..\...`.oy..3....C...?.V..Oy..Oo...lE.A....|3...}..g......D..M..lf|.......j..L..1]U.C;..,_D.%.].+...(.".Y.(..>..^b.1..B.EX/.....K..B.P.G..)Vqs...R.....n.;c;...Y..e..d~..+.......&..=.#J-*z*...:.R....].U.)`6.$.F.H.......7H.3C.px..-....71*.......PG...1'^.E/f..S._F.A.z.x.J..t.D..g...4.........y....".Z.v...Bp.9r.&....F....f.u..=Bo.Y.x.2

C:\Users\user\Desktop\HTAGVDFUIE.xlsx.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.763460170904387
Encrypted:false
SSDEEP:48:auVw/cGb6pzYxdvXn8oS7LBArxilxB7WQzBG527CGDmvo:BK76pzY7X8oUNWQ0MCUmvo
MD5:CCB2DCBF2EF1A6F7B3143F2268AD79E2
SHA1:4E937238550B89AFDD05F8345F8F73A7CE07D6A2
SHA-256:92B583DABDE55FE99727EECDB871D47725FA100C0555BD936DC50FA22B39B910
SHA-512:6AC2B387BEFAEA20F785D9DD794CB3C2308AEABE9AE89B89DFD44CEB6C7D35224CC2329063E87BDB1CC29F5DD2F0190E2EA5D9ECAFA0608A7A79FAF486CA75A7
Malicious:false
Preview:Z(F.-.2..q..fB.A......aE3n.s..k.t..'{....%...,a....`p..e..n.....M..;=74.XVt..H..nD....J/!...... Qf".e.e..3?.......-i.3uT.FY=]k[..$.]:....Yz|K...P.D.*.H.?.Y.unY<..Nh..#.r+.?...2..YD...k.E..Y..&..{Sh.pU..+.i..4Kq..F...li...1.?=.k.4`...Q.U.)%..O...gc...e ...PZ!t.b2.N..V[.{...G..).z...X...h...B&.. .<.B.Zq..........~w.m.d.......?.:......o7.Q...7._...E;T..8....F.?...}.7..[s...&:...a|%........u.KG..tL,..&>.m,E.B.)3.<.m....b.5.....s..P...VE.~E...bJXZ...I,.o...AI.w7\...Q4.y...O*...d.=|..@_5Q..i.{..m..M>.....v.p..7}{.v.;..U{x...F......,.,.C4.,.@..Dm.G..>N...*.*U-._^z......:L..:r.....z../.<7....ECu.)Zb.c.8Vs.QX8.-}..\...`.oy..3....C...?.V..Oy..Oo...lE.A....|3...}..g......D..M..lf|.......j..L..1]U.C;..,_D.%.].+...(.".Y.(..>..^b.1..B.EX/.....K..B.P.G..)Vqs...R.....n.;c;...Y..e..d~..+.......&..=.#J-*z*...:.R....].U.)`6.$.F.H.......7H.3C.px..-....71*.......PG...1'^.E/f..S._F.A.z.x.J..t.D..g...4.........y....".Z.v...Bp.9r.&....F....f.u..=Bo.Y.x.2

C:\Users\user\Desktop\KATAXZVCPS.mp3.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.776856912302276
Encrypted:false
SSDEEP:48:QIzkOh6fgG/N+GjbAyQwoCgiO7dQKtmFDar:aLLFjbAyQ/PldQKtl
MD5:2033FEF13C1449F41504F9B3DC48A8C3
SHA1:8C924E2D66376673A79B3B55BBD9346B22F525EF
SHA-256:4F9EA66650DA80B6A6D99B0E78592EA0ED138AB1115BB3D7D430FF49A9086334
SHA-512:1FABACE4BC4D528F978AF3373C41E22D4EA641CC94CB16A8F1DCDAA93440CF186B1FBE7DE5418940650E25DC0EA14107F355BE52B483CF069A211EC81B6C3059
Malicious:false
Preview:]N...gR......d<.l..mi...|....[d.K.K.L.C..\.........uU..A.....8-n).dl.:.x=.-.....O.>...M..f.k.[....}.hF$~.)<.U..~......E....[m......4.....|:....@....J.1...*.|...4.(".)htc.!t.T.y@..P..^pp.%.+...V...xoL.Z.#..`.U....UP._..D.........u..bJjw.E.#1L.T..:h..l.....N..U...)....M.......&...`...G&`=.c.e..2q.S..u...<.....D.t......[....!Q.E..l...v..P.."..O(...m....K..S....<...:.)....y.J...i#_...V.{........\.;:5.._..y',^..j....,...$..eJ...9.R.......v......w.......*.ux...O.i...i.h|.#.|.......VVO...6wK....U..t..8.pYu.i..c..ud..9`..@'."...L>..........v.}.P..."..D%..h.3.#$;G...\.4.D1b.X..,j.v..!.K.Sx.\...O9W..wR...?...X+.0./...|C.Uc..P:...7........%..u-/....5d...('".....T.v......k...S....g.).Bflo...\.....k..R=.&L....Dm..=-..Z.m..!Y./^.....x8Q'PP.....0...,..4...i.B.a..Na.~.q<...._.....`.pa....:..."Oj.N#8U.1...`K....._Ru+.o..k.irc .A....o....]..X.T.P...#....C..;...#.L.1... ..h3.YB..:.0..h.;.B.....;.SW...th.`F..9..!H..eH7vBY&.pZ7Q...E$

C:\Users\user\Desktop\KZWFNRXYKI.jpg.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.776545805498888
Encrypted:false
SSDEEP:48:rtLdLgprLv6BipqMkgeuKykGjbAyQwoCgiO7dQKtmFDar:rzgp3vCiQieuKMjbAyQ/PldQKtl
MD5:21721B84CAFFF1B9FD1572E1555FDD24
SHA1:F8747B7574F0729F30C8B7E09F648D0F25F9D8EA
SHA-256:05FB5500062415D5C0BC0A301041DA8E8A868720F1F4514F0DC885171BAF9DF2
SHA-512:6E3312C55CED5C9D11221E59091D60A99389B3280AE32664FCEE28FBE0EAA5E6ED068787DAEF9A83855571BF644DECE3947A88DDFE0E0CF83650BC47E6AE34A8
Malicious:false
Preview:]N...gR......d.V.H...4..$.V<19.O....g3.R.Rxg.{y..%*. e..G.W.N....t.<...h..(>...<.Po..._.H$T.M..9./,/z.].....]*,h....dw....A.[...(b........k1.f....T.>=qN.`.toP=.1p.h.c.Q|v.....@q../...3.....:.V.U.c....[..~.}..}..y..*..i........zO......u..%..?ME..0..h.....%#v.op.=......W.(~.kI_.I/:..).E.V..J.W.:+......P...EXv...4Mr..........>.o.\L.......w~~F.x.b...\V....F!....J.....As=.....pZ.[.......]J...[J..T...v1..a{`"C.i-.R.........K.....R*.F.._.d.A2.gHdkY.....#)...$Y......._.H^qP`o..Xt..h.....2}lA*wv......>.-..%c....K.:%..l.S9:i..d...t..P..k.....$o".....7j.. ....wH...e#..%.(.....$....R.$......\&..O.\...>..b..?bq&G....(G......o..|..5Q*...0Q...1.T`Me...Z......rS......,.....L.|.|...D....>;..Y...W..='L.........,.?.wM.4...A}|A.)VQl.;b......T.}..!d.A.......3....j..C.M.Rh2d".O.x.-U.z|.dt:......v..U6bsj..e..N.(.-.>e.u...HC..........N....C...R/k3l......b....G^u.@...KH..U...6&.=8f.pL...H..|...j},...A%89.S..N|/..7..}.........4.B....G...)W.ygx.D....-...

C:\Users\user\Desktop\KZWFNRXYKI.mp3.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.776545805498888
Encrypted:false
SSDEEP:48:rtLdLgprLv6BipqMkgeuKykGjbAyQwoCgiO7dQKtmFDar:rzgp3vCiQieuKMjbAyQ/PldQKtl
MD5:21721B84CAFFF1B9FD1572E1555FDD24
SHA1:F8747B7574F0729F30C8B7E09F648D0F25F9D8EA
SHA-256:05FB5500062415D5C0BC0A301041DA8E8A868720F1F4514F0DC885171BAF9DF2
SHA-512:6E3312C55CED5C9D11221E59091D60A99389B3280AE32664FCEE28FBE0EAA5E6ED068787DAEF9A83855571BF644DECE3947A88DDFE0E0CF83650BC47E6AE34A8
Malicious:false
Preview:]N...gR......d.V.H...4..$.V<19.O....g3.R.Rxg.{y..%*. e..G.W.N....t.<...h..(>...<.Po..._.H$T.M..9./,/z.].....]*,h....dw....A.[...(b........k1.f....T.>=qN.`.toP=.1p.h.c.Q|v.....@q../...3.....:.V.U.c....[..~.}..}..y..*..i........zO......u..%..?ME..0..h.....%#v.op.=......W.(~.kI_.I/:..).E.V..J.W.:+......P...EXv...4Mr..........>.o.\L.......w~~F.x.b...\V....F!....J.....As=.....pZ.[.......]J...[J..T...v1..a{`"C.i-.R.........K.....R*.F.._.d.A2.gHdkY.....#)...$Y......._.H^qP`o..Xt..h.....2}lA*wv......>.-..%c....K.:%..l.S9:i..d...t..P..k.....$o".....7j.. ....wH...e#..%.(.....$....R.$......\&..O.\...>..b..?bq&G....(G......o..|..5Q*...0Q...1.T`Me...Z......rS......,.....L.|.|...D....>;..Y...W..='L.........,.?.wM.4...A}|A.)VQl.;b......T.}..!d.A.......3....j..C.M.Rh2d".O.x.-U.z|.dt:......v..U6bsj..e..N.(.-.>e.u...HC..........N....C...R/k3l......b....G^u.@...KH..U...6&.=8f.pL...H..|...j},...A%89.S..N|/..7..}.........4.B....G...)W.ygx.D....-...

C:\Users\user\Desktop\KZWFNRXYKI.pdf.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.776545805498888
Encrypted:false
SSDEEP:48:rtLdLgprLv6BipqMkgeuKykGjbAyQwoCgiO7dQKtmFDar:rzgp3vCiQieuKMjbAyQ/PldQKtl
MD5:21721B84CAFFF1B9FD1572E1555FDD24
SHA1:F8747B7574F0729F30C8B7E09F648D0F25F9D8EA
SHA-256:05FB5500062415D5C0BC0A301041DA8E8A868720F1F4514F0DC885171BAF9DF2
SHA-512:6E3312C55CED5C9D11221E59091D60A99389B3280AE32664FCEE28FBE0EAA5E6ED068787DAEF9A83855571BF644DECE3947A88DDFE0E0CF83650BC47E6AE34A8
Malicious:false
Preview:]N...gR......d.V.H...4..$.V<19.O....g3.R.Rxg.{y..%*. e..G.W.N....t.<...h..(>...<.Po..._.H$T.M..9./,/z.].....]*,h....dw....A.[...(b........k1.f....T.>=qN.`.toP=.1p.h.c.Q|v.....@q../...3.....:.V.U.c....[..~.}..}..y..*..i........zO......u..%..?ME..0..h.....%#v.op.=......W.(~.kI_.I/:..).E.V..J.W.:+......P...EXv...4Mr..........>.o.\L.......w~~F.x.b...\V....F!....J.....As=.....pZ.[.......]J...[J..T...v1..a{`"C.i-.R.........K.....R*.F.._.d.A2.gHdkY.....#)...$Y......._.H^qP`o..Xt..h.....2}lA*wv......>.-..%c....K.:%..l.S9:i..d...t..P..k.....$o".....7j.. ....wH...e#..%.(.....$....R.$......\&..O.\...>..b..?bq&G....(G......o..|..5Q*...0Q...1.T`Me...Z......rS......,.....L.|.|...D....>;..Y...W..='L.........,.?.wM.4...A}|A.)VQl.;b......T.}..!d.A.......3....j..C.M.Rh2d".O.x.-U.z|.dt:......v..U6bsj..e..N.(.-.>e.u...HC..........N....C...R/k3l......b....G^u.@...KH..U...6&.=8f.pL...H..|...j},...A%89.S..N|/..7..}.........4.B....G...)W.ygx.D....-...

C:\Users\user\Desktop\LTKMYBSEYZ.jpg.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.763420031646843
Encrypted:false
SSDEEP:48:wxIR30jfqwOpAPvU+iacd/JkGjbAyQwoCgiO7dQKtmFDar:waJ0LqwOuHUPd/FjbAyQ/PldQKtl
MD5:58954942C308DA7CB1E790DEDD8F6C3B
SHA1:476EB32EBE2E7EFDA97C3C34DE42A86114275DDF
SHA-256:B9B731069C0AFDC9CEEF525286937F248BAC682137C1CDC02ECCF13B221A2C1D
SHA-512:9A9D1E2E16AB6196DF9CC85E1789EE46D38C54E5796EEBFFFD69A676919E52F9CEA9743FEB06020F5D0FC1C03C68D85E39A0FA7A1D3491297AB3D16363DB3388
Malicious:false
Preview:]N...gR......dd~+.s.5.b).'..3/....L.N.4$."E..s..=....4.....*.i,UZ......)4n..dr.G*v.S.......0#.......FX`.G.O.b....k...h..".8.+.7.E......z....j|....KX.......B...:....vD.o<I...K..S..<.p...P..F....p|.....g..$..../......6....M4C..L.L.=..K.8=^...D.(......^......+..:...Ci.......sf........$...Z..E...1)..=;j.ofR....\....;...:.*......iE.Z...k..E..:.........."UD.#{0-.F.^+.1...t.]...x.....]H.3...F...nr.*.Y...aE>]NP.P...p..]E..0|@.1.....$T.3T...$.-Rz...1...M..........G..........;X(..P...g.#......#t.O..%..Z.R..6e..o..@..*J...<L..W..c.C...I....<..P:.*.={.....4....}Eq.Q/.uI.5].}...{R%q..7..}.([.%X........I.....I....`.......':kt.%.F..5y5.wn.~....oT...ZyK.a.....M..!b..H.X..[.<....Q.....c...#.c.L.....C.. .B...G.;.....\.NBf.b....{..i.d*.3..3.To/.f..$...GK.J&.[....V/c..../.l..\d........n...eZ.<..L.......YA.....a<......5....fEh..xV|..l..,.T.-..\Z{...sp./5 \5.P......;e:c=Y.u;q}`......7.W.k..8/.*u.9\.........ks.o.[l$.|.'`...6[....6.....{.......,.yA....\.o/.U..

C:\Users\user\Desktop\LTKMYBSEYZ.xlsx.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.763420031646843
Encrypted:false
SSDEEP:48:wxIR30jfqwOpAPvU+iacd/JkGjbAyQwoCgiO7dQKtmFDar:waJ0LqwOuHUPd/FjbAyQ/PldQKtl
MD5:58954942C308DA7CB1E790DEDD8F6C3B
SHA1:476EB32EBE2E7EFDA97C3C34DE42A86114275DDF
SHA-256:B9B731069C0AFDC9CEEF525286937F248BAC682137C1CDC02ECCF13B221A2C1D
SHA-512:9A9D1E2E16AB6196DF9CC85E1789EE46D38C54E5796EEBFFFD69A676919E52F9CEA9743FEB06020F5D0FC1C03C68D85E39A0FA7A1D3491297AB3D16363DB3388
Malicious:false
Preview:]N...gR......dd~+.s.5.b).'..3/....L.N.4$."E..s..=....4.....*.i,UZ......)4n..dr.G*v.S.......0#.......FX`.G.O.b....k...h..".8.+.7.E......z....j|....KX.......B...:....vD.o<I...K..S..<.p...P..F....p|.....g..$..../......6....M4C..L.L.=..K.8=^...D.(......^......+..:...Ci.......sf........$...Z..E...1)..=;j.ofR....\....;...:.*......iE.Z...k..E..:.........."UD.#{0-.F.^+.1...t.]...x.....]H.3...F...nr.*.Y...aE>]NP.P...p..]E..0|@.1.....$T.3T...$.-Rz...1...M..........G..........;X(..P...g.#......#t.O..%..Z.R..6e..o..@..*J...<L..W..c.C...I....<..P:.*.={.....4....}Eq.Q/.uI.5].}...{R%q..7..}.([.%X........I.....I....`.......':kt.%.F..5y5.wn.~....oT...ZyK.a.....M..!b..H.X..[.<....Q.....c...#.c.L.....C.. .B...G.;.....\.NBf.b....{..i.d*.3..3.To/.f..$...GK.J&.[....V/c..../.l..\d........n...eZ.<..L.......YA.....a<......5....fEh..xV|..l..,.T.-..\Z{...sp./5 \5.P......;e:c=Y.u;q}`......7.W.k..8/.*u.9\.........ks.o.[l$.|.'`...6[....6.....{.......,.yA....\.o/.U..

C:\Users\user\Desktop\NIKHQAIQAU.png.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.763640476078853
Encrypted:false
SSDEEP:48:jtxRzd+FMvAwwsMHkZKGjbAyQwoCgiO7dQKtmFDar:JxRUSY+MUjbAyQ/PldQKtl
MD5:812B534E2A031831C01E4A694EB295CF
SHA1:A89451C5C9B3125A9E88629F9D69FE068880B897
SHA-256:899AB9CB9D68B1F18407E7368A4B2C345829A13E5D21622BD7FAF7220A774E20
SHA-512:4612353BA40395C491170F237518ADB3684872E27303D6E497E80054DCCF0C5DDAAA9DC874B2BF589709A5C8314EE408E9D0FC747F927512019EB2822F4615D6
Malicious:false
Preview:]N...gR......d2./......i}...i.vr@}..b.1J.v.;.h.J.....h...f.....,....]..&.:...xzW.t0...Cb.G.*lH.. r<.b7....h.Nz..A._!..v..Sl.:...V..D.O.>.C...OFu.dL..P........3.g.X...R.:..+4......;.\s...9...s....".Je........p|.I$(..c3.....G\@.#....._.t.ji.y'e5.W.0...B.9....*.\?.Y@'.s2...Uz....A%ks....J.W$.S`.x.b.g.,..%pZj3.{0_3<....I.F.cc....O..%..Sc...l....-{...L.../...-...`...ad.....].z.r.....+...l..^.....E.@C.....w.........:Tx.P-.:E.5....yt.Uh@..8x..blU.V.w0.U.vC...R.s..m.L..$Q...~.r....Ws.xe.T..84..(...-..-....`.i..?z[...`.C.K....AY....&.....*.O.....t.Q.......=....,.,R..`..l..>>.cx.+...s.i.<.1Q.R..[..Z....V..y......W..C.......j_......2.......zP.t4.=.. ..{..|.9.!.Wph..rh.......r>.P...R.:.g.....h..+.?...T.....$.a...L.k.{4'...Y.]@..3....28[...lB....P....N.Tb-.7uRe..s....7&.1YI__f.]@c ..........H..K%..j..B..n.w..-.Gy.O=._T... .2...+Ea.........4..h.0o..n....h..O...z...5a.f.....~..<.2zin<(.!..#.]NW,+.Xb.yV....(.c.K..8...E..g.A~V./.S@.@..........`.#.....

C:\Users\user\Desktop\NWTVCDUMOB.pdf.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.768394074569223
Encrypted:false
SSDEEP:48:yV7FojC30y4KXr/5O5bGjbAyQwoCgiO7dQKtmFDar:ydFoW/PXr/5OwjbAyQ/PldQKtl
MD5:FB35352336D12C3F4503DC66D0EE4A30
SHA1:57CFDDE74F07341A0708EC07F4D94B95F2B19791
SHA-256:5DAE4766D6D64C7B850460D792984694C54CC6CEB0F28E01F5E481C9F53AB620
SHA-512:FC7D5280612851439677D88D7139A6CFDF76ACBAD67ABBD486451D7ED86E2E8145726DD230DEAB77DAD308417703B3115027C603FD115C4B253C6AF10A3E3870
Malicious:false
Preview:]N...gR......d).....,.xM4a.c...5...;u+..c...db.D.=#.9.....V....[....Z.p..0g........KH.....6V\.....j.T..i..}.G.M..&.......,.O.....Q3.%..........-uqKtR.CEAS0{......M.P..I.....9.;..M.7_...~D6K;._.=..v...Q"s.~n......(."....-7...g.V.H+2~........vP.*..|`WZ.}..0.......9./..1w....E-.F......a.`.._<3L..%....2.}......z.AJ...l.......,.)...\k....q(.|T\..$=..6......(.~.Z/.;8..N...C..4%.x.A...M.Q...-...H....8m...@...4.6.Z. ......!...:.vG.N9.T..B.1.*....NQ..n})...d......V....i..p..R.....*N..."..T..2......c.Qy%....|...m.;.(<..r..`T..J.Kg\.L!....R..z.[..c...}.z.D....u..H?VJ.U...W.a1...g[..f.c...9.Lh...).O...Me....qPG...-..[<.7..9.......4.9r...c..G>ZG@o..Y......_O.kSX.C...4.nF.C..U....d........sw...2.f...Y...p.....*..,.y.-.R.JtIE....E.@."..).::..<;....p.........&.g.AR{...0`4.Q.......>....j..Q.j&.y. s.R.....GY..*.I.........K.4.SO..C.s.6..q. ....q..cQQ...S@.0.+..qk..3........#.>.....r........1...12..^,<N...E.5...7W.+:....*.M..]..>..%7.I#..b..M....$.G..

C:\Users\user\Desktop\ONBQCLYSPU.docx.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.747521488615951
Encrypted:false
SSDEEP:48:C9bJmgpQsrNXa4d+2yihXQGjbAyQwoCgiO7dQKtmFDar:sbogpQ8a4d+2tdjbAyQ/PldQKtl
MD5:DA91D3F6B9BA75760F5B3718F231E543
SHA1:6F122D53F4D7C1158E9F292B5C7685214A686354
SHA-256:07D7872BDB54E49A9FB07FDCFAEFCAC1D9C6B4FFBAA5403DE7D80AC63B7DC424
SHA-512:43EC3EF0E7C06515CCEE0A1D5783043190326DB4AE1DDA7D3CC12D3C6B97DB4E99DA34B1BA48C6A8023CC571A3052471FA727E8F5C73116B31C00048F91111C4
Malicious:false
Preview:]N...gR......d2.5.W.H...I&....e.b....-...x.6.S...[....+..Fl..S.......)..,....J[....'..^...a%:E.U^...Ho......f...........P?G.p.......yi)0....'..{.........znw0....H.a....}...P.|...9.6......Tt.v4?.L....^.n@h.x.N...... ...qA.FD.....D.-.......].hV~.....hP...b.{..Ta.Vf.. Y....N...#......A.*......Z..P......6.\..9._.......^....0...H....v.Fx..5....9.(.5.o.A.,.1j.RX.u..,..%.o......!.f....0.z..nA.)........7...m.>..q>.o...p..9L.......+...D+..'U<..E.=..0.B.!.c.....OoA..U.=&..2.^._..G+w.....&v..>.F`Z....`-....TY..T....=.J2.J;.....+$...h..4.....p..n....8=....#...k..g.\Q..* m.Q.A<......D.x..t.dV$p..9(.....f....f......L.D..N...H..NAs.........c.&<T.E...DoQ.0t....7Ip~.7..G..ka.b.9Y.l>*M.[...c..~.'5-V..T..p).....|...t[..i.`..O/..g.s.+p.K.^.T1a}..^..v..d..4.r;...\Ns:.Sd.....5.._.[^.M....{....o..fI6$SJ...~.."....B...e6.r....at.Q..kQ*..m..Y.T.X......~lG.....$.=....0.....].q..<Mn...@.u..k~FG...E..5....j.k...r..8y+..x.."...b.V6e..4.z...k-K......e..

C:\Users\user\Desktop\ONBQCLYSPU.pdf.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.747521488615951
Encrypted:false
SSDEEP:48:C9bJmgpQsrNXa4d+2yihXQGjbAyQwoCgiO7dQKtmFDar:sbogpQ8a4d+2tdjbAyQ/PldQKtl
MD5:DA91D3F6B9BA75760F5B3718F231E543
SHA1:6F122D53F4D7C1158E9F292B5C7685214A686354
SHA-256:07D7872BDB54E49A9FB07FDCFAEFCAC1D9C6B4FFBAA5403DE7D80AC63B7DC424
SHA-512:43EC3EF0E7C06515CCEE0A1D5783043190326DB4AE1DDA7D3CC12D3C6B97DB4E99DA34B1BA48C6A8023CC571A3052471FA727E8F5C73116B31C00048F91111C4
Malicious:false
Preview:]N...gR......d2.5.W.H...I&....e.b....-...x.6.S...[....+..Fl..S.......)..,....J[....'..^...a%:E.U^...Ho......f...........P?G.p.......yi)0....'..{.........znw0....H.a....}...P.|...9.6......Tt.v4?.L....^.n@h.x.N...... ...qA.FD.....D.-.......].hV~.....hP...b.{..Ta.Vf.. Y....N...#......A.*......Z..P......6.\..9._.......^....0...H....v.Fx..5....9.(.5.o.A.,.1j.RX.u..,..%.o......!.f....0.z..nA.)........7...m.>..q>.o...p..9L.......+...D+..'U<..E.=..0.B.!.c.....OoA..U.=&..2.^._..G+w.....&v..>.F`Z....`-....TY..T....=.J2.J;.....+$...h..4.....p..n....8=....#...k..g.\Q..* m.Q.A<......D.x..t.dV$p..9(.....f....f......L.D..N...H..NAs.........c.&<T.E...DoQ.0t....7Ip~.7..G..ka.b.9Y.l>*M.[...c..~.'5-V..T..p).....|...t[..i.`..O/..g.s.+p.K.^.T1a}..^..v..d..4.r;...\Ns:.Sd.....5.._.[^.M....{....o..fI6$SJ...~.."....B...e6.r....at.Q..kQ*..m..Y.T.X......~lG.....$.=....0.....].q..<Mn...@.u..k~FG...E..5....j.k...r..8y+..x.."...b.V6e..4.z...k-K......e..

C:\Users\user\Desktop\ONBQCLYSPU\HTAGVDFUIE.pdf.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.766298093454615
Encrypted:false
SSDEEP:48:6utbabD1C6vg5vOzUzlGjbAyQwoCgiO7dQKtmFDar:6uGo6cGJjbAyQ/PldQKtl
MD5:395694225F1E486B8F9F88518AF3E1C0
SHA1:24E9C87B1071AAACFB56FF7D820AF9C9D4C593FC
SHA-256:4D709FD42B8DA0F9A56138F4385B229DAE78E50E090ECCE22838EE2BC8D7D421
SHA-512:0FF0D0889A80EE6B349E972F4A547A26DAE30AE4010EB5488DC7610699B73DD7BDA032322D6575232D3990E8949EF7CD0F8886E74F198A545A004FADFE80D420
Malicious:false
Preview:]N...gR......d.\.-.>^.....e.p`..V0N..n\.G........!\.6g.lc.....qniK..*G.j.S.....9.#A..\..s..(|.=1...Z.r.7.G........7._x.%U...R=.........f'B..0].),...,13..z.f.7.n$.T..1..e.6.[A.xb..|...3.]Nd...........#*.i.j.g..m../..u.$2.|w.@e.,..T....11.......a.._..TG.%..l.C....f.........7.~B.m._...m..Ud}.&.7bIa....<8...K."h....3]m0..g.eV.N}>.;M.......@...wE69.."...}....NA..x....Jr.....}..........mh.%......J7#.P.s..A.0S....|.`0...*........^s~.....U#Va..as.rD.3i.^.-/.V...zx..q.Br.$.i.,Q..-.k..a...C.a......;....U D.<...x#..y...@..h...~.....~...;n....".J...Q)0....HK..S....|.{X=pd.........HKD*.A.-X..D~.....*...G|..OL.\....O.L.v.$.,..<......#...?....1...;'.q*,..Q.l...e>.j~:....9.ZO......93[...`....{BW.z.;.2 .V....Z.......v.*...x......&E..Jc...ZvJ.p.@.Y.k...).p4......C...Pwt8.3..Y.Q;.IF.D...7...bC........7..<"].{}.U....g#z..P. ..T....K!.........k.MI^qQ.iyH..|<.)lo..u.K.~c...Z...G..@h...hY(......./..4.o.".Vm.R........v.'....M[.2.v.....P$.....{4wF.....%[....

C:\Users\user\Desktop\ONBQCLYSPU\KZWFNRXYKI.mp3.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.776545805498888
Encrypted:false
SSDEEP:48:rtLdLgprLv6BipqMkgeuKykGjbAyQwoCgiO7dQKtmFDar:rzgp3vCiQieuKMjbAyQ/PldQKtl
MD5:21721B84CAFFF1B9FD1572E1555FDD24
SHA1:F8747B7574F0729F30C8B7E09F648D0F25F9D8EA
SHA-256:05FB5500062415D5C0BC0A301041DA8E8A868720F1F4514F0DC885171BAF9DF2
SHA-512:6E3312C55CED5C9D11221E59091D60A99389B3280AE32664FCEE28FBE0EAA5E6ED068787DAEF9A83855571BF644DECE3947A88DDFE0E0CF83650BC47E6AE34A8
Malicious:false
Preview:]N...gR......d.V.H...4..$.V<19.O....g3.R.Rxg.{y..%*. e..G.W.N....t.<...h..(>...<.Po..._.H$T.M..9./,/z.].....]*,h....dw....A.[...(b........k1.f....T.>=qN.`.toP=.1p.h.c.Q|v.....@q../...3.....:.V.U.c....[..~.}..}..y..*..i........zO......u..%..?ME..0..h.....%#v.op.=......W.(~.kI_.I/:..).E.V..J.W.:+......P...EXv...4Mr..........>.o.\L.......w~~F.x.b...\V....F!....J.....As=.....pZ.[.......]J...[J..T...v1..a{`"C.i-.R.........K.....R*.F.._.d.A2.gHdkY.....#)...$Y......._.H^qP`o..Xt..h.....2}lA*wv......>.-..%c....K.:%..l.S9:i..d...t..P..k.....$o".....7j.. ....wH...e#..%.(.....$....R.$......\&..O.\...>..b..?bq&G....(G......o..|..5Q*...0Q...1.T`Me...Z......rS......,.....L.|.|...D....>;..Y...W..='L.........,.?.wM.4...A}|A.)VQl.;b......T.}..!d.A.......3....j..C.M.Rh2d".O.x.-U.z|.dt:......v..U6bsj..e..N.(.-.>e.u...HC..........N....C...R/k3l......b....G^u.@...KH..U...6&.=8f.pL...H..|...j},...A%89.S..N|/..7..}.........4.B....G...)W.ygx.D....-...

C:\Users\user\Desktop\ONBQCLYSPU\LTKMYBSEYZ.jpg.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.763420031646843
Encrypted:false
SSDEEP:48:wxIR30jfqwOpAPvU+iacd/JkGjbAyQwoCgiO7dQKtmFDar:waJ0LqwOuHUPd/FjbAyQ/PldQKtl
MD5:58954942C308DA7CB1E790DEDD8F6C3B
SHA1:476EB32EBE2E7EFDA97C3C34DE42A86114275DDF
SHA-256:B9B731069C0AFDC9CEEF525286937F248BAC682137C1CDC02ECCF13B221A2C1D
SHA-512:9A9D1E2E16AB6196DF9CC85E1789EE46D38C54E5796EEBFFFD69A676919E52F9CEA9743FEB06020F5D0FC1C03C68D85E39A0FA7A1D3491297AB3D16363DB3388
Malicious:false
Preview:]N...gR......dd~+.s.5.b).'..3/....L.N.4$."E..s..=....4.....*.i,UZ......)4n..dr.G*v.S.......0#.......FX`.G.O.b....k...h..".8.+.7.E......z....j|....KX.......B...:....vD.o<I...K..S..<.p...P..F....p|.....g..$..../......6....M4C..L.L.=..K.8=^...D.(......^......+..:...Ci.......sf........$...Z..E...1)..=;j.ofR....\....;...:.*......iE.Z...k..E..:.........."UD.#{0-.F.^+.1...t.]...x.....]H.3...F...nr.*.Y...aE>]NP.P...p..]E..0|@.1.....$T.3T...$.-Rz...1...M..........G..........;X(..P...g.#......#t.O..%..Z.R..6e..o..@..*J...<L..W..c.C...I....<..P:.*.={.....4....}Eq.Q/.uI.5].}...{R%q..7..}.([.%X........I.....I....`.......':kt.%.F..5y5.wn.~....oT...ZyK.a.....M..!b..H.X..[.<....Q.....c...#.c.L.....C.. .B...G.;.....\.NBf.b....{..i.d*.3..3.To/.f..$...GK.J&.[....V/c..../.l..\d........n...eZ.<..L.......YA.....a<......5....fEh..xV|..l..,.T.-..\Z{...sp./5 \5.P......;e:c=Y.u;q}`......7.W.k..8/.*u.9\.........ks.o.[l$.|.'`...6[....6.....{.......,.yA....\.o/.U..

C:\Users\user\Desktop\ONBQCLYSPU\ONBQCLYSPU.docx.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.747521488615951
Encrypted:false
SSDEEP:48:C9bJmgpQsrNXa4d+2yihXQGjbAyQwoCgiO7dQKtmFDar:sbogpQ8a4d+2tdjbAyQ/PldQKtl
MD5:DA91D3F6B9BA75760F5B3718F231E543
SHA1:6F122D53F4D7C1158E9F292B5C7685214A686354
SHA-256:07D7872BDB54E49A9FB07FDCFAEFCAC1D9C6B4FFBAA5403DE7D80AC63B7DC424
SHA-512:43EC3EF0E7C06515CCEE0A1D5783043190326DB4AE1DDA7D3CC12D3C6B97DB4E99DA34B1BA48C6A8023CC571A3052471FA727E8F5C73116B31C00048F91111C4
Malicious:false
Preview:]N...gR......d2.5.W.H...I&....e.b....-...x.6.S...[....+..Fl..S.......)..,....J[....'..^...a%:E.U^...Ho......f...........P?G.p.......yi)0....'..{.........znw0....H.a....}...P.|...9.6......Tt.v4?.L....^.n@h.x.N...... ...qA.FD.....D.-.......].hV~.....hP...b.{..Ta.Vf.. Y....N...#......A.*......Z..P......6.\..9._.......^....0...H....v.Fx..5....9.(.5.o.A.,.1j.RX.u..,..%.o......!.f....0.z..nA.)........7...m.>..q>.o...p..9L.......+...D+..'U<..E.=..0.B.!.c.....OoA..U.=&..2.^._..G+w.....&v..>.F`Z....`-....TY..T....=.J2.J;.....+$...h..4.....p..n....8=....#...k..g.\Q..* m.Q.A<......D.x..t.dV$p..9(.....f....f......L.D..N...H..NAs.........c.&<T.E...DoQ.0t....7Ip~.7..G..ka.b.9Y.l>*M.[...c..~.'5-V..T..p).....|...t[..i.`..O/..g.s.+p.K.^.T1a}..^..v..d..4.r;...\Ns:.Sd.....5.._.[^.M....{....o..fI6$SJ...~.."....B...e6.r....at.Q..kQ*..m..Y.T.X......~lG.....$.=....0.....].q..<Mn...@.u..k~FG...E..5....j.k...r..8y+..x.."...b.V6e..4.z...k-K......e..

C:\Users\user\Desktop\ONBQCLYSPU\UMMBDNEQBN.xlsx.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.771550675330972
Encrypted:false
SSDEEP:48:G6vdEChaOtgYSEEsz5MUxqweUHvGjbAyQwoCgiO7dQKtmFDar:G6+CTtmEEs3IUejbAyQ/PldQKtl
MD5:BBED130408E9D058827BB165047C55AB
SHA1:BF1138B649790C57D6486D62B20002DC645EB6D1
SHA-256:907EEAEB9E3055B517874D8FC510A535BC8E3A54D10CBD810FFD01E0544E85DE
SHA-512:A2F53132B5C37C4AEC886E73CF69311D8B9CD0D3A40E22EC55D9FE92C9A7C085574DF4F534AC7680ADEF141083EACB317F8C3E4F3B4DD15C6F977B3DAED71615
Malicious:false
Preview:]N...gR......d...Td.o..n.|...~..v.....,d....."....$.....F....q.d.....A..u5.!-M3...$....\..<`........+U...$.C.M..v^......b.$...l..D{&.B.i...$.}.-...Y(Y.C....c.......~..m.....8Y.S.......).S|}!.D......+A$...(..As.......=}..O......5.kRK...oHW.&.m..Z.n..B.yP.(. .(=.`.j..I..f.s...dM).<o.i.?....t...j.>...=f+bZ.v.B;....-!e...........$..1...L^.'+.b.].?.....R[vAqT..E%D0...[.f.K....W.j..M.....m..'.....Q..U....&..\5...7.v6%..;..n.^@.fB._.\...!j...-.v.F.`K.....l..bE.y0v../.e.w"..,f/.j.n..KA~"+....E.i.f.....L.v...T...[.K......5..+6..".:.m...0o..i5&..v.-...(....7..]..0.=wn.Zj0..u......7.K.s.6CB..i$Ec...j).V.Y.....?.I..."...<.0pF.@.G..u.p.............Nq...9p.I{.7..y.}.Cu`........... s..J..=........'#H.D..A.....6&......i@..,-..n:..t.)A{......^..9+.....}.......,?....W...R..G).......,.......>..].^...G.,..h.q.....i.,.............Pr.K..y..\..zV.+}>.:....C..s.G;..+.1.}+..........b..M. .7....Y../N<....r.F..c............lG}.1.*.D..8.yKrN..i

C:\Users\user\Desktop\ONBQCLYSPU\WUTJSCBCFX.png.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.758835966664013
Encrypted:false
SSDEEP:48:HKNb3N6WNtzvqMEd8QFbkyT39GjbAyQwoCgiO7dQKtmFDar:65yyyojbAyQ/PldQKtl
MD5:00946F2B124725E49829725D8BFB6362
SHA1:BF1C21FCB1416149DB2D3486AC4820479020D135
SHA-256:DBA37A43025BE1B2B7FDF071FE47CC1A16DCCC912F730BFFFACC1B462835BB7C
SHA-512:F7496763EFA1EFA48E24C0134B2395D1B9B15311EB93CC02B1142924CA32AA9488C3DD56A63ECBA3A1D53E0C781D34F99DB3FDC1C7AF60FEFC160B61D4F82443
Malicious:false
Preview:]N...gR......d.....u5o3..D......c?.....5....8P.!k:wvh..8.......U..9..d....K1....|..LU.:......)#..p %.6.k.M....Ri.V.D.....8X+.`..?....U....x.:... ..m...kG......[.-.;...ok..^.dB.d.FQ/..,..$;.&z.....4...~`$..Q!......mk...|+.KBjS..!.><........7...{-3.E...%y.].-.....3:.XD..,y[....@;0...8i.u.......5!.b..O.^..I.N....^..}.iP.....X...._&..ObLm.![....<..IeR...y...Z.Qy..8MAm....]SV..h*GO.Kq.f........49r4..0.=.d.+k...v.-..]...y.E..)0....+.......N..#%...F[..O........B./...2#......f..6....S[>.'.F.5..j.v...I.W.uC.6..b./nk...Wj.wq...Pv.#!D9....7..}oz-bwp.u..).v.m6^IU..r[r.@..qS...h&...Wr..9x.>.\~?......O.fY.o...]...n./....+ak..pPs..8.\."r.....}.4.$.jD.....R.K...O..(~.`....../.....4.O..Py.'~.......D..t.......e.....8....'...X..[..O{.J.vZ......O.5.....WM..E......,JZ..e.rZ.y..K3n6 l.b{T.C..1....^|w.*........)ZT/7.e....#..P....>.L.|/.J..L..UDS.iOi\.p.....HS.w....^Ti.+qK.k..o.RJ..u..N.B.c..U..R.Z..}......cY]..I..SU...,J.^........v!..1.M^^..JcO_..d.......

C:\Users\user\Desktop\UMMBDNEQBN.docx.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.749767886271926
Encrypted:false
SSDEEP:48:hZ1+SQGb45FYgxCkwKjEQWoLlXEs0l0g7mr:hZ1+S/s5nxC/KjEQWYVn0lDmr
MD5:60FB48361EC69CE22104CD5EB22F36DA
SHA1:252519B44BFBEF06316FEE47C96D17D797D854F6
SHA-256:5C8DBF059C2A48AE7400D3297C14249305A45EC406F1F4711B0DFB20EA75126D
SHA-512:54BB8DBE3D2B07FA2AFBADA070431988BED4A1358C327B4663A7F1A5A9486E6871B27E276A0452BCD1139EA8ACA5F3D07B9ACB397CCC33DCE1812CEC31C146B4
Malicious:false
Preview:`......H._....@..B...[I../..@N)c..9..hs@..)..Z.....|.......".,..^?...3...v..|...!..d.}Gr.....7\V^....]p...#......<UU7yl...,>.../.Et.q,.....O..Nr..B..b..).CHeM.....,i..../C.\1..B.C&^.....V..'}n....RYS..l.AF. 2r........:r.......$.f.......f...(4k..V..>H.5...hi....I!G.M.x.q^.......U..g.$C3.H$..J..-......./..{a.../..3.Q...<\.......sh.n.h..vZJb`...[..}z:?.y..g..yf...5..l#....p....L...8U.3X.......\...YHL.%.....aP....VZ..@..kuy76...f.6{.f...!..*OI.p..S..lX..V....av...T{.27>k7..;.....s.<=.X.t7>..|.z..a...`.1.C2..[...i.u...A.?..-..R...+.P.l..G..E.U...PL..=\]$.E..>.......%j...5U.~..e......T....4"k.W.Wf(..U8.w.I.....PRG...r.T......D......pF...u./....2.....0..R!7....B;.s..W..............a..@W..+....V.E........P ....,.W..;.<..Xw..q.n.8s-x....y..Tr.5+(c<.Q.d..hs.....<..../M....)dp_.2....@b..v.p..|0..L...k9.k8....G^.......&..:J.|...X..R"..G4.I.1&U..d"{.....{fT.*x...,(..Gj.9.65..r.....r...vpyHrP.....7B0.u......6.-y.#..C.kH....=!..1.........O*.ZY[.d.

C:\Users\user\Desktop\UMMBDNEQBN.png.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.749767886271926
Encrypted:false
SSDEEP:48:hZ1+SQGb45FYgxCkwKjEQWoLlXEs0l0g7mr:hZ1+S/s5nxC/KjEQWYVn0lDmr
MD5:60FB48361EC69CE22104CD5EB22F36DA
SHA1:252519B44BFBEF06316FEE47C96D17D797D854F6
SHA-256:5C8DBF059C2A48AE7400D3297C14249305A45EC406F1F4711B0DFB20EA75126D
SHA-512:54BB8DBE3D2B07FA2AFBADA070431988BED4A1358C327B4663A7F1A5A9486E6871B27E276A0452BCD1139EA8ACA5F3D07B9ACB397CCC33DCE1812CEC31C146B4
Malicious:false
Preview:`......H._....@..B...[I../..@N)c..9..hs@..)..Z.....|.......".,..^?...3...v..|...!..d.}Gr.....7\V^....]p...#......<UU7yl...,>.../.Et.q,.....O..Nr..B..b..).CHeM.....,i..../C.\1..B.C&^.....V..'}n....RYS..l.AF. 2r........:r.......$.f.......f...(4k..V..>H.5...hi....I!G.M.x.q^.......U..g.$C3.H$..J..-......./..{a.../..3.Q...<\.......sh.n.h..vZJb`...[..}z:?.y..g..yf...5..l#....p....L...8U.3X.......\...YHL.%.....aP....VZ..@..kuy76...f.6{.f...!..*OI.p..S..lX..V....av...T{.27>k7..;.....s.<=.X.t7>..|.z..a...`.1.C2..[...i.u...A.?..-..R...+.P.l..G..E.U...PL..=\]$.E..>.......%j...5U.~..e......T....4"k.W.Wf(..U8.w.I.....PRG...r.T......D......pF...u./....2.....0..R!7....B;.s..W..............a..@W..+....V.E........P ....,.W..;.<..Xw..q.n.8s-x....y..Tr.5+(c<.Q.d..hs.....<..../M....)dp_.2....@b..v.p..|0..L...k9.k8....G^.......&..:J.|...X..R"..G4.I.1&U..d"{.....{fT.*x...,(..Gj.9.65..r.....r...vpyHrP.....7B0.u......6.-y.#..C.kH....=!..1.........O*.ZY[.d.

C:\Users\user\Desktop\UMMBDNEQBN.xlsx.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.749767886271926
Encrypted:false
SSDEEP:48:hZ1+SQGb45FYgxCkwKjEQWoLlXEs0l0g7mr:hZ1+S/s5nxC/KjEQWYVn0lDmr
MD5:60FB48361EC69CE22104CD5EB22F36DA
SHA1:252519B44BFBEF06316FEE47C96D17D797D854F6
SHA-256:5C8DBF059C2A48AE7400D3297C14249305A45EC406F1F4711B0DFB20EA75126D
SHA-512:54BB8DBE3D2B07FA2AFBADA070431988BED4A1358C327B4663A7F1A5A9486E6871B27E276A0452BCD1139EA8ACA5F3D07B9ACB397CCC33DCE1812CEC31C146B4
Malicious:false
Preview:`......H._....@..B...[I../..@N)c..9..hs@..)..Z.....|.......".,..^?...3...v..|...!..d.}Gr.....7\V^....]p...#......<UU7yl...,>.../.Et.q,.....O..Nr..B..b..).CHeM.....,i..../C.\1..B.C&^.....V..'}n....RYS..l.AF. 2r........:r.......$.f.......f...(4k..V..>H.5...hi....I!G.M.x.q^.......U..g.$C3.H$..J..-......./..{a.../..3.Q...<\.......sh.n.h..vZJb`...[..}z:?.y..g..yf...5..l#....p....L...8U.3X.......\...YHL.%.....aP....VZ..@..kuy76...f.6{.f...!..*OI.p..S..lX..V....av...T{.27>k7..;.....s.<=.X.t7>..|.z..a...`.1.C2..[...i.u...A.?..-..R...+.P.l..G..E.U...PL..=\]$.E..>.......%j...5U.~..e......T....4"k.W.Wf(..U8.w.I.....PRG...r.T......D......pF...u./....2.....0..R!7....B;.s..W..............a..@W..+....V.E........P ....,.W..;.<..Xw..q.n.8s-x....y..Tr.5+(c<.Q.d..hs.....<..../M....)dp_.2....@b..v.p..|0..L...k9.k8....G^.......&..:J.|...X..R"..G4.I.1&U..d"{.....{fT.*x...,(..Gj.9.65..r.....r...vpyHrP.....7B0.u......6.-y.#..C.kH....=!..1.........O*.ZY[.d.

C:\Users\user\Desktop\UMMBDNEQBN\BPMLNOBVSB.jpg.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.761430587253126
Encrypted:false
SSDEEP:48:TUaBWjxxzZZltH9oI2GjbAyQwoCgiO7dQKtmFDar:TUhl59oItjbAyQ/PldQKtl
MD5:EF8E53D3A7EB096F783B2BAB9D01ABE7
SHA1:28F55DBF02F006F011365FC990CC8BCB0B6677CD
SHA-256:BB02BF475EA0428B67443A6A431DE76D5D3854372EC780BFE75CA83F7248AFA1
SHA-512:360D6809AFD33AADF0FD42ECEF2D15A281C243AF85852EB908DD6483A74995311DB796B46E82803D93A41EDCFBF268DA64354FCAA3CF2C99DA7BA386509C1013
Malicious:false
Preview:]N...gR......d0.K..CC1..L.K..v...).U{..aM8..L...c&...kA.V.s..2...j.X.].\.....4I..Y..Y.v..{..3..:r..{*.a...y..r.....lF.|y.../.....).H...U&..w....U.d...m....$.L....e.&[..5.....&...<.)QR.......`e..>G....=. ../.I.R.(..".G.....z.fu...ek.I...u.....R.+.qj.\d.s.1.....*......]......R......<......)..}..>.!#M.].{,.!.....@....ly|;..a.j.q.{..E....+....6.+$...,..D.sd...5..0....c...a.Z6.;..?.......q.K....j.a.&.<..^..=...Sq...H.Rj..l.Q...H...............4+Ar(...8..lT.\kS.L.J..^k.o.O..;..Uv........6.B.5a0jk@..D..}....O.._Pt..F@y..[...k.o.$aP<.z.S7.|$....J.H.......O.~......4.q.Y...\........._.s.,....x...A.H.e[l...<..E.*...`..........|.Y.G.'0...........'v..X...5..E.y.`..9?s..X......s...1.s........P...s...8..5?..`$.tI.}[..'....3...x.$.....I..Hi*hqb...P...u.[.W-j.J..*.*...-.I<gQp.k.....3.......A....S..S...9.HXX...OT.@g..E5........}u..G.20?Q..2.q[..A^x..DY.9Z.%G../Wr.>.....:...BW.../....%....;...7i...3...a.g.LU...H.n...r*.f@.." ....@O. ._...{.y].[.x..Q...b.

C:\Users\user\Desktop\UMMBDNEQBN\KZWFNRXYKI.pdf.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.776545805498888
Encrypted:false
SSDEEP:48:rtLdLgprLv6BipqMkgeuKykGjbAyQwoCgiO7dQKtmFDar:rzgp3vCiQieuKMjbAyQ/PldQKtl
MD5:21721B84CAFFF1B9FD1572E1555FDD24
SHA1:F8747B7574F0729F30C8B7E09F648D0F25F9D8EA
SHA-256:05FB5500062415D5C0BC0A301041DA8E8A868720F1F4514F0DC885171BAF9DF2
SHA-512:6E3312C55CED5C9D11221E59091D60A99389B3280AE32664FCEE28FBE0EAA5E6ED068787DAEF9A83855571BF644DECE3947A88DDFE0E0CF83650BC47E6AE34A8
Malicious:false
Preview:]N...gR......d.V.H...4..$.V<19.O....g3.R.Rxg.{y..%*. e..G.W.N....t.<...h..(>...<.Po..._.H$T.M..9./,/z.].....]*,h....dw....A.[...(b........k1.f....T.>=qN.`.toP=.1p.h.c.Q|v.....@q../...3.....:.V.U.c....[..~.}..}..y..*..i........zO......u..%..?ME..0..h.....%#v.op.=......W.(~.kI_.I/:..).E.V..J.W.:+......P...EXv...4Mr..........>.o.\L.......w~~F.x.b...\V....F!....J.....As=.....pZ.[.......]J...[J..T...v1..a{`"C.i-.R.........K.....R*.F.._.d.A2.gHdkY.....#)...$Y......._.H^qP`o..Xt..h.....2}lA*wv......>.-..%c....K.:%..l.S9:i..d...t..P..k.....$o".....7j.. ....wH...e#..%.(.....$....R.$......\&..O.\...>..b..?bq&G....(G......o..|..5Q*...0Q...1.T`Me...Z......rS......,.....L.|.|...D....>;..Y...W..='L.........,.?.wM.4...A}|A.)VQl.;b......T.}..!d.A.......3....j..C.M.Rh2d".O.x.-U.z|.dt:......v..U6bsj..e..N.(.-.>e.u...HC..........N....C...R/k3l......b....G^u.@...KH..U...6&.=8f.pL...H..|...j},...A%89.S..N|/..7..}.........4.B....G...)W.ygx.D....-...

C:\Users\user\Desktop\UMMBDNEQBN\LTKMYBSEYZ.xlsx.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.763420031646843
Encrypted:false
SSDEEP:48:wxIR30jfqwOpAPvU+iacd/JkGjbAyQwoCgiO7dQKtmFDar:waJ0LqwOuHUPd/FjbAyQ/PldQKtl
MD5:58954942C308DA7CB1E790DEDD8F6C3B
SHA1:476EB32EBE2E7EFDA97C3C34DE42A86114275DDF
SHA-256:B9B731069C0AFDC9CEEF525286937F248BAC682137C1CDC02ECCF13B221A2C1D
SHA-512:9A9D1E2E16AB6196DF9CC85E1789EE46D38C54E5796EEBFFFD69A676919E52F9CEA9743FEB06020F5D0FC1C03C68D85E39A0FA7A1D3491297AB3D16363DB3388
Malicious:false
Preview:]N...gR......dd~+.s.5.b).'..3/....L.N.4$."E..s..=....4.....*.i,UZ......)4n..dr.G*v.S.......0#.......FX`.G.O.b....k...h..".8.+.7.E......z....j|....KX.......B...:....vD.o<I...K..S..<.p...P..F....p|.....g..$..../......6....M4C..L.L.=..K.8=^...D.(......^......+..:...Ci.......sf........$...Z..E...1)..=;j.ofR....\....;...:.*......iE.Z...k..E..:.........."UD.#{0-.F.^+.1...t.]...x.....]H.3...F...nr.*.Y...aE>]NP.P...p..]E..0|@.1.....$T.3T...$.-Rz...1...M..........G..........;X(..P...g.#......#t.O..%..Z.R..6e..o..@..*J...<L..W..c.C...I....<..P:.*.={.....4....}Eq.Q/.uI.5].}...{R%q..7..}.([.%X........I.....I....`.......':kt.%.F..5y5.wn.~....oT...ZyK.a.....M..!b..H.X..[.<....Q.....c...#.c.L.....C.. .B...G.;.....\.NBf.b....{..i.d*.3..3.To/.f..$...GK.J&.[....V/c..../.l..\d........n...eZ.<..L.......YA.....a<......5....fEh..xV|..l..,.T.-..\Z{...sp./5 \5.P......;e:c=Y.u;q}`......7.W.k..8/.*u.9\.........ks.o.[l$.|.'`...6[....6.....{.......,.yA....\.o/.U..

C:\Users\user\Desktop\UMMBDNEQBN\UMMBDNEQBN.docx.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.771550675330972
Encrypted:false
SSDEEP:48:G6vdEChaOtgYSEEsz5MUxqweUHvGjbAyQwoCgiO7dQKtmFDar:G6+CTtmEEs3IUejbAyQ/PldQKtl
MD5:BBED130408E9D058827BB165047C55AB
SHA1:BF1138B649790C57D6486D62B20002DC645EB6D1
SHA-256:907EEAEB9E3055B517874D8FC510A535BC8E3A54D10CBD810FFD01E0544E85DE
SHA-512:A2F53132B5C37C4AEC886E73CF69311D8B9CD0D3A40E22EC55D9FE92C9A7C085574DF4F534AC7680ADEF141083EACB317F8C3E4F3B4DD15C6F977B3DAED71615
Malicious:false
Preview:]N...gR......d...Td.o..n.|...~..v.....,d....."....$.....F....q.d.....A..u5.!-M3...$....\..<`........+U...$.C.M..v^......b.$...l..D{&.B.i...$.}.-...Y(Y.C....c.......~..m.....8Y.S.......).S|}!.D......+A$...(..As.......=}..O......5.kRK...oHW.&.m..Z.n..B.yP.(. .(=.`.j..I..f.s...dM).<o.i.?....t...j.>...=f+bZ.v.B;....-!e...........$..1...L^.'+.b.].?.....R[vAqT..E%D0...[.f.K....W.j..M.....m..'.....Q..U....&..\5...7.v6%..;..n.^@.fB._.\...!j...-.v.F.`K.....l..bE.y0v../.e.w"..,f/.j.n..KA~"+....E.i.f.....L.v...T...[.K......5..+6..".:.m...0o..i5&..v.-...(....7..]..0.=wn.Zj0..u......7.K.s.6CB..i$Ec...j).V.Y.....?.I..."...<.0pF.@.G..u.p.............Nq...9p.I{.7..y.}.Cu`........... s..J..=........'#H.D..A.....6&......i@..,-..n:..t.)A{......^..9+.....}.......,?....W...R..G).......,.......>..].^...G.,..h.q.....i.,.............Pr.K..y..\..zV.+}>.:....C..s.G;..+.1.}+..........b..M. .7....Y../N<....r.F..c............lG}.1.*.D..8.yKrN..i

C:\Users\user\Desktop\UMMBDNEQBN\UOOJJOZIRH.mp3.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.770560920512284
Encrypted:false
SSDEEP:48:ChKpMf5v8dsVMC2tGr9WLfqmM4uzLQWoLlXEs0l0g7mr:GKkGds0tdXVufQWYVn0lDmr
MD5:684743FCD752B2B57E8BD134E5410E91
SHA1:400BCAD231782F2519AFB1A0A60BDFE1075410CB
SHA-256:7C4B8EA99B72CB481B842DE0904A116A306A43E2C33DC20AEA5F2DBD0F2FB8B2
SHA-512:CA329582EB029A88C168409868D46E3F980ECAB61689A495EBE89C8FCE3BFAEDD77E2F0944AA3C5944810A024B589C456E8E69957FE14D11E09FF8F08460AE4F
Malicious:false
Preview:`......H._...o.."....2=7z ..a(e.W.p.ta.....<V..R.ti+O@ `..n.X~.<'....U./?.pU...2...X.L......7..N..gX....T..t.....M....~.......A8....?.rm..d.vL...C(.{J...1...R..g.[..3....!.w.L..f..'(,j........L,..t.^~.QZX1.B..w.q.0..|l....e..z.D.....j.......v..g..7..v....m...@..-.V..Y.......A^.$.....S,...\.....Y.*b..<.E.E.O...^T.U.....R.B>i.p.e.@.Qb....t.SY".o....0<..M.;..3..T;v...4.P'.....j.x.?. H.V......l.....9...$m...P..zp.M6..T....h. S....c%.....j...'.@..^.>..5).e..m.F....@S.v."...D.A...y.^]...{.}d...J........x.1w.V..q?.#..X"D!%$..k..3f.W:.2....4 ...@~.s27g,..R......;.]Ud>..^p".7...,...Q...2.T..d..lG"...~.m...?~R.p.=.>UQ...RB@....M..vi.....1Q.h.:SRP.K....>..........HH....^.F..lL.X,..k.<Z...t..~...{".....i..W:_...UG.D.......!....R.Q.?.'.....3..v........*..&...1..R....D=w..%../.w...0.]......aG.d=.H\./8..j..B....^..`.....x..u..\O..o.W..V6../................H.lM.x..Z.....SJ...u2......x9.=.8..e7.O7.<Gk.o..a..*+..%....+Z...J.w.v=S.d.!jXa.V...%.}xa..

C:\Users\user\Desktop\UMMBDNEQBN\WKXEWIOTXI.png.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.778545010401102
Encrypted:false
SSDEEP:48:Cx/kRKrgbXiSoz6Dc4UdF5I/QWoLlXEs0l0g7mr:K/kRFbyS5wtF5I/QWYVn0lDmr
MD5:4228D724D2151B174BCCAF2431D24E95
SHA1:01EB610441C8B69243EAB12DDA0A38658DC36131
SHA-256:D3AC854EE404794C92EAF086F75A837029B183F0790754950701677661182BA0
SHA-512:018F41D9EC717428F07F5920B428A915A4A5593FA868AB2E1CB42BABF87F6E3BEE2BEFC327328BA6AAF137ABF3AF6BD7DD4657AE2B95D1DE9659B20473892A0B
Malicious:false
Preview:`......H._...%'.T..I.>R...m...v]=4o%....'.8..e.0*/.'.....`....BD).....kB.C.:.....M...t.oNr5C{.,ud....=..L..V:+.Q..!.*t.lKfD.Ox..m..w`..A..h.oU../5`......._m.Rhp.7[..U.._..T..([..L%...<.>.k<.....^</..2......VE.zJ)...fb.m......L.........N...]Z.e6...(.bS...1m..3..~..|.j...#..bu..S..E.)a.f...'I..[3..!.'...5......PL1......0.IW5F.b...:`nu............2I......9.O.G.)-.....<1.....{..y..g....(....<k7q.eu.xs....$b...#g...a.50.*{...i##.T..?7W.. F,=..,..-D....P.U.x.#....Rx.k....O........"....H..@N..J.s...*/.l.".d..*...(....,.2..~.P5`w.#.@...%.~...%J.}..........[.6Mk.....N..L.L.q...,.Q.*:...<...Hv...&.U65l..v. h..C...r_D....Qy{....v.(.1..........z...$..].<..WZ_...>S....+...o...n.%.'3..P$.....Ns...l..zP-.gr.....tT..QG.....o;..Np.|.|....-.D;UO.....:...w2.!.~.N.#.GB....d..&.y.%.....N.....F_{+c.Mi..q.............=.A.......e...xY...)..........5..9{...t...Y.`.#X4...9...C2.mh..*c..(.........i.OW$.......ffn...0.{....U..).....3..*.r|.....A.!..K.1.\.f

C:\Users\user\Desktop\UOOJJOZIRH.mp3.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.770560920512284
Encrypted:false
SSDEEP:48:ChKpMf5v8dsVMC2tGr9WLfqmM4uzLQWoLlXEs0l0g7mr:GKkGds0tdXVufQWYVn0lDmr
MD5:684743FCD752B2B57E8BD134E5410E91
SHA1:400BCAD231782F2519AFB1A0A60BDFE1075410CB
SHA-256:7C4B8EA99B72CB481B842DE0904A116A306A43E2C33DC20AEA5F2DBD0F2FB8B2
SHA-512:CA329582EB029A88C168409868D46E3F980ECAB61689A495EBE89C8FCE3BFAEDD77E2F0944AA3C5944810A024B589C456E8E69957FE14D11E09FF8F08460AE4F
Malicious:false
Preview:`......H._...o.."....2=7z ..a(e.W.p.ta.....<V..R.ti+O@ `..n.X~.<'....U./?.pU...2...X.L......7..N..gX....T..t.....M....~.......A8....?.rm..d.vL...C(.{J...1...R..g.[..3....!.w.L..f..'(,j........L,..t.^~.QZX1.B..w.q.0..|l....e..z.D.....j.......v..g..7..v....m...@..-.V..Y.......A^.$.....S,...\.....Y.*b..<.E.E.O...^T.U.....R.B>i.p.e.@.Qb....t.SY".o....0<..M.;..3..T;v...4.P'.....j.x.?. H.V......l.....9...$m...P..zp.M6..T....h. S....c%.....j...'.@..^.>..5).e..m.F....@S.v."...D.A...y.^]...{.}d...J........x.1w.V..q?.#..X"D!%$..k..3f.W:.2....4 ...@~.s27g,..R......;.]Ud>..^p".7...,...Q...2.T..d..lG"...~.m...?~R.p.=.>UQ...RB@....M..vi.....1Q.h.:SRP.K....>..........HH....^.F..lL.X,..k.<Z...t..~...{".....i..W:_...UG.D.......!....R.Q.?.'.....3..v........*..&...1..R....D=w..%../.w...0.]......aG.d=.H\./8..j..B....^..`.....x..u..\O..o.W..V6../................H.lM.x..Z.....SJ...u2......x9.=.8..e7.O7.<Gk.o..a..*+..%....+Z...J.w.v=S.d.!jXa.V...%.}xa..

C:\Users\user\Desktop\VLZDGUKUTZ.docx.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.766697857717036
Encrypted:false
SSDEEP:48:5T8asq7rw6wCKXtQex3FsuBPWZUJh6sxQWoLlXEs0l0g7mr:18Bq7rkCCtQensugOJfQWYVn0lDmr
MD5:47229364CB0F820A8CEF7D493B672FD8
SHA1:0FA1DAC615727CA652FA6885E92AD25E1FA29274
SHA-256:6CA65C42B88322FEBE14DB758937A28B7407A2E43C0103D95D1843C8EC5BF027
SHA-512:9EDDF134814448E32B58F86D8637FE6A08B229F683830564258A254B97F5E7352509EDB50E2E86C61D27F973813F25CFEFA37144AB2C3522935ED6784FBDA13C
Malicious:false
Preview:`......H._........b)|.....aKP..S.T.x....`..!.G-nY<8.#.}......Kg.`s.[g.#.......u.M.[b..f.D.....zZ.....oP..I.{.A..Mo.....J....6.^;@#..Z..D:.... ......^E..M4.M.p,....Lr..A...c.|.<..4.T.-..?.9.a7.4I.,..._...0......V5rUI`UPyHC>6....x".~kD..X.........s?..G.\.w..[.rR.n._..%...z.....Y.(....e";g.....m.b.n......mt..kX..u....B.aB3.$d..HN.U......_./.........JT....+...!IZ.I~$/....B..K:7^u)..A|5....,+,]#...E'<..,\2Q\..{...>....N.JU.I.X;.n[.."......x...Va..).3N...!..,....i.UP........k`.V~..G../..k..........-..f....a............b.z.[r':..T80@s....5.y9.D...:...UP'....%%......%...._Z..u..N.e......5.< .&?......w...=[.#Arc.}....J...2...V.{t.fxt.,%..H.0.W......X..t.......A.j...F+.UOvo.J...|...0..Q.x.s$._G..).....Ad:9.$..Bv(..x4X...l.$$|.M%/..n........G.in.......9vB.......l...........Z7:#......Z..U..K..*q9=.[...\.........3.r?..8 .P.-d..R..K..r...Z8[..y..y....{#E .c..<In.s...<..Kk.&.A..)B...W.V....V.[.4M..&..MJ....i)..fw5......g.wl.....3...Z.r.Vs

C:\Users\user\Desktop\VLZDGUKUTZ.jpg.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.766697857717036
Encrypted:false
SSDEEP:48:5T8asq7rw6wCKXtQex3FsuBPWZUJh6sxQWoLlXEs0l0g7mr:18Bq7rkCCtQensugOJfQWYVn0lDmr
MD5:47229364CB0F820A8CEF7D493B672FD8
SHA1:0FA1DAC615727CA652FA6885E92AD25E1FA29274
SHA-256:6CA65C42B88322FEBE14DB758937A28B7407A2E43C0103D95D1843C8EC5BF027
SHA-512:9EDDF134814448E32B58F86D8637FE6A08B229F683830564258A254B97F5E7352509EDB50E2E86C61D27F973813F25CFEFA37144AB2C3522935ED6784FBDA13C
Malicious:false
Preview:`......H._........b)|.....aKP..S.T.x....`..!.G-nY<8.#.}......Kg.`s.[g.#.......u.M.[b..f.D.....zZ.....oP..I.{.A..Mo.....J....6.^;@#..Z..D:.... ......^E..M4.M.p,....Lr..A...c.|.<..4.T.-..?.9.a7.4I.,..._...0......V5rUI`UPyHC>6....x".~kD..X.........s?..G.\.w..[.rR.n._..%...z.....Y.(....e";g.....m.b.n......mt..kX..u....B.aB3.$d..HN.U......_./.........JT....+...!IZ.I~$/....B..K:7^u)..A|5....,+,]#...E'<..,\2Q\..{...>....N.JU.I.X;.n[.."......x...Va..).3N...!..,....i.UP........k`.V~..G../..k..........-..f....a............b.z.[r':..T80@s....5.y9.D...:...UP'....%%......%...._Z..u..N.e......5.< .&?......w...=[.#Arc.}....J...2...V.{t.fxt.,%..H.0.W......X..t.......A.j...F+.UOvo.J...|...0..Q.x.s$._G..).....Ad:9.$..Bv(..x4X...l.$$|.M%/..n........G.in.......9vB.......l...........Z7:#......Z..U..K..*q9=.[...\.........3.r?..8 .P.-d..R..K..r...Z8[..y..y....{#E .c..<In.s...<..Kk.&.A..)B...W.V....V.[.4M..&..MJ....i)..fw5......g.wl.....3...Z.r.Vs

C:\Users\user\Desktop\VLZDGUKUTZ\FENIVHOIKN.mp3.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.729170559371815
Encrypted:false
SSDEEP:48:RFbp90sTRepoIZiHh0hZoIVtQWoLlXEs0l0g7mr:nfNfIqgDQWYVn0lDmr
MD5:A94083EDB1ADCFBB1066BF436A9AF24A
SHA1:39E5397F4392ADE571328EFDD2E60E213CA8BE3F
SHA-256:ED1D1E8121FA0DA607BB8F409EB1A8ED9E88F3E3A9770A3593941C71D548A690
SHA-512:6D7E771EFD1006A83E72F3C41444E671924256D07AAA80428B805AAE0F41286241BEAC41357D28FAED9A4595B97F3F0ACEC5E9D304B1A2CEBD215386C85B07EE
Malicious:false
Preview:`......H._...._.y0.|.8.$KN...q.).......g"p..+9._..E.NH...)?...4Q...3<..y:.YP'..>..q.1...q.>.T...vF..y.#..Q/..y...j.R.........*yr.F...JBE:..8...:>o....h.=.3...(.gz...:`X..<JA.bJ......C...Y.`......$u...6t.w.3....O._W.T.'E......].>...i.>.Y.^a..A....(-.;y...d.P.B.%.HH.X .G]NE............-y..t6B.P...~...X....qPl.#....W].E...Y...k.G*..........J33?.0...R..yB7._..l.{T.]r...;..M...M?.....T.: ..$V.0...&.}.N..[.b...|.?.|.x.`e...Z=...=eSc.....+p..P..b(..R.m..Y.R5.f..9/.oM.p[.._..y...."n..l>....9........m.....`^v%.*..@-'.:..H~.F.I.Yr..7.2........#..l..7...X.[./..}.....o..y. .Y$..I..Ys..20.Z8E8~.R.0....9.;.\5.G0.~.!.....%2....+|.M...z ..F.Dd-..txS..?..<k...<.@`....$../...6.'.}x...R..Ll.P#..P..T...c...M(F.(.......G..<.dIM....[..4.6Afll.7..~$.P.NH.Ej6.........F...z.b5`.....ua.......z..R.M.j..e.y..._........ .1.{..8MPa.....7.s.L.7...X;KO..v..)t@_.M..E..m}.....%4...d.y.....s.Y./..V >P.X.G..DT...i[}..I.0...X..9..:.5c*W........>5!.."..JW..6...$6...([.z

C:\Users\user\Desktop\VLZDGUKUTZ\HTAGVDFUIE.xlsx.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.751618931259323
Encrypted:false
SSDEEP:24:vK+sfYLM9al5hPKXiVtpXMCIh5PHGhivWSk/P2onQ1goLEbOSV3miADCTznSOOC+:vlIUaal5rfWEiOB9QWoLlXEs0l0g7mr
MD5:5CD096DDDA2E63EB1AB3ACB29BE02279
SHA1:DE83087B9697A16BAC9C49975DD046985F483124
SHA-256:2617F4939FACC89542ED99BC1D94ECEE22F1FDB4DFB23B0951D19454925B69A9
SHA-512:66926CE1D8F379FBE594839345FBA632D37822C3A4ABB5528AC26D4F6FB18F0B800A42479CBE5D671B960DD469CB4334875BC656267B52F06E51FD289A68A1FE
Malicious:false
Preview:`......H._...v6q.A....vX.^:../...g......U....].....4.......@.!.'l.Z......j....2....~...>&.)b.Mu....Bf..3.f....F.F."...N<....M9?..J~........oW..V.b....Xj-`..*......%Z.....HkL7.x:...@f.U...|....Lq;6......;....c.)R.....DR.......;...L+-u...p.~..n..."...%...L.D........+...v#Y.Y...q.....N..s...@...-.%...8.V...7n.....&..g'nw.{.S.1.k...P..]X..l..........W.B%..O.....C...u.+....%.H.....R.8......s.k.).GPh...fx....L!.q;..M$....2..@.:.{i.8p.b/W|k6MpP..R. .%R.;...5B.Q%.7....G.....Q.....j...y...q7]..2f....,...t._..........p........?.Q8D.S...O..8p5 L.8N.A..?9.....j........R.[...L!...v.R.H1..C..t...v..Of...K9...<*D.N.G).I'.@%J..../{...L..........I....-JQM..iV.I;...k,.zF....1..B .5.S.k9Z..[w..Z..ZS....-[.]..s.p..........G...R..w.D..~.7.b5...+O`...O........x....k2>.1.Ii0.........AvA..K....].0.S:..o!S...4..b......q.[P<...,z.5.[[B..%..*.A.g..7.....?j..s..c......J..uy.O.z..vMd..[Le....*.6..|.,.%.b`..+.}".n...^>.|..`...ib=..@F.`..e4p.5..J..|.Z<.}...x.R

C:\Users\user\Desktop\VLZDGUKUTZ\KZWFNRXYKI.jpg.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.742915263757286
Encrypted:false
SSDEEP:48:PGmwaS7fwDwjQy1GAybRr3Ah79QWoLlXEs0l0g7mr:8Gry1GAy1rWQWYVn0lDmr
MD5:471195FCB5ED136278C1166232A418AA
SHA1:226CECC7FEA292C9FFAA7DDD7B43843AE38EBA6E
SHA-256:1B7B51CAAAA201CA67A3AA06F9FAE6C46B3E62144E1B8BC258D5CE23C95AA859
SHA-512:85C8328DF59C63009440F8727CFC8D4FC29072D5840A0AFB8AB492C038017EFDBAE133589A74E780CD8C0877C47662F4AAA75A509789A9B3887D79013F07C712
Malicious:false
Preview:`......H._.....nk`O..6..Sn.`..!.........M..i.J..hz{.?..>E=.....<XW....f.C...).=."e7..!._.....2.m.,vtv.Q...0.fD......0.a&k.....p./..yS9.....X0...rI..Yr.a..p........C......U.....&SM8..)Tc!..sb...b...2...b.U....+.....b pL.....C...e...Y.%..8T..P.T.wMF{...@...d-..H..p.y.5..].|..3.-.52Tu.....k......s.XR1..V.,...iyYI.z.R.>....p.aw.....Y.^..F..<....W@.m.FS......5...}}./...$~3x.RY}2C.Y1{H}Pq..?.~$.K.G...*j....0.e.u%.B...U..C.......'...G.%=....3...;.P..6.....D.I[....I....g..[L."....T..:t-...N.....<..5.qB2.v.>Y_....!ng.|]TJ..{.[Zs5.b..p..d.....H/.N.1\^.$.."...c..x9.6.;-.H....!...*%bd0P...S.=..u..$8.s.G~n(r.....o..aS..V....vGZ. .....,..........e..*.>p/v..7....[-...ja".@$Ix.n.14.~86.U.n...p..^..>..q.k....'...v........cp..........z...a.=........".8..$v/.m.5....T.....=.z>....e_y...wj.s..k...'.(.OdH..M.+.....V......r.A.V..f....v!...,.+N[H..z..7.q.6.Zu.s...Y.^7.A..T.L......34.e......+i..U...6..n..a.xRJ..HYcK%......a*...r`.V:}.. k.cF.pt...}.hs.w...A.?..|l.-

C:\Users\user\Desktop\VLZDGUKUTZ\NIKHQAIQAU.png.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.735268300338341
Encrypted:false
SSDEEP:48:WIfWLdBv7FhGDpjdX6gq09Zvf7a+QWoLlXEs0l0g7mr:3O+DFdX809Zvfu+QWYVn0lDmr
MD5:AF2E991B6D51A0BF1D0C24ED963B4305
SHA1:D15FD02869D14F0C1E7F3B354A6B514F62A28C0A
SHA-256:6E8F50BD035845088EEFE9AF6BF9E592067AFBF2D6C8E095EA86FD5ADCE5E508
SHA-512:FEEB35379F86BC4814849D92F7A8529D9EDD8F16ECB98365EED339D3C22570FA99867372584465F2A98A2B491AEF7E72BA62FCCAC49FA3CFD397826EBE8E840A
Malicious:false
Preview:`......H._...9:.M....9...A....*.e.\.. ...vN..>I.(...c@)......`..Jr....f..5.......3...J....1..m.+K.....K..?].H.........a.._! .........e...6.. ...c)T.#.UN....`.O....A..K+..a...='3..T.<}M.:.{.Yp....s.e..eO.l).....EU>X......*...yR./.x...*....Q;....'.%.y}N.5..:.%m`[.c....3....3..P52C...B.7.<v =.5PK~k..^k.A./I..&.i1.z...aa.qm..~=.0.....j_.....<f...FQ.@...j.....[...q....Z.xr*.w.......` ..E!....%.......h.6l._......./...'.=.|yzs99...:@..1.\...s2.....W.&8...-..Yob..h.pE.l.AS..Ts.r....Z .#..IVp......B8...['.....4...I.._..a1.:.L..\.^<p.Yf....R5..(b......M.e.a..8..........9T*.c......-.u&6..x..RIO6.a..W....)..X.A...^%....C.+.x..#...g>...Hbk....[.A.l......5).8W0..Fq.......m`+.......-.#i.7v....[%.'....R.....1./}..e.....i:...\HT..:.o+.XOrNGlmr..at..y.jb....-.?.3V.k.4\=......kIc.Yb...Hc..Q..8.H..F....6.2..hFuH..|.....X..4'.(.XU.K9.H8JN.K.pNl.$...a../..-.NN....wl..I1....6.B.x....C......%._.Hvj.J....:...E0..($._...A..F...j.y..m.O..............,L.

C:\Users\user\Desktop\VLZDGUKUTZ\NWTVCDUMOB.pdf.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.755702109244809
Encrypted:false
SSDEEP:48:yIqfDaEGij6TauIwZgFQWoLlXEs0l0g7mr:yN7hj6TxjCQWYVn0lDmr
MD5:40DE565E0F70A4260815E1253B161254
SHA1:C968F9886C48876C6E5A10F09198174469640FD1
SHA-256:774245ABBA474E349F9D747B45F6A03427009648847A7167029368A5416350AB
SHA-512:57CE06D8D6886B0A6E88F35DB353FA6C8D92E0DB59362341537BD465E52655CF3C4907A7706354CAC356ADE30D1260097D1D4E7804C7AB7972FB70E055814115
Malicious:false
Preview:`......H._...h.n5...x.f!{......q.<k]....>/q.`.. ....^U...'.AE..I.0. J.L.q..C.8.........Z..4.........j:..)DNR7...<..r..yM....-..`a.|>'.w..........+..[*K<.g..A.W...U5%...l@.6a.U.....BERx.@..D...W+0........#.4!.K...d.a.F.PS^<z\..D...s.....a/.0Ma2X.ip.9.......P7...wuF.U..[.s.z`.z..Sp].7p+.8D.A...}........y.g8.o.4Q......B.c.g.X.1*].....u..(....ke..t}./qW...)bo.k@.......a./....O..r...>.w..k~..."..|n....l..i/b>'K../...%8....31}.H\.<....2!..?....f.Py.K...0..#ij.<).q.6..g.B. (].z$..<...#..s..X..{u.duZ..*.j..*jVv..z."..{.J"WK..2.....*.Q.....hX.Q=R..y..TV.;.....,..).;w....`~$u........(....v.q..3...D..v.q..0.O..{..j.Lx/..i..B..".\.......H....r...!Z^=.M.uf.o1..$.....t..z....@..pK$T.......5Z..........bEB..W.uc.+pm$.C.u..Th-3.T*;...2v_o.#..b...j......R......`..@..?....F.v..|.JQM._.>...W.....!.\..^..l.......?........#%=..Ek..C....k..r.....88...ZA..<d.....e.#TP.......5.oc7O.\.r.i.}......D.5.t..B.p....N#"..'_.s......]1...J%...@A.%.9.yj.....+..#........p..w{..w._.<

C:\Users\user\Desktop\VLZDGUKUTZ\VLZDGUKUTZ.docx.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.766697857717036
Encrypted:false
SSDEEP:48:5T8asq7rw6wCKXtQex3FsuBPWZUJh6sxQWoLlXEs0l0g7mr:18Bq7rkCCtQensugOJfQWYVn0lDmr
MD5:47229364CB0F820A8CEF7D493B672FD8
SHA1:0FA1DAC615727CA652FA6885E92AD25E1FA29274
SHA-256:6CA65C42B88322FEBE14DB758937A28B7407A2E43C0103D95D1843C8EC5BF027
SHA-512:9EDDF134814448E32B58F86D8637FE6A08B229F683830564258A254B97F5E7352509EDB50E2E86C61D27F973813F25CFEFA37144AB2C3522935ED6784FBDA13C
Malicious:false
Preview:`......H._........b)|.....aKP..S.T.x....`..!.G-nY<8.#.}......Kg.`s.[g.#.......u.M.[b..f.D.....zZ.....oP..I.{.A..Mo.....J....6.^;@#..Z..D:.... ......^E..M4.M.p,....Lr..A...c.|.<..4.T.-..?.9.a7.4I.,..._...0......V5rUI`UPyHC>6....x".~kD..X.........s?..G.\.w..[.rR.n._..%...z.....Y.(....e";g.....m.b.n......mt..kX..u....B.aB3.$d..HN.U......_./.........JT....+...!IZ.I~$/....B..K:7^u)..A|5....,+,]#...E'<..,\2Q\..{...>....N.JU.I.X;.n[.."......x...Va..).3N...!..,....i.UP........k`.V~..G../..k..........-..f....a............b.z.[r':..T80@s....5.y9.D...:...UP'....%%......%...._Z..u..N.e......5.< .&?......w...=[.#Arc.}....J...2...V.{t.fxt.,%..H.0.W......X..t.......A.j...F+.UOvo.J...|...0..Q.x.s$._G..).....Ad:9.$..Bv(..x4X...l.$$|.M%/..n........G.in.......9vB.......l...........Z7:#......Z..U..K..*q9=.[...\.........3.r?..8 .P.-d..R..K..r...Z8[..y..y....{#E .c..<In.s...<..Kk.&.A..)B...W.V....V.[.4M..&..MJ....i)..fw5......g.wl.....3...Z.r.Vs

C:\Users\user\Desktop\WKXEWIOTXI.png.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.745916548538223
Encrypted:false
SSDEEP:48:f/llP/YNCqrjeutRrCInohjPXacE41swS8QgzaMkvbFRA1Alb21U:n3wNBe2RreX1D1m8QCSSK1Z
MD5:300EA36832C37B89C7E0AE81E1BF5B9A
SHA1:0FACDDF0C5A0D3754E963F976E969CDEB4BF1909
SHA-256:5F5DE6BF62AA735CAEBAB0C0ED0811E6717D1B8F81DEBB1AF1C694A28C2F84ED
SHA-512:62AB31EB720059BC3C5792341E08210F6B3264C779CA39E6F18D5750269C69796005EF317EFF281D5372C01C76621DF9570D0805278BB401AD39A04506B7D00E
Malicious:false
Preview:d.p...].n5/1.W..r..(W.j.nG.....RN=m."...3p...eb.9.Y.a.X... .^...,9"..jH.6.,..9.^.[..f..]t...i*B..././.o..11.....B...c.N.J...K.t....h...W(.c.L..Zy.j..N......J..%.*../...7q...<.In..sp....^.<6(..(D....r1.!...C3k...tS...[.L...O..q..q......kI....d.....+....W....~.....`.......u....$..]).........,...~p.4bT..uY.Y.)....Cc...Ah:Wkkc.z.S...C..T+.&..*..91..*4..;......'.i..Z.%.[9.#..mN.....`..m.....6......6.....7G.y.C>^......?...:....1.?n.{QB..l..eH ;......ef...X~.......~...9.,..!..4dL..~.........b...Q(....$...y........f3hv0...p..p..6AT.|2.}....D=Bs.+w....dUf!....P...J...AoL.D....\...?!..sH............E.....~..#.v(...s...~../?.....esru....z.b..S1...0p..IW.8.7Z8e..Z..Z.5.XF.....4.0.......i.#3..<...A..Y......\9...|..aLk...N..)..+.f.....3g.../m....X......V}..Yx_....L.6-u4..i42yr}..........YQb:2t...._.ra.(NP.U..u.....[...S....l%.<w.5go{.g..bua....)I..-...H...=..D.o.....4]..b`J............>)x.r.o.....o.%.....\.....hh...........9Z..$.,..=B....].V.l

C:\Users\user\Desktop\WUTJSCBCFX.png.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.746602034933567
Encrypted:false
SSDEEP:48:f/iduX/orL2icedSyTalqilXacE41swS8QgzaMkvbFRA1Alb21U:b/oPLbd6lqilX1D1m8QCSSK1Z
MD5:42E40B90EB706031CF6476B7D376D041
SHA1:6B8B46039D5FDC48A609D18AACD1433A3C288BEA
SHA-256:B4CEF72721570F5DEF428A5C734B12FDAC68255293761A4B9DA139276502B28F
SHA-512:07FFC0F4B926597B2317617A906E5D30C40A6938D549B3836F3E5E591D12CF5DFA48863F8BEEDF0DC6EFC0F62DDDB7A3593B121A79690F4F6C197C6BF18D3A2A
Malicious:false
Preview:d.p...].n5/1.W.-..k...zi........ ...r..D/..........F.J...%....X.5../>@.~QN.\.z..a.]`..{.T...pK%.Hcq?.s..).9Sc.v....+2....:..,.$...z....)D.^.?...?].....b...A.F.F.....3a..#tn..C...Q.+........LT..j...Z..!.:.M^l+.[<...)+..%......5Q.Z..ce.......sdHx..Ket.Z.i=..C.8.>a.74.D..Y..w4[Dt.B..._ [..$.....>B.|@....U....T;d.1.Q..X..tt9...6_.o...J.pqc.K..+F......$....!....$.^S.U,w....s.[...b.).}W?.,;K...%.,.}....{...C.P.0c.O.i4U.....3.+n...X..o..a.h.q.......{.#...i.?c.....X.:..l..q+*.cW[.p.#Ru&.l.=>.Pc .T..d6..<IL@..=..k.....j.JU3..T....zL...y..1#.X...a.M..%..X..M.SX..;#.=.5.iOe..T..|.!;.*t.C.r.z.T...~F.ps....3=...,.E......\T...nj.........$D.3.}.1..Ls..h.E..!%.Y.B.\j.....>.$.x.@....Q.'.x.....mH......j.....1.9.].td.8>.MH...Y...F..v......Ag.ev.{SMWe.FJ.V..%w....c....4h....@.....#d.kH>;..P.....?d.F...i..TqI..<w...+.....T.j.t)YOY..<..Z0x~Z.....,v-K..6...A..u....1.FM...v..,......K......K.......:..W#.Q.C..Z.;..f..?.+.Po,F)......A.+.-j+.K......]Z@7/|.U&.

C:\Users\user\Desktop\XZXHAVGRAG.xlsx.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.741226014989819
Encrypted:false
SSDEEP:48:fVZW+2RZ4zo3n7tbjMNvhOPDATS9huXacE41swS8QgzaMkvbFRA1Alb21U:nWBROz47JMhMATS9huX1D1m8QCSSK1Z
MD5:9DBADA0890401DEE3928114EC106FD8A
SHA1:590D3146C51732C808B957ED1E0BA00FA3CAC5F1
SHA-256:E04CB50B469A0B8F03E3E4DD4510BFA6B6BF1F38628AFDB330BA2DD8BAFD3125
SHA-512:06780B5DA0DC67DC4A2E44028D30278F9BEC7E9CAB9FE09784D20C008BBA5303522EF7439A16A19E36E9EC5DDDAB179DED7634A6287ED52A6418A5063944B8D4
Malicious:false
Preview:d.p...].n5/1.W.}.z.:.J+...g...=d#..a....P@...cg.?........C..UmC{d./.....MK5..u......~.~.W.....k.&."4..+<Gl.p%D.)\T.?.....1.$....{qq.....w..U,..2.W.8...4#_..<.!aZ...m.....f..[......)....F...5.....,....4.IV.E.G._...Y.v..m.....t.....gd..G.."`.......i...}...4....N.eT..;...AT=6.3..9.Y<J.fI.Z..2.ow..F.:n..u.J........w.p...7.q9..;K.?1.vi........0!b.C.4&.g..]...3.1.`,!...v.2.(|pc.c56.]H<....Im..4...>.....!PE..,3......M.i!...<f........S...y..F.;...:g2y......9.. ..9).iB$..=3.V...:.f.}..s{.<.*0..X...>_.......OY....hN....W..UI.d..r...F..~..Q.|....^....e0.....G.K.7.....~.8.m.U...).Z......7...g2...9B..... m....Z.....>6/....Y[../.l^.4g].,..;a.!....Y..:]..P..q..........!I....m.=ZL.P.N..D3.k2.=...2i...%Z..P.QPh....:...:z%.YG.O....P...+s.>..\.E.%...M.(h.o<...k.Z....o0. I.....P.D...X..3.].Sc...r..m.^v...!...Z+p......D<...>..D......[..:.E.......qO.......w;....ygGk.K.^.|T....;,c.F`..E....1|.n...=...BJ...Q...GF.)P5c.b>...K..p.% L.-..y.q..)<..o]..\..z.....

C:\Users\user\Desktop\desktop.ini.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):1340
Entropy (8bit):5.4867928513739335
Encrypted:false
SSDEEP:24:sQSo8USVqkBS7LBal5yQXDFP5ilbRXVHFB7WQzBAS8Kd+5H7i7CGDzbGv8d:sq69S7LBArxilxB7WQzBG527CGDmvo
MD5:856EB6D4E0936EEC2BDA5167F1866F7E
SHA1:7DD6942C0244F85529A3501F190FB717316A9FD8
SHA-256:43090A83BA7BBE615764A8F1F81F74B13959FEBB6EFAAE23CD36CAEDD1E46597
SHA-512:016E107206C03EFC982E531971A26B6E89F6A14DEA5EE50538B4F04EFFBA038737DB781F393192C1CCBADA4CE75F96B764365CF7D940A1A8A14ADB770E470B07
Malicious:false
Preview:Z(F.-.2..q..fB.|.S.....H.^......(.A..y..y....H..r.k...M.i.......T...u.g.%..WV.qi*.Ry.D-......z..qo..Mt=.Y..m..)..s.6..e.i..I..\...:BVh|.d..+H....H".W.Z...{!.:...B...W/h..3=.n~.W~61I...l_...wN..P..{....K...Q.....J...iM5.@{}..5.`.......+.Gnl;G.9p$?..r...,.........QI8.H.._..4.T..S.....---*8+8*---574f2ffed6efacc322968ffecd1a3029ae5d709346b989b838fb16675ac4a039ec6471c3aca10864c0fa4422da12757a5c5a33131291a01016fc3a153fb194ec4594662da76ee8789d0e72e1d11935641fe7358dccb4c8480ad05f612e5f2dcf1cfaadbeac7f4ce153037afdbf4028b92161bd6df5f921a02f63233027b69b63900ca8cff15531fba67c4e7b1484c0e9fcefad7786a94aea08c875a689facaeb88032113892d9b436e92468112420c623925079660565f21cbde672d74e4301aa13e23d7e473b9baa3e9dee6f47332ce56e67c5524df49af72fa6c16eeedfc216119d54d662ff80b4b31dc32e234c46de65aea4006281b1eec8a073d20c6f1e047d9ebf9da65081d079174cf313848f89f1d6f48071c6da747203ee9fa25c618721989f3480499007b63038550caae9cbbe3799845cd0f906cee5c46cf34e12057f3661bc736f7c7946a70ceab2ba030ab87a79fb6577

C:\Users\user\Documents\BPMLNOBVSB.jpg.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.777813019886515
Encrypted:false
SSDEEP:48:fc5qlVU4LxEYuWkIihjTjsxXacE41swS8QgzaMkvbFRA1Alb21U:0wlVU41S3IwjTQxX1D1m8QCSSK1Z
MD5:5B7449ACD62C2E1C76242C4AF5E4F30A
SHA1:A5A30446443559C22EBC3BA3FDFE6C8BA8860F68
SHA-256:509E33EA0F5D37B20EAB2B1DDFCD271CF1004F0B0B24C5623EC8CB57125B91F8
SHA-512:B55FDCA90EEEB1EE4FCF6AB74B4B9BC74BBBB589F3166E39B3022AF43A5BE07D4D69F2C40EF4F3868AC4ED1150CD7A801AEF14B643B02D74ADF36C9EF49EE225
Malicious:false
Preview:d.p...].n5/1.W.p..T...i...S..=%..[.2.X...W&.X..jt.....!N..Tb@.z+.....Y..=.T.y...K..q1.Y......).....(..`..P..2.x...t.N.....~..9KYR8...........p+.%%.P!^.K..B.EIAg.F....p.d/.... ..w..{:.........|.".z>?K.%8.u...%F..{.n.,^..S.1Kb+.s$d<.s.al$X...$=,.@\c...R.8..+.[....u-.[;...^.x.e...In.kj.n?M...1<.i..~].MU........I.....4.....'.q7.cY.......K.8Dq..._..67#...gX#.?\........cL..z..z(h.&....N...Y..T....x...X..IT`...4\..5A.m..._\^b.......L......OU^B..\.n5>.E...hf...K..o.|N/..z.Q}U.#n=.Kt.B.@#x.u..l.*.f...+.....Oc....`..6P.#P..P=.....E.$..+....F...p..X..Z.C.2w.z6.....l:.~.~.~.....@S.......:w..I0y.O*........&.;FN......I.._...... '...I?..<..Z.....6z..oG|...F0.2.$......9........y.k..k.#W\...!-s"B...2q.p...3....K#l5.....4v.W...{w....%....C.....Yj.R....R.p."..u7.=4>......N%......DW.cNE.sy....=..rT..V.a..C[...z^..Ts.....0.~.H....JX:..l:.OO......U..~.......U!.DN..d ........%2...ba...}H.t"..T../.. r.W.F.....kD>'....+...........A.OZ_/0.9.o.s....}./.{z...-[...

C:\Users\user\Documents\DTBZGIOOSO.docx.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.748977749887794
Encrypted:false
SSDEEP:48:fPZgINVxZfSBoJu5DXRaTZNfNhhBXacE41swS8QgzaMkvbFRA1Alb21U:nZgINnIBo4WfNhjX1D1m8QCSSK1Z
MD5:071585DCAA1FC8F07170EAE529A724A2
SHA1:A53E95CA2930D65DAB1D2C069F31C6B624D86D17
SHA-256:E0112471F570AE0621405D1E9D6B51B03B3EF18AF793C6CF57A22A222E848382
SHA-512:7C0733FB2FE9223BF87B23E68C74233E3623637B18AEFF00D2466C047295D03886B34D91858B9757326F49D4C74DA40752A43719A9FCE1675234D76849BCEA10
Malicious:false
Preview:d.p...].n5/1.W.|M.cj..T.F..EN..D..Y..u...']G......a/^HQ.^".....J_ugh\s.i.4r"....7k......>...v..T(NJ..M:....`...<........m.8V..D..u.. ..f....H$..8.....C\GX.9..fk. ..O.={......... *r..ZA.m..3..HP..qL;S.K.....z%..K..85.B.W}..x.-}.1......@..c..?....9.76.....+.2.{..(...I.3..!.........Q~f.....,-.[ Jr...f...Vv.7....FQ..6c.{....j.dB....&..Z7.....*..3d.T[q.Y.PTY%...)Af)..l...}. .+..%....pt.%....)...%mn/.J.Xb.q.-.q.Mz2.mt..@.p.&A.*.f.D.sb.3*3..SS......r(....M.......D..L(C....W......|.)...X..../s.P..z.....F.w[N...Y....^_Iw...r..|.c...x}.<.....Y.......W.c.?.U.,...T^...k.b....POj.l.(S....T.j;.J)..c..I}w,.a.@."L..a..4....:.j.Z......._..<{. ..........b.....L.$...^...C.+d.....S. .$..t.}...9.........7..f..e9.......~...7....`........i.K...d{Jx{t.......U .p].2...h....Z...N...x..x.n.3.....].S.0..Q.4...{.v....*.... ..f.{..b&6..k.X.:Yx...K....b...Cm..)_...;a.z..v.S...T.[....k=}...|)[V.K/.{.mg0.ZU......an&..8.+{.,r....jc)..PD...p.,...I......l<...c i1Z.w.2?...

C:\Users\user\Documents\FENIVHOIKN.mp3.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.76920435289359
Encrypted:false
SSDEEP:48:f1/oubf1xi6r3TERhEXacE41swS8QgzaMkvbFRA1Alb21U:dZbfPi6r3ShEX1D1m8QCSSK1Z
MD5:FD5984335D74017317157BE7E45080CF
SHA1:A89519B9F811CBE3D45BA2AC1800AE5E63098F05
SHA-256:1037A2F6691FE5EC2A23D75626576F50F3C33A3EB6A12DF597BAB32A7B179F1F
SHA-512:73B54AC1CE2CB41BD3457C27804DCF1179886FA34AB4A03BDD91568CF2B5BA76C87773F8E2FF4ADA489F3DEFB0AD18617F8CB96DF39B2CCCD4786CBA9342C9CA
Malicious:false
Preview:d.p...].n5/1.W..4.#.tw.!...`rn..`O.n..}M.4&..._:LCyB..4.`.N..%h.......U(...w......3..\..^.....Na.......@.2#b... ..4..;.z.p.. q.:.E...N.'.. ...Z.....G".1......~.e.........H..Z...{=.AO.,.....N4J..\.&.J....6E?1..rc..3.........O'.Yh..\....,HT(NIa...=.s.@..w........$...[...X....b-....?@mH..Y_...D..k.l"<..F.~....=.....z|aW......;.b...v..9W...j..6gc.>..kF......q..\kW.7'8.[r.0[||I6...l.5;.,.e.@.SA...'Ww..."C..~.wc..%...(....D....#...6...\(|.......j......l...t.... V.:-.t5....../..C.U....0%!9.F..V..H.......E...+...L.:.......k5.. ..@..t......k.........aq..jv.N..Cf.2.K.A..*.sY.~..)K.=~.y...q,...y......!K.+....N./X..'.....u..MA....S...... ..u..{.~0...V~.KPO.'.;.4...Z.{._....Y .."._..HxKGe;].ZQ......+....,A.b..,kfb......~.b.3]8..RB.DF..mv u..[.fB.,._7.C.2..@.D.c#....d.E....{.......E.......3..5;n../!.G.V..6....9..Hu..IT.L.-R..T.W\8l:.^.:..!....Nnq\..}../G.......]D'.%...u..D...e.....i...l.B..<..y>l.o...$?....w.........V...>..O..*.....>.l3.. .......C.+... .

C:\Users\user\Documents\HTAGVDFUIE.mp3.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.775349036015782
Encrypted:false
SSDEEP:48:fafaKlQBTENX/x6zjkVzdBXacE41swS8QgzaMkvbFRA1Alb21U:RJwCAdBX1D1m8QCSSK1Z
MD5:B0460896424D85F1B98693F086AF239A
SHA1:FAB435318C74DC8018B31901E5DD37856248B8A5
SHA-256:557964BC32BA2B6797FA6FA2F7D69D12123F6144D5C91582CD129CD1BE073C87
SHA-512:0EF3D3AD09E2AD93A7F9383ADD64A8067E9B1F2DE5C744894B8714945846F98149E60361AAB49E5B4CEA6ADAB3358F0A8E1BED8E02B5BBF3A5C14BED67497471
Malicious:false
Preview:d.p...].n5/1.W.,..&..U.~.Io......s_i..u{..H3..4.Q..).o.$._(2P.J...om..3...st..q)...?......d...WZ.......si...U..ck..-X.#D.P&.....!.(....I.<.......?.9...<.e..?.'.I..r2W-.h.....p......~..H.6G.<.....,t4L....Cp.Fb?.]..z.....V.....Lo."s6?...,F.t.}.k.f..2%..M.O......Q]...3ALA.*....v.....ZR..r. .........T.{...-''p..@...!...R...p.>a.....J.._..z.g.O..!~.h.....>...8...].....5.U.&........A..%q./M.(jZ...)..0<.x...RG,....T.RN..s..X..../G..7-..x8p......."......~....vPF..+.....,..IoO.xXIj....Wp. ds.3a..H..b..}.Y..!@......Qc....R.LZ...M..]^.....L.k....[YV .H*H.~...........D..Mt.*!ni...[.&.~.X...d....}..@h...RV...S.y...J.Q.D...LK"6.L.,L..fq.mc_^k..@E}.t8/...i..._l....p..:..1dj... .....H.@...SW...\.......&Ng.@.......{.{..7...g..J.A$.d*...M...m...S.H..s.M....!.o?..^s.... .gaM.r.FIhn..(g.9..i.........o^..T.........F.w z..K...d.......=.................+.$.1i..V......%.x]......).I|...d.O^>.ih.8.yU5@.....Io*{A.F...G.F.I.M......4.bF.*^*R\....Kln%a.....WN5...f..

C:\Users\user\Documents\HTAGVDFUIE.pdf.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.775349036015782
Encrypted:false
SSDEEP:48:fafaKlQBTENX/x6zjkVzdBXacE41swS8QgzaMkvbFRA1Alb21U:RJwCAdBX1D1m8QCSSK1Z
MD5:B0460896424D85F1B98693F086AF239A
SHA1:FAB435318C74DC8018B31901E5DD37856248B8A5
SHA-256:557964BC32BA2B6797FA6FA2F7D69D12123F6144D5C91582CD129CD1BE073C87
SHA-512:0EF3D3AD09E2AD93A7F9383ADD64A8067E9B1F2DE5C744894B8714945846F98149E60361AAB49E5B4CEA6ADAB3358F0A8E1BED8E02B5BBF3A5C14BED67497471
Malicious:false
Preview:d.p...].n5/1.W.,..&..U.~.Io......s_i..u{..H3..4.Q..).o.$._(2P.J...om..3...st..q)...?......d...WZ.......si...U..ck..-X.#D.P&.....!.(....I.<.......?.9...<.e..?.'.I..r2W-.h.....p......~..H.6G.<.....,t4L....Cp.Fb?.]..z.....V.....Lo."s6?...,F.t.}.k.f..2%..M.O......Q]...3ALA.*....v.....ZR..r. .........T.{...-''p..@...!...R...p.>a.....J.._..z.g.O..!~.h.....>...8...].....5.U.&........A..%q./M.(jZ...)..0<.x...RG,....T.RN..s..X..../G..7-..x8p......."......~....vPF..+.....,..IoO.xXIj....Wp. ds.3a..H..b..}.Y..!@......Qc....R.LZ...M..]^.....L.k....[YV .H*H.~...........D..Mt.*!ni...[.&.~.X...d....}..@h...RV...S.y...J.Q.D...LK"6.L.,L..fq.mc_^k..@E}.t8/...i..._l....p..:..1dj... .....H.@...SW...\.......&Ng.@.......{.{..7...g..J.A$.d*...M...m...S.H..s.M....!.o?..^s.... .gaM.r.FIhn..(g.9..i.........o^..T.........F.w z..K...d.......=.................+.$.1i..V......%.x]......).I|...d.O^>.ih.8.yU5@.....Io*{A.F...G.F.I.M......4.bF.*^*R\....Kln%a.....WN5...f..

C:\Users\user\Documents\HTAGVDFUIE.xlsx.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.775349036015782
Encrypted:false
SSDEEP:48:fafaKlQBTENX/x6zjkVzdBXacE41swS8QgzaMkvbFRA1Alb21U:RJwCAdBX1D1m8QCSSK1Z
MD5:B0460896424D85F1B98693F086AF239A
SHA1:FAB435318C74DC8018B31901E5DD37856248B8A5
SHA-256:557964BC32BA2B6797FA6FA2F7D69D12123F6144D5C91582CD129CD1BE073C87
SHA-512:0EF3D3AD09E2AD93A7F9383ADD64A8067E9B1F2DE5C744894B8714945846F98149E60361AAB49E5B4CEA6ADAB3358F0A8E1BED8E02B5BBF3A5C14BED67497471
Malicious:false
Preview:d.p...].n5/1.W.,..&..U.~.Io......s_i..u{..H3..4.Q..).o.$._(2P.J...om..3...st..q)...?......d...WZ.......si...U..ck..-X.#D.P&.....!.(....I.<.......?.9...<.e..?.'.I..r2W-.h.....p......~..H.6G.<.....,t4L....Cp.Fb?.]..z.....V.....Lo."s6?...,F.t.}.k.f..2%..M.O......Q]...3ALA.*....v.....ZR..r. .........T.{...-''p..@...!...R...p.>a.....J.._..z.g.O..!~.h.....>...8...].....5.U.&........A..%q./M.(jZ...)..0<.x...RG,....T.RN..s..X..../G..7-..x8p......."......~....vPF..+.....,..IoO.xXIj....Wp. ds.3a..H..b..}.Y..!@......Qc....R.LZ...M..]^.....L.k....[YV .H*H.~...........D..Mt.*!ni...[.&.~.X...d....}..@h...RV...S.y...J.Q.D...LK"6.L.,L..fq.mc_^k..@E}.t8/...i..._l....p..:..1dj... .....H.@...SW...\.......&Ng.@.......{.{..7...g..J.A$.d*...M...m...S.H..s.M....!.o?..^s.... .gaM.r.FIhn..(g.9..i.........o^..T.........F.w z..K...d.......=.................+.$.1i..V......%.x]......).I|...d.O^>.ih.8.yU5@.....Io*{A.F...G.F.I.M......4.bF.*^*R\....Kln%a.....WN5...f..

C:\Users\user\Documents\KATAXZVCPS.png.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.751723801919355
Encrypted:false
SSDEEP:48:fbuaUkqGke4zcHyhcp/UAXacE41swS8QgzaMkvbFRA1Alb21U:/U3Gknc//UAX1D1m8QCSSK1Z
MD5:06F150CFD5085A35056B83E2A34103C0
SHA1:793C1AAEA55E76F226821ADDD6E47B244F9678CB
SHA-256:48C551070CD3F16736540EB638E514E9A100140EC06EE4109A7071EC8EAE1EDC
SHA-512:884F0851E17C88AF649AC37350AD6BDEE4AD5B733F9B3A8651C7F72B50C1BEF6EA0CB7C5077A52D51F18E1EAF88D8B7145CC27030AEF7D4BEFE7273ED2B62FCD
Malicious:false
Preview:d.p...].n5/1.W..K.......g....#.Z..5)...&.......3.|ep0....x.f.0........"..R..6e...8..b...~.. .!pM..p.\.B?.....)..L...V.F..;....fZ......hR..........h.i...j..\..eo.w}.Ix....s.V....].......3..."...f...K...x.Gh{{S.....d.g.....{#..8...%..u.'.m..6.=.._..j.f..$.HIf.c?.b...^m..7..../..1ns..* ..l.#.VO ..M.e...c...'M?..@..u..c..l. .J}oa.$.g..p.GYT..[.m...N....1V...TA2....#N.s|.....}j:...@..r.l...g=.V...o.;.f.....}2i..>.............p...?/BTf..J/..h3...l...(...g.K...V..1.......m^HG......nL.M..?.\.3H.e..M..FL.E...K...<..me.#D:.Dn.x6.z..y....K.)...=.<.n.=....".d.x.v&?T..9.c...w......L... ...CW5.....`..'...:....A?.qh){..-b...*.J.......Z.2.H.J,....t....=.i.o.B..t.T/...S.]...b....I{..:+..IFo~..X..O.5Qbb.i.@......i5../.&'.2.....\H\..S.H......^.Gbi.7X.?r.2o.HN..qV...P.....W...$.../3.Q..4...x7...VomO......y..+(.0.b.....\Yi......s.....Q)($.3<...A.G.%.*.t...L.MZ....c...8..r..2.#..Pg..Q<-.$#...$H...9..Q..)P.X~UC{o...t.`.....m..G...u9+..dt..e.(.r..7....y.Q,/

C:\Users\user\Documents\KZWFNRXYKI.jpg.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.764317090737298
Encrypted:false
SSDEEP:48:fVOWMKG4uridTjAGJ/dvN/AOxjrEXacE41swS8QgzaMkvbFRA1Alb21U:6KdYooGRdl4Cj4X1D1m8QCSSK1Z
MD5:0251D473CA236B7D34634C25AC2279F8
SHA1:72885DFBAD23ECFD4F8E119989DB2B6833F2C0BA
SHA-256:E0D27A199943A39AC8D8FE49A11A0B9F37A224C318ACF117324E30B689437774
SHA-512:21E86B93E8C55DEF4698BDA7BB57AB54BD0973C4EF6CBCDC0F4EA6DA8E053E2A88B795687D790168298DE501816A0C5E1341691F95F983CDCB902CEFD2D60DE0
Malicious:false
Preview:d.p...].n5/1.W.-..o......v...d...a.Z.^.E7...O.W.9..k......L..Z..?'.X...hF.....e-..n..k..w.f...GwN..'................EP......o.E.b!.Z.l.*!k....+....[.P..Z.}H.o1.L1R...Kp.;...7......Un.....^....\..O......j.....e.?.>K..:..,.k..d.O.....4>....Y....CwK....3....,h.c..X{c..Z....._.|....*$r..}.x..@O..0.....J_O.y..j. ..H.......0..\..v".s.fQ....&.....C.+.cf.}o=..G../.7..w....L.n....9.Z..6.W.........B..Zm.y.F..7.W8.b.*+.v....;is..........c@.>+./V.c...W.`=.....;..e...M.h...B..s`|rCA.Q..fh..f...S....:\...L.R..k.O.6r..m{V.i.W........?.>.u*V..5X5.....$.?..e.B?.l.3...[...Ta.!......m9..T....'....B...%..~>g\f.....H\....@...>..o].tG.Q.iZ.i.q7...R..S...J.C.Z.....?.3xp.V.....N.2!......f.@..).\.n.Nd.m.P....F......^....[.L.R.*6..u.M...*.1l.......=...t..W.E......A.....2T=G....e..-..L9.......R...Jb...%.*hE5.)..Hm...a...T.k...l{E.A[ ....M|._.(I.+.'" ...~i..?# ............Oi.n.^.j,'d.....k...@.?.......N....y.A../..-....../.Z..........qh.4...9..\./.S...s.f)X.a..H

C:\Users\user\Documents\KZWFNRXYKI.mp3.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.764317090737298
Encrypted:false
SSDEEP:48:fVOWMKG4uridTjAGJ/dvN/AOxjrEXacE41swS8QgzaMkvbFRA1Alb21U:6KdYooGRdl4Cj4X1D1m8QCSSK1Z
MD5:0251D473CA236B7D34634C25AC2279F8
SHA1:72885DFBAD23ECFD4F8E119989DB2B6833F2C0BA
SHA-256:E0D27A199943A39AC8D8FE49A11A0B9F37A224C318ACF117324E30B689437774
SHA-512:21E86B93E8C55DEF4698BDA7BB57AB54BD0973C4EF6CBCDC0F4EA6DA8E053E2A88B795687D790168298DE501816A0C5E1341691F95F983CDCB902CEFD2D60DE0
Malicious:false
Preview:d.p...].n5/1.W.-..o......v...d...a.Z.^.E7...O.W.9..k......L..Z..?'.X...hF.....e-..n..k..w.f...GwN..'................EP......o.E.b!.Z.l.*!k....+....[.P..Z.}H.o1.L1R...Kp.;...7......Un.....^....\..O......j.....e.?.>K..:..,.k..d.O.....4>....Y....CwK....3....,h.c..X{c..Z....._.|....*$r..}.x..@O..0.....J_O.y..j. ..H.......0..\..v".s.fQ....&.....C.+.cf.}o=..G../.7..w....L.n....9.Z..6.W.........B..Zm.y.F..7.W8.b.*+.v....;is..........c@.>+./V.c...W.`=.....;..e...M.h...B..s`|rCA.Q..fh..f...S....:\...L.R..k.O.6r..m{V.i.W........?.>.u*V..5X5.....$.?..e.B?.l.3...[...Ta.!......m9..T....'....B...%..~>g\f.....H\....@...>..o].tG.Q.iZ.i.q7...R..S...J.C.Z.....?.3xp.V.....N.2!......f.@..).\.n.Nd.m.P....F......^....[.L.R.*6..u.M...*.1l.......=...t..W.E......A.....2T=G....e..-..L9.......R...Jb...%.*hE5.)..Hm...a...T.k...l{E.A[ ....M|._.(I.+.'" ...~i..?# ............Oi.n.^.j,'d.....k...@.?.......N....y.A../..-....../.Z..........qh.4...9..\./.S...s.f)X.a..H

C:\Users\user\Documents\KZWFNRXYKI.pdf.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.764317090737298
Encrypted:false
SSDEEP:48:fVOWMKG4uridTjAGJ/dvN/AOxjrEXacE41swS8QgzaMkvbFRA1Alb21U:6KdYooGRdl4Cj4X1D1m8QCSSK1Z
MD5:0251D473CA236B7D34634C25AC2279F8
SHA1:72885DFBAD23ECFD4F8E119989DB2B6833F2C0BA
SHA-256:E0D27A199943A39AC8D8FE49A11A0B9F37A224C318ACF117324E30B689437774
SHA-512:21E86B93E8C55DEF4698BDA7BB57AB54BD0973C4EF6CBCDC0F4EA6DA8E053E2A88B795687D790168298DE501816A0C5E1341691F95F983CDCB902CEFD2D60DE0
Malicious:false
Preview:d.p...].n5/1.W.-..o......v...d...a.Z.^.E7...O.W.9..k......L..Z..?'.X...hF.....e-..n..k..w.f...GwN..'................EP......o.E.b!.Z.l.*!k....+....[.P..Z.}H.o1.L1R...Kp.;...7......Un.....^....\..O......j.....e.?.>K..:..,.k..d.O.....4>....Y....CwK....3....,h.c..X{c..Z....._.|....*$r..}.x..@O..0.....J_O.y..j. ..H.......0..\..v".s.fQ....&.....C.+.cf.}o=..G../.7..w....L.n....9.Z..6.W.........B..Zm.y.F..7.W8.b.*+.v....;is..........c@.>+./V.c...W.`=.....;..e...M.h...B..s`|rCA.Q..fh..f...S....:\...L.R..k.O.6r..m{V.i.W........?.>.u*V..5X5.....$.?..e.B?.l.3...[...Ta.!......m9..T....'....B...%..~>g\f.....H\....@...>..o].tG.Q.iZ.i.q7...R..S...J.C.Z.....?.3xp.V.....N.2!......f.@..).\.n.Nd.m.P....F......^....[.L.R.*6..u.M...*.1l.......=...t..W.E......A.....2T=G....e..-..L9.......R...Jb...%.*hE5.)..Hm...a...T.k...l{E.A[ ....M|._.(I.+.'" ...~i..?# ............Oi.n.^.j,'d.....k...@.?.......N....y.A../..-....../.Z..........qh.4...9..\./.S...s.f)X.a..H

C:\Users\user\Documents\LTKMYBSEYZ.jpg.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.756053979845309
Encrypted:false
SSDEEP:48:fgaxVokHAJvl2Dz2mkwHyXXacE41swS8QgzaMkvbFRA1Alb21U:oa0ki2Y+yXX1D1m8QCSSK1Z
MD5:C7F565AB962D97367E57D8C655D63501
SHA1:AB667CD31DCA2BD819B6E724629755D9C5C4B2B9
SHA-256:37F16ABB7A53E856E1E4DB71FC0AB26414F5AFEB598826E7C60F70C7214EDE11
SHA-512:5486EBB8C731C3D5C3A9760F2C6C4B33F8D7C86969A324F426B2C9B1ADE9F0ED236694DA426E6A1D372E6D49CE1C29B5C20C11F32DE56D2CB0686CC7773C4C3E
Malicious:false
Preview:d.p...].n5/1.W..d....3*d../ .. 5T..,z..".!.v.td.s...Y.{G.7+..q..AS.Ce......!<..n..............M...v.kx...r)P..........7..>.MF..A....p.7..l..P...>1vS..a./.....?.].K#].v.:..:...{&....]U.=...N...H|.E{....).....T...(..B..&.5i...mX...#.C...m.P..P.#fK.y.Y..>......2..!..a.~5.z...M..e.<..(4|.j%qo.g.......I./.|..2-...B.].....iFQ..x.H.Z$.;$....Q2.|...3.wK.....=t.........ts/u...m.h..9`"g...a\.C.Ca.K.D4........F...k...uU....H.;+".......>.C.|.3Di.gO..H..z.....1t....u...c-.....*.F....G..|.......q...)k$....a"%_*....B%.)[...@e...J.1.z...Uw.3.Wk#...=[.#... .c.K...........V..z.%[.R..$....y.Y1[6.I....Wz..C.K^9I;.E.B..u......]|<.Ng.4..m....N.6..ga.F.. 2.o.U.w..q...........=W....`<s.........I0J...&.E.M.1.2M...HS....H.........l..5..V..r..0....-......?..>y....v.."`....*:D.u..iQ....,....q..).^9...e>.0.O.b...:?..<./.cJT...VryG....Y.Il.....d.}.@P..9*.n.....k..I.C.Lv,.LM.....69.......2.N......l"'L1.u:~.M)s.'W...2c..1....`K<....U.E..9...~.H8.1...=.h.&(.{&

C:\Users\user\Documents\LTKMYBSEYZ.xlsx.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.756053979845309
Encrypted:false
SSDEEP:48:fgaxVokHAJvl2Dz2mkwHyXXacE41swS8QgzaMkvbFRA1Alb21U:oa0ki2Y+yXX1D1m8QCSSK1Z
MD5:C7F565AB962D97367E57D8C655D63501
SHA1:AB667CD31DCA2BD819B6E724629755D9C5C4B2B9
SHA-256:37F16ABB7A53E856E1E4DB71FC0AB26414F5AFEB598826E7C60F70C7214EDE11
SHA-512:5486EBB8C731C3D5C3A9760F2C6C4B33F8D7C86969A324F426B2C9B1ADE9F0ED236694DA426E6A1D372E6D49CE1C29B5C20C11F32DE56D2CB0686CC7773C4C3E
Malicious:false
Preview:d.p...].n5/1.W..d....3*d../ .. 5T..,z..".!.v.td.s...Y.{G.7+..q..AS.Ce......!<..n..............M...v.kx...r)P..........7..>.MF..A....p.7..l..P...>1vS..a./.....?.].K#].v.:..:...{&....]U.=...N...H|.E{....).....T...(..B..&.5i...mX...#.C...m.P..P.#fK.y.Y..>......2..!..a.~5.z...M..e.<..(4|.j%qo.g.......I./.|..2-...B.].....iFQ..x.H.Z$.;$....Q2.|...3.wK.....=t.........ts/u...m.h..9`"g...a\.C.Ca.K.D4........F...k...uU....H.;+".......>.C.|.3Di.gO..H..z.....1t....u...c-.....*.F....G..|.......q...)k$....a"%_*....B%.)[...@e...J.1.z...Uw.3.Wk#...=[.#... .c.K...........V..z.%[.R..$....y.Y1[6.I....Wz..C.K^9I;.E.B..u......]|<.Ng.4..m....N.6..ga.F.. 2.o.U.w..q...........=W....`<s.........I0J...&.E.M.1.2M...HS....H.........l..5..V..r..0....-......?..>y....v.."`....*:D.u..iQ....,....q..).^9...e>.0.O.b...:?..<./.cJT...VryG....Y.Il.....d.}.@P..9*.n.....k..I.C.Lv,.LM.....69.......2.N......l"'L1.u:~.M)s.'W...2c..1....`K<....U.E..9...~.H8.1...=.h.&(.{&

C:\Users\user\Documents\NIKHQAIQAU.png.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.752869772097699
Encrypted:false
SSDEEP:48:XUQ7NkkgbYQgNTjpzgH+EbNnZoiUEqOGnw1mEFLM:k2ngbYQgNT9zgH+knZOw1Pw
MD5:C86D92F114A1AE6936C6A9CEE8A920D9
SHA1:BE098B265104655BD0442E422207C8021D00E9D6
SHA-256:51FC7879269EB4B80F2D18B690AC794154AA130496113B37AE2475303CA0C9D4
SHA-512:CCAC0B4AC75C9004346F878F4EF2DE84E8B4EF6D041B4FF057404DC1FC18FE12EFA3A0FA424300E4419F5905B0112FF8F3575A796FB4AA35226B8BB2547E3EC8
Malicious:false
Preview:gA..x1..R.[...].-...U.....>K@.#8i......p+q..0..0S8[X......9.5...s.........e...}q..=nw..4.%..........UG..7]....._fJ.1.)....;%~..y..8Yq_.(..J.....}i.y.;..hy]..[.=.l...|^O.]..|...d.....:..?...1....OMc.%N.....-...*.$)... I/...V......m.~s.^,A.A;&.......h.........."C...!.qa..x~.9|#.(..Y...v.6Ly[..aT..*EkAT4/....]..4.............6..F.NoQU....#.....p~c%%....<..n.m>...^...........nd/.z......v._..a\.N:..3..VF.{i~Fn.uft..:..5&....}.;..G..?...=.J.l4.._........j......R.-.7..wM.F.....K..Tb5.w..D..u...7...,....Q.a...A}...........U.R..#.|....g[.2....-.V..@w...E.<E..\y)\......I.....8.u.....SK...|..n.`.i.q.t?~.a.t..H.S..qQ....$.v.s.$.......$.r.E..&..3..UP.].}...z&Q..c,..S..#oj}*.?z......f.7....0I3..73....l......f...,.".4'./|wg...\...<..WHoz.k)2-...=...{..L...1..%$d..AbK.3f.../.y..c........Y..2M..4lY...T..g...M..v}gQa/?.<u.X...m/.mDd...s.'.`....vA..Zq^.p.*C.@..)j;...P.c....T..x....,...vu.)............Ia3...a=:..+ljC.d!.W/aK.........~3Eh),.PW..q.`..

C:\Users\user\Documents\NWTVCDUMOB.pdf.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.76855505386674
Encrypted:false
SSDEEP:48:WFpKTqdsPzx/7kEcrdaGNnZoiUEqOGnw1mEFLM:kpAUsbJAYGnZOw1Pw
MD5:279236B6989283D2019BDB910CF83DDC
SHA1:26F3E81A0FE8E4030F94C57FD57847198B5820D4
SHA-256:EC5AA3F145533D1309F95AA3C904D9DA7D12527ABE87F7B22F1F7C0026862F41
SHA-512:F0C39276E01D38CF3D1E3F0E0BA554308B526B5DE8AEF35561375970348A47E2CD58B9F4466B244270DA79D954D9F0403B101773BBC0716946B54B9DA5A03F64
Malicious:false
Preview:gA..x1..R.[...]w.:..;..c..O...o...K.G.}.K....]y....=.&....+..&..:..V....?......A-W.|qkT...o..v.X.+[...<4<.=......./..~.).............=4N(N..3.]).....b..T...7.,..._.b......u.'hq.9N.yh.u?7.5...*.7.L..}...y....)5....|..Z7......9...z..~^..GA.V.S8.........9./:..&.#XfS..<.4.Q=.=......7.b..tds..G../..I.95.....']....R....b.7.6.P.Y<....u...q...Kg.......N.K.....oh....?Y3t..$-...L.jrx....,[_.!.....b..~.C.K.@....*.E..z.r..._j.f..<.I..h.h'(lV.4!.:6J.>.S..c$5.....C..thp..^Y.9[..l..2.-..H......%...>n".....l..b.E.}.3IH..}.....T.........05...w-.~.H.$..8U.. <.t.....r..#..>+.....3jC4%T.h.p=.J=_."F.<..G...6.e.n..iB.......~....`..........}.....<...S.V...L.F.k.P...u..F^(..r/......$..r]........<U..6(..0..*........`l^..u'>T.t...R.MF.....b.....x[t...'....|8.O.g...I.?-..u.29...'....6..+.z..;oA5y....&@...........t..Ct<A;.z.C......'y....."..xx..U.fv....JQD....lA.w|.`.X..]..{.......jw].v.Po-...0..>..7.h.F.>p.T%.k.D.^.9.w/....~.B.L.*P.....K..S..C...>.a.V<Rw.S....F

C:\Users\user\Documents\ONBQCLYSPU.docx.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.7597040701554985
Encrypted:false
SSDEEP:48:mnasOB7I4fiM8ma6o9DlNnZoiUEqOGnw1mEFLM:Ka77T18HDjnZOw1Pw
MD5:6494AE87B97191030FE62A37DA343119
SHA1:B35D098842AA4F820417868EA6A3D46A277113BC
SHA-256:1C5BEDBCA5CBFD095EEE190EB689523691245AC55DBCA80DD52B91E661967FB2
SHA-512:7ACF8BFC9925522BF20CF7F4DEE60F76D9A675E3BDFDC25BBFD6060F4CE3D155005513D5BD8448811843451EDDAC16B0CF3F04CE9E3F0CA05DB9BA1F5C30830F
Malicious:false
Preview:gA..x1..R.[...]Sq<..[.c7Gl..~7....=.d+...g..AE..W.......l.d..J,.e..R.0.E...WQ..>'..G\m..}.cwP*...*.....h3.r.SS....j.y...q...Nw.....S;....r...f.....!...Uj..9....|...C.}....[-..........\........V{....".e......V..Tk........N..ds....ko?.U.I'...7......v....Q..D..T..}..v..]2.$.Fp..9.x....{w.n'MGw.. B5....l...]...V.K|.....G..f..#......R......3...a.l.#.....w.....Wk.j/.B...0....N.mK..{_...q..=..U{.}y.~B...)c.83O...#....M..K...f.l,.bYK...w#.......b.u(#.<.;..`.$.~...&...5Ey....Pg.....k.....C....,.V.C..LI4..."....E..Amv.dz...\.".,T.).Q1....@Z|Qyd....+.tb{Xw..`i....V...H...c.........1g..6...j..2...`o8z..c..g).-@iD....V..O.@1......0....q.o.B.....v....F.w...nm*.....o...Kq..&.,..)..hu[....\a7...C._W.......g...Ug..r.......idqrA`.`.....HQi..[....Y.^#.....+_9%.@...vRQ".M..X.....H.z.<.P..>....*.p....iK..|..ho....k.j8u...hf...,..Cj....5r+h..g..t.|z....*.}_0/N.T.r...3R'.q.ol&...bK..j...Vr..u.... ..M.C.xB..'...yE..(.`k.kY.......nNF......%..0.l3,..~.~.j...-~.

C:\Users\user\Documents\ONBQCLYSPU.xlsx.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.7597040701554985
Encrypted:false
SSDEEP:48:mnasOB7I4fiM8ma6o9DlNnZoiUEqOGnw1mEFLM:Ka77T18HDjnZOw1Pw
MD5:6494AE87B97191030FE62A37DA343119
SHA1:B35D098842AA4F820417868EA6A3D46A277113BC
SHA-256:1C5BEDBCA5CBFD095EEE190EB689523691245AC55DBCA80DD52B91E661967FB2
SHA-512:7ACF8BFC9925522BF20CF7F4DEE60F76D9A675E3BDFDC25BBFD6060F4CE3D155005513D5BD8448811843451EDDAC16B0CF3F04CE9E3F0CA05DB9BA1F5C30830F
Malicious:false
Preview:gA..x1..R.[...]Sq<..[.c7Gl..~7....=.d+...g..AE..W.......l.d..J,.e..R.0.E...WQ..>'..G\m..}.cwP*...*.....h3.r.SS....j.y...q...Nw.....S;....r...f.....!...Uj..9....|...C.}....[-..........\........V{....".e......V..Tk........N..ds....ko?.U.I'...7......v....Q..D..T..}..v..]2.$.Fp..9.x....{w.n'MGw.. B5....l...]...V.K|.....G..f..#......R......3...a.l.#.....w.....Wk.j/.B...0....N.mK..{_...q..=..U{.}y.~B...)c.83O...#....M..K...f.l,.bYK...w#.......b.u(#.<.;..`.$.~...&...5Ey....Pg.....k.....C....,.V.C..LI4..."....E..Amv.dz...\.".,T.).Q1....@Z|Qyd....+.tb{Xw..`i....V...H...c.........1g..6...j..2...`o8z..c..g).-@iD....V..O.@1......0....q.o.B.....v....F.w...nm*.....o...Kq..&.,..)..hu[....\a7...C._W.......g...Ug..r.......idqrA`.`.....HQi..[....Y.^#.....+_9%.@...vRQ".M..X.....H.z.<.P..>....*.p....iK..|..ho....k.j8u...hf...,..Cj....5r+h..g..t.|z....*.}_0/N.T.r...3R'.q.ol&...bK..j...Vr..u.... ..M.C.xB..'...yE..(.`k.kY.......nNF......%..0.l3,..~.~.j...-~.

C:\Users\user\Documents\ONBQCLYSPU\HTAGVDFUIE.pdf.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.79177726443508
Encrypted:false
SSDEEP:48:qLdDfgStNXWBiSorQo4WNnZoiUEqOGnw1mEFLM:qpf4+P42nZOw1Pw
MD5:29BE4A1CF5E2C190E73F26B4BEB3491D
SHA1:4678057583B41BC8125F07E72A60527C53709888
SHA-256:7B17AF0C98496EDBC59B2CBECB68A37DBF47198E2FF21BF7B58C3D2E9B1C4BD4
SHA-512:52772897EEDF4E7E7F407163D31F7D71CFE075A7B433802FFF21051889F79050F6A9F324E0A1A76CEAABF1DFBD02B1C0039F15C3AB0488BC9A6D79FD0A4274C0
Malicious:false
Preview:gA..x1..R.[...]a.......h..k....6.J.&.;..>.+.,7rAs+....(B.Rn.##..xK.n......z~/ty.[Ef... ....D.....7Umw.6g.>vW..y+xLY.?.....F....Y..k[......Oa.5.....0r..|...G)....-.E.R:.o.^.T.........F..=.C_w...`..=.iN.L.J.j.^.I!;_..i09.._.{/...!.....O.p.}..Fwh.....z.#.6....q^...........fz.).....k.l."w..K4....i.."...@4."..V....D(.5Jn..Qn#.. $..P:H.u....x........V.XK.s....S..-..<?.1....FBz<.r<U.... ..w{.F..S.b.....\....@4.o.28l.-.=.Z..+'..;.........M.M......t....'*_...>.b.Z..84......6.6..n......p..kD.M2...|Mc..G...Y..YVFs...P...k.....E..4l2..n.p&...j.u.r.$.J....[.>..D'..XV.>.m..Xs5.......qA5...o..h./jW.v@.!.rG.T..u.TE|06.t.M..7!.....I..K....cI&..b6.UF.r..5p`gr.....c.U?B...t?r............p.........Uo29......A.@.#<.v.....F.j.H.#V.V..*+Y....M.t..........e.O..1..4....N..xH...\;....l...r4vO.q..q]?..I..}..OhD`u.=.....|..{^..$....\..........j.w..vY.S.Wg.a.}..X...h;.+.....!..p....."....H....z.;..$.5Jp.s.i.L.ef..}....P..$..M.&....l.M'...)..2cK.vew....K.......+.....m>..\...<.

C:\Users\user\Documents\ONBQCLYSPU\KZWFNRXYKI.mp3.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.709223126129414
Encrypted:false
SSDEEP:48:eQW3DUVtvtiy7ST5fT3GZukJbNnZoiUEqOGnw1mEFLM:eb0ApT5fLGk2pnZOw1Pw
MD5:CD94BA55FA8F457CD4481ADF5229FB65
SHA1:24E2A91C4682D5F4E0BEA832F064D76EE841075B
SHA-256:632F0BF3E930695611E95ED977C62E63FC2295608B14C90C8F052F25BF9207E3
SHA-512:3EFC49A0820538A5FA7FB81284D042AF35C317FFB34DB380DED4B196A4CEF9FAD0AADEFC9A84487A97FCFC96F52A335F14315A6A717EF95E2BCF51FB44C3DEF9
Malicious:false
Preview:gA..x1..R.[...].M....d.../.../..5[R.yJl.*5*..\..g.z.,#..:.#..Q.$...c...l....}.c.D9.Dw..~umq..x@.....nmhl."..B,..0...3"..0.Mj....:$.i.q...Tjq].J..tf.07.`.s.".X.n.d~..JJ...L^...6...l.+.....jW..)7.Bn.n.c.<].x.1z.d[...d,....1W..q8..()...[..0.6.e2....w...... X..'........6w......0.*....|.I...T)...-..8..:.h.....$.....Wz..i..9B.....M...^.7B.........m:..B..n.W.C.......F...r.....>2...Kh.3..Z+L;.Z.3i....9*.nvpe....;.w$.*cy..%H.f..n.y..ic.......{...6WY.D..+......%...@....z.`........L.....Dd=k6..(6.G..nU..E.V.~.!...S..{j.......f%.v6..C~...z......{*...c.eW.S.p.2...2...MqD.42t.....G.!...j........*...G..GVI.e....|W.q.............i.h..(D;.q../M..f..f..4.h~....W..@......RH.*..Ct.......H.5...n..S..mrB.......8..b..O..........4x\.......9+;..9.&......@.N.&3.....Y='.rl.;.N..J$f@..)Ss.EB.w...U<.<..7...6.U.XR...S..7>..d6Np.T7:Yty.z'..@\.....N-7.......?]H.;....m_.O....p{Wc...M...c...5.....f.s>.3.......k./=P...\...i..).....3W.a...!0..Y........=.7b.~.PY...M.w...

C:\Users\user\Documents\ONBQCLYSPU\LTKMYBSEYZ.jpg.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.760410825476119
Encrypted:false
SSDEEP:48:DnVCDc/Bh9w7yXcK4xT2NnZoiUEqOGnw1mEFLM:Dnp/BUgIWnZOw1Pw
MD5:39CED46692FFC4062B5124CDE970B0BD
SHA1:10A1461ADB427C526A8BC551909B37577E2E593D
SHA-256:59EA4F51D4901C6C830F4D85DEA72B3A3754EB0E9C10E180AB1267C9C37C81B3
SHA-512:F812B2E431A92C554D657A3727B312F313CFCDBB6067DEA2F77A593673CE8676969E49D654E088C5C83AA4920E0DB31162A8BE46BF2C68F85AC614015251F0B2
Malicious:false
Preview:gA..x1..R.[...]..S....uA....K..p..>...>Y..x..I.<7.$...KN...r....q...V...N..Nm|......;:..i.vJ]|.L..%..0..mF..|._.........S."......i.@Z...C.z......S,%...+............L..*.2....R.....c.0K3..%.@D..d.gg..N...0.+...V.s[R.&<....V.4............I...R.u...}.z..<.F.p.8.0...'!....5.......UL...j.^.|..$...|.t....Tc;.=Lv.d....37....|....v.....&.4.A.2.,.o......AH.G7..K.4...1e...?7.._.[../[C.,Ei.p........@...mP.d..._.C,...(.ll|k........5#@.v..'3.F...C"9..W.....Om..D@.W....3{Y..0.h!..-..na.C.=........[-.-..._T-.N..gH...\M.\.l<.....2.....d.._L}....^..i6..'.2....J.......4..Q.&.#....N\...z.p..@.^suh.&...F]<..'%Kt.....)d.......C....e`bm~..@...tl.&'.".F\.+n...^R.::N...Z...._.xZ]. ...}..9qK..+..}.....@v.2..f..]....]En.a......w^....O....jD.Fh..Ne..olw...x....{7.....C.>wQ..o.t.@3J.R.d....,8..1.a..w.^....=t..J..o.+...n...3..E......A....}..n\W..x}7.]...rw...w..4...*m.r..OE....!XN.R..2..'@c..C...q].../Fa.t..J$....m...........S..+.&.,%..y.?...#.AO..:=@c..

C:\Users\user\Documents\ONBQCLYSPU\ONBQCLYSPU.docx.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.7597040701554985
Encrypted:false
SSDEEP:48:mnasOB7I4fiM8ma6o9DlNnZoiUEqOGnw1mEFLM:Ka77T18HDjnZOw1Pw
MD5:6494AE87B97191030FE62A37DA343119
SHA1:B35D098842AA4F820417868EA6A3D46A277113BC
SHA-256:1C5BEDBCA5CBFD095EEE190EB689523691245AC55DBCA80DD52B91E661967FB2
SHA-512:7ACF8BFC9925522BF20CF7F4DEE60F76D9A675E3BDFDC25BBFD6060F4CE3D155005513D5BD8448811843451EDDAC16B0CF3F04CE9E3F0CA05DB9BA1F5C30830F
Malicious:false
Preview:gA..x1..R.[...]Sq<..[.c7Gl..~7....=.d+...g..AE..W.......l.d..J,.e..R.0.E...WQ..>'..G\m..}.cwP*...*.....h3.r.SS....j.y...q...Nw.....S;....r...f.....!...Uj..9....|...C.}....[-..........\........V{....".e......V..Tk........N..ds....ko?.U.I'...7......v....Q..D..T..}..v..]2.$.Fp..9.x....{w.n'MGw.. B5....l...]...V.K|.....G..f..#......R......3...a.l.#.....w.....Wk.j/.B...0....N.mK..{_...q..=..U{.}y.~B...)c.83O...#....M..K...f.l,.bYK...w#.......b.u(#.<.;..`.$.~...&...5Ey....Pg.....k.....C....,.V.C..LI4..."....E..Amv.dz...\.".,T.).Q1....@Z|Qyd....+.tb{Xw..`i....V...H...c.........1g..6...j..2...`o8z..c..g).-@iD....V..O.@1......0....q.o.B.....v....F.w...nm*.....o...Kq..&.,..)..hu[....\a7...C._W.......g...Ug..r.......idqrA`.`.....HQi..[....Y.^#.....+_9%.@...vRQ".M..X.....H.z.<.P..>....*.p....iK..|..ho....k.j8u...hf...,..Cj....5r+h..g..t.|z....*.}_0/N.T.r...3R'.q.ol&...bK..j...Vr..u.... ..M.C.xB..'...yE..(.`k.kY.......nNF......%..0.l3,..~.~.j...-~.

C:\Users\user\Documents\ONBQCLYSPU\UMMBDNEQBN.xlsx.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.774309579510433
Encrypted:false
SSDEEP:48:Q5p+1Lip5S4fy2FEvm97N+zVDGYXqkNnZoiUEqOGnw1mEFLM:Qu1Li/S4nFQmFiVptnZOw1Pw
MD5:B757654CD877E50A2F9780A59F3A7607
SHA1:EEC46C0151B9F86F96D343DF45B47E571FACD590
SHA-256:84B4F2F6C22D199A0E7C5CA82D06F0212516BB586ECDA7682514AAF96CAEA9E3
SHA-512:C6053058D903774A9BCDB51DB056E0B598C03A762C83AF5D6DA6CFF2E9E135C4BFDFDD5D77BFFD9961FEA1CD0B14D0392F3B753BD24152FE56860AB68D222C4C
Malicious:false
Preview:gA..x1..R.[...]N..]G..9...<..a.GY!..O...b.>x....D...l.,...dx..b.r..v.>...g.+G*.h..1bC...[.."...#..m.\. .Z].O/.P.f..=.o.W%A.^...w...C.....WgZS.nE..j...O|.i..".....s..>..W..E.C.|u...\...x..).a`.!.=B"p...l..Iv.+*[8.ae$DIC`..I...s.)..9.R.......rA.M..V...gZ....]O..A.u..<...j.E......D...[N........i....c....0\... $*.R..G.]...z..t.@..B...Q..K.=.[.-..VP.k.Q.}"~.s.!6..D.B.H. .C.S9rB..y.`).x>..F.1}..mw.x......#i'.s..!..=...h6*t..!]J4....=..^....\..(K...U.l...Y,.3.o.......k.5.K.._..U.9.T...rH...~..3!A.&.F[x<F.p..8..mhea....-.Xa{%.c..7.rO.s........"/}...O..].......P.0vd..D.S,......H.Sy..\...at9Nqf.Xr.f..R.....-..@Y..W...t.U..T..".;.L....C#.....|.].sM.'..........B..an.g6.... X......r.4.....o9...S...G.]..f.[*.@.^of.S......V...6Ct.B...,........`..T....~.p....3.4L.c.L...[d...n..Pz!....{.D._.......Y.......nH..-...t..#+....(..L.i.Tg...j.z&..-.....NWNzeS.hq..g.."~.3:...g...OP...)...o..G.L.!.I.......fe.{Z..|..2...?...2...W......="..&.%.,.....p...~..2 ..Lj..d*-'

C:\Users\user\Documents\ONBQCLYSPU\WUTJSCBCFX.png.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.743034475145984
Encrypted:false
SSDEEP:48:YkaXevVVjnV1gAoLz4BKjfE9VMNnZoiUEqOGnw1mEFLM:taXevVdVcHaKz+ynZOw1Pw
MD5:62FDFAADFCE1A03C725746C016CA7068
SHA1:C01509F7ABCA7A5DADECA935058BD6ED31AEADEE
SHA-256:9ACC28BADF00DB1129FB39642A45B7C0FDF5FD6DF913D1938EEFD503E7C84C0E
SHA-512:E821DC94B6D73F3188F11AD491D3448ECBEB038B15F67B2290350A5A76EF16A17AD585AE26C6FB0A919C9ABBECB55F63B3BBA360EF5B9F103B7248D446E4780A
Malicious:false
Preview:gA..x1..R.[...]....:..s.0..k.V.......$...!2dI/...o4...*..95.wA&3.N..&}..g...$-.`K.=...#.f..u....!9. ..`.../....f?..)\..9XC.Wb.id ...(........."E =.........~3....'.^./..`.e^%..C....v..V...%...1..E...|<..*..b.p.'_....{...u..>._..F..x.7+...1/U.f.3..a.....(S..F.yR.s..$.?.0e..u.$.. KTS.REY2..CC.1...B..!.....<.(.....=.(Q...;.6pe....8.E*&^..CP...3.....6!@[.1}<5....sm...^_i..0..,S)..[l6k.....y.7.r........0....(..,n......z/...Ht.B..*.,!.........)C..qz...=..ys.+..Q..%j...4...u.).d\.[.&.4.M%.iW..D..kp/...,}.z ....z.j.)|."..P..'cr...'o...'?..\V..m....?....S..J|....{.T..S9.!....G.X.7g....z..1v..M..U.....6.."Lh.&..h9..T|....n.a.H......p`.j.J$.!...Wx\..I.Z....U\...8X%.<....:d...?.l.e.....{.H....../....b.m.sx.h..p..3y(.+..m~.l.aI... .O.g.....F.H......yed.Vd.#...o...+...t..n...[.g.ti.b...n..W.b@.....=&9.<RO..v.sc....w....@..1..K...b.L..H..7.e.8.r.{W.....r....[vF...P...Ad..G..U......(x..<....8.(...n.....n|.6..sMv..S.O._i...*.)-..e..........69.a.*`=.(...H0..

C:\Users\user\Documents\UMMBDNEQBN.docx.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.774309579510433
Encrypted:false
SSDEEP:48:Q5p+1Lip5S4fy2FEvm97N+zVDGYXqkNnZoiUEqOGnw1mEFLM:Qu1Li/S4nFQmFiVptnZOw1Pw
MD5:B757654CD877E50A2F9780A59F3A7607
SHA1:EEC46C0151B9F86F96D343DF45B47E571FACD590
SHA-256:84B4F2F6C22D199A0E7C5CA82D06F0212516BB586ECDA7682514AAF96CAEA9E3
SHA-512:C6053058D903774A9BCDB51DB056E0B598C03A762C83AF5D6DA6CFF2E9E135C4BFDFDD5D77BFFD9961FEA1CD0B14D0392F3B753BD24152FE56860AB68D222C4C
Malicious:false
Preview:gA..x1..R.[...]N..]G..9...<..a.GY!..O...b.>x....D...l.,...dx..b.r..v.>...g.+G*.h..1bC...[.."...#..m.\. .Z].O/.P.f..=.o.W%A.^...w...C.....WgZS.nE..j...O|.i..".....s..>..W..E.C.|u...\...x..).a`.!.=B"p...l..Iv.+*[8.ae$DIC`..I...s.)..9.R.......rA.M..V...gZ....]O..A.u..<...j.E......D...[N........i....c....0\... $*.R..G.]...z..t.@..B...Q..K.=.[.-..VP.k.Q.}"~.s.!6..D.B.H. .C.S9rB..y.`).x>..F.1}..mw.x......#i'.s..!..=...h6*t..!]J4....=..^....\..(K...U.l...Y,.3.o.......k.5.K.._..U.9.T...rH...~..3!A.&.F[x<F.p..8..mhea....-.Xa{%.c..7.rO.s........"/}...O..].......P.0vd..D.S,......H.Sy..\...at9Nqf.Xr.f..R.....-..@Y..W...t.U..T..".;.L....C#.....|.].sM.'..........B..an.g6.... X......r.4.....o9...S...G.]..f.[*.@.^of.S......V...6Ct.B...,........`..T....~.p....3.4L.c.L...[d...n..Pz!....{.D._.......Y.......nH..-...t..#+....(..L.i.Tg...j.z&..-.....NWNzeS.hq..g.."~.3:...g...OP...)...o..G.L.!.I.......fe.{Z..|..2...?...2...W......="..&.%.,.....p...~..2 ..Lj..d*-'

C:\Users\user\Documents\UMMBDNEQBN.jpg.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.774309579510433
Encrypted:false
SSDEEP:48:Q5p+1Lip5S4fy2FEvm97N+zVDGYXqkNnZoiUEqOGnw1mEFLM:Qu1Li/S4nFQmFiVptnZOw1Pw
MD5:B757654CD877E50A2F9780A59F3A7607
SHA1:EEC46C0151B9F86F96D343DF45B47E571FACD590
SHA-256:84B4F2F6C22D199A0E7C5CA82D06F0212516BB586ECDA7682514AAF96CAEA9E3
SHA-512:C6053058D903774A9BCDB51DB056E0B598C03A762C83AF5D6DA6CFF2E9E135C4BFDFDD5D77BFFD9961FEA1CD0B14D0392F3B753BD24152FE56860AB68D222C4C
Malicious:false
Preview:gA..x1..R.[...]N..]G..9...<..a.GY!..O...b.>x....D...l.,...dx..b.r..v.>...g.+G*.h..1bC...[.."...#..m.\. .Z].O/.P.f..=.o.W%A.^...w...C.....WgZS.nE..j...O|.i..".....s..>..W..E.C.|u...\...x..).a`.!.=B"p...l..Iv.+*[8.ae$DIC`..I...s.)..9.R.......rA.M..V...gZ....]O..A.u..<...j.E......D...[N........i....c....0\... $*.R..G.]...z..t.@..B...Q..K.=.[.-..VP.k.Q.}"~.s.!6..D.B.H. .C.S9rB..y.`).x>..F.1}..mw.x......#i'.s..!..=...h6*t..!]J4....=..^....\..(K...U.l...Y,.3.o.......k.5.K.._..U.9.T...rH...~..3!A.&.F[x<F.p..8..mhea....-.Xa{%.c..7.rO.s........"/}...O..].......P.0vd..D.S,......H.Sy..\...at9Nqf.Xr.f..R.....-..@Y..W...t.U..T..".;.L....C#.....|.].sM.'..........B..an.g6.... X......r.4.....o9...S...G.]..f.[*.@.^of.S......V...6Ct.B...,........`..T....~.p....3.4L.c.L...[d...n..Pz!....{.D._.......Y.......nH..-...t..#+....(..L.i.Tg...j.z&..-.....NWNzeS.hq..g.."~.3:...g...OP...)...o..G.L.!.I.......fe.{Z..|..2...?...2...W......="..&.%.,.....p...~..2 ..Lj..d*-'

C:\Users\user\Documents\UMMBDNEQBN.xlsx.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.774309579510433
Encrypted:false
SSDEEP:48:Q5p+1Lip5S4fy2FEvm97N+zVDGYXqkNnZoiUEqOGnw1mEFLM:Qu1Li/S4nFQmFiVptnZOw1Pw
MD5:B757654CD877E50A2F9780A59F3A7607
SHA1:EEC46C0151B9F86F96D343DF45B47E571FACD590
SHA-256:84B4F2F6C22D199A0E7C5CA82D06F0212516BB586ECDA7682514AAF96CAEA9E3
SHA-512:C6053058D903774A9BCDB51DB056E0B598C03A762C83AF5D6DA6CFF2E9E135C4BFDFDD5D77BFFD9961FEA1CD0B14D0392F3B753BD24152FE56860AB68D222C4C
Malicious:false
Preview:gA..x1..R.[...]N..]G..9...<..a.GY!..O...b.>x....D...l.,...dx..b.r..v.>...g.+G*.h..1bC...[.."...#..m.\. .Z].O/.P.f..=.o.W%A.^...w...C.....WgZS.nE..j...O|.i..".....s..>..W..E.C.|u...\...x..).a`.!.=B"p...l..Iv.+*[8.ae$DIC`..I...s.)..9.R.......rA.M..V...gZ....]O..A.u..<...j.E......D...[N........i....c....0\... $*.R..G.]...z..t.@..B...Q..K.=.[.-..VP.k.Q.}"~.s.!6..D.B.H. .C.S9rB..y.`).x>..F.1}..mw.x......#i'.s..!..=...h6*t..!]J4....=..^....\..(K...U.l...Y,.3.o.......k.5.K.._..U.9.T...rH...~..3!A.&.F[x<F.p..8..mhea....-.Xa{%.c..7.rO.s........"/}...O..].......P.0vd..D.S,......H.Sy..\...at9Nqf.Xr.f..R.....-..@Y..W...t.U..T..".;.L....C#.....|.].sM.'..........B..an.g6.... X......r.4.....o9...S...G.]..f.[*.@.^of.S......V...6Ct.B...,........`..T....~.p....3.4L.c.L...[d...n..Pz!....{.D._.......Y.......nH..-...t..#+....(..L.i.Tg...j.z&..-.....NWNzeS.hq..g.."~.3:...g...OP...)...o..G.L.!.I.......fe.{Z..|..2...?...2...W......="..&.%.,.....p...~..2 ..Lj..d*-'

C:\Users\user\Documents\UMMBDNEQBN\BPMLNOBVSB.jpg.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.744436079928484
Encrypted:false
SSDEEP:48:NERJivXnXZzHUesJNnZoiUEqOGnw1mEFLM:NERUXX5HofnZOw1Pw
MD5:E6116F86DBDDCDC28FE14E6D0432C28F
SHA1:AD8D47046E7AB13D5C93BFAD454BEF40D729657C
SHA-256:CA6B4187794B299E6890CF87DB145E8C75AD9D45BE1450A2222A321717F55DAB
SHA-512:3F8E594CFFAE7F15236D4141B862F12B0B0AC064FEA5489D9E4FED5EC2E578A390F88A4455FC333ECD1BE055179CA273625F6919256FF16F53B51E4D096550D2
Malicious:false
Preview:gA..x1..R.[...].k3...F}..<.% .aF..2$...eD...a.V..9.Y.x..Vn.T.061../..~.*......*..`\i...q.s7...\..>...Q\..p..Z....K....a.#.=G<...j,.&+..y..g(.uqI.-.).9.....Q.r.`..RI[.tK/..P..wX..f]....K..F.6....CJ...x[^aT...}...%.8.&Ud[.t....Eg#..Q_#.)......e......fa....km.[...%{1.A.zM...A..-.x....}...c.....j..i...f~~.PG.}7.....!..I}....#[....&myJ.i?I[+...G.-...nX.z.<R..F&...[C.S..........Ue&..Z.....up.D.Xn...+..1\.....MP?.[..P..J...ab;_..~|{aF5.U&/..l...E8..L.b.`.9._7-...\.dj...0..8,:....t.r..W...(.Ja...[.a..{H.....Z.V.u.{......U......4[.C.A...>...|.zv& Z..M. ...|.&.Ifn.[m.R...eD.q.U2......AT...}.:S~`0nY`.<..g ......\R}.0N.M....m+<%V18....Z..rlc.x.?S.1.G.._V9..:...V..$..'w.[[.$.Q..`f.W.*.......r..$^ZxB.3..A.......i^P....L`.Q...:.W..D..a......Ri.e.....<..;.Y....|.W.e..i.{.z-4..f.6N....:<\A. .nt.X.~....u.3{/.#|.S(.QN"...|......e:..v.s!.8Op........;.Z.B.:}p....S.e.{,e..X,i..aE....<...i..`...1Y...W..M...CAU....j......Z..Pj{...5......`.(.7..|$....z.........l.

C:\Users\user\Documents\UMMBDNEQBN\KZWFNRXYKI.pdf.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.709223126129414
Encrypted:false
SSDEEP:48:eQW3DUVtvtiy7ST5fT3GZukJbNnZoiUEqOGnw1mEFLM:eb0ApT5fLGk2pnZOw1Pw
MD5:CD94BA55FA8F457CD4481ADF5229FB65
SHA1:24E2A91C4682D5F4E0BEA832F064D76EE841075B
SHA-256:632F0BF3E930695611E95ED977C62E63FC2295608B14C90C8F052F25BF9207E3
SHA-512:3EFC49A0820538A5FA7FB81284D042AF35C317FFB34DB380DED4B196A4CEF9FAD0AADEFC9A84487A97FCFC96F52A335F14315A6A717EF95E2BCF51FB44C3DEF9
Malicious:false
Preview:gA..x1..R.[...].M....d.../.../..5[R.yJl.*5*..\..g.z.,#..:.#..Q.$...c...l....}.c.D9.Dw..~umq..x@.....nmhl."..B,..0...3"..0.Mj....:$.i.q...Tjq].J..tf.07.`.s.".X.n.d~..JJ...L^...6...l.+.....jW..)7.Bn.n.c.<].x.1z.d[...d,....1W..q8..()...[..0.6.e2....w...... X..'........6w......0.*....|.I...T)...-..8..:.h.....$.....Wz..i..9B.....M...^.7B.........m:..B..n.W.C.......F...r.....>2...Kh.3..Z+L;.Z.3i....9*.nvpe....;.w$.*cy..%H.f..n.y..ic.......{...6WY.D..+......%...@....z.`........L.....Dd=k6..(6.G..nU..E.V.~.!...S..{j.......f%.v6..C~...z......{*...c.eW.S.p.2...2...MqD.42t.....G.!...j........*...G..GVI.e....|W.q.............i.h..(D;.q../M..f..f..4.h~....W..@......RH.*..Ct.......H.5...n..S..mrB.......8..b..O..........4x\.......9+;..9.&......@.N.&3.....Y='.rl.;.N..J$f@..)Ss.EB.w...U<.<..7...6.U.XR...S..7>..d6Np.T7:Yty.z'..@\.....N-7.......?]H.;....m_.O....p{Wc...M...c...5.....f.s>.3.......k./=P...\...i..).....3W.a...!0..Y........=.7b.~.PY...M.w...

C:\Users\user\Documents\UMMBDNEQBN\LTKMYBSEYZ.xlsx.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.760410825476119
Encrypted:false
SSDEEP:48:DnVCDc/Bh9w7yXcK4xT2NnZoiUEqOGnw1mEFLM:Dnp/BUgIWnZOw1Pw
MD5:39CED46692FFC4062B5124CDE970B0BD
SHA1:10A1461ADB427C526A8BC551909B37577E2E593D
SHA-256:59EA4F51D4901C6C830F4D85DEA72B3A3754EB0E9C10E180AB1267C9C37C81B3
SHA-512:F812B2E431A92C554D657A3727B312F313CFCDBB6067DEA2F77A593673CE8676969E49D654E088C5C83AA4920E0DB31162A8BE46BF2C68F85AC614015251F0B2
Malicious:false
Preview:gA..x1..R.[...]..S....uA....K..p..>...>Y..x..I.<7.$...KN...r....q...V...N..Nm|......;:..i.vJ]|.L..%..0..mF..|._.........S."......i.@Z...C.z......S,%...+............L..*.2....R.....c.0K3..%.@D..d.gg..N...0.+...V.s[R.&<....V.4............I...R.u...}.z..<.F.p.8.0...'!....5.......UL...j.^.|..$...|.t....Tc;.=Lv.d....37....|....v.....&.4.A.2.,.o......AH.G7..K.4...1e...?7.._.[../[C.,Ei.p........@...mP.d..._.C,...(.ll|k........5#@.v..'3.F...C"9..W.....Om..D@.W....3{Y..0.h!..-..na.C.=........[-.-..._T-.N..gH...\M.\.l<.....2.....d.._L}....^..i6..'.2....J.......4..Q.&.#....N\...z.p..@.^suh.&...F]<..'%Kt.....)d.......C....e`bm~..@...tl.&'.".F\.+n...^R.::N...Z...._.xZ]. ...}..9qK..+..}.....@v.2..f..]....]En.a......w^....O....jD.Fh..Ne..olw...x....{7.....C.>wQ..o.t.@3J.R.d....,8..1.a..w.^....=t..J..o.+...n...3..E......A....}..n\W..x}7.]...rw...w..4...*m.r..OE....!XN.R..2..'@c..C...q].../Fa.t..J$....m...........S..+.&.,%..y.?...#.AO..:=@c..

C:\Users\user\Documents\UMMBDNEQBN\UMMBDNEQBN.docx.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.774309579510433
Encrypted:false
SSDEEP:48:Q5p+1Lip5S4fy2FEvm97N+zVDGYXqkNnZoiUEqOGnw1mEFLM:Qu1Li/S4nFQmFiVptnZOw1Pw
MD5:B757654CD877E50A2F9780A59F3A7607
SHA1:EEC46C0151B9F86F96D343DF45B47E571FACD590
SHA-256:84B4F2F6C22D199A0E7C5CA82D06F0212516BB586ECDA7682514AAF96CAEA9E3
SHA-512:C6053058D903774A9BCDB51DB056E0B598C03A762C83AF5D6DA6CFF2E9E135C4BFDFDD5D77BFFD9961FEA1CD0B14D0392F3B753BD24152FE56860AB68D222C4C
Malicious:false
Preview:gA..x1..R.[...]N..]G..9...<..a.GY!..O...b.>x....D...l.,...dx..b.r..v.>...g.+G*.h..1bC...[.."...#..m.\. .Z].O/.P.f..=.o.W%A.^...w...C.....WgZS.nE..j...O|.i..".....s..>..W..E.C.|u...\...x..).a`.!.=B"p...l..Iv.+*[8.ae$DIC`..I...s.)..9.R.......rA.M..V...gZ....]O..A.u..<...j.E......D...[N........i....c....0\... $*.R..G.]...z..t.@..B...Q..K.=.[.-..VP.k.Q.}"~.s.!6..D.B.H. .C.S9rB..y.`).x>..F.1}..mw.x......#i'.s..!..=...h6*t..!]J4....=..^....\..(K...U.l...Y,.3.o.......k.5.K.._..U.9.T...rH...~..3!A.&.F[x<F.p..8..mhea....-.Xa{%.c..7.rO.s........"/}...O..].......P.0vd..D.S,......H.Sy..\...at9Nqf.Xr.f..R.....-..@Y..W...t.U..T..".;.L....C#.....|.].sM.'..........B..an.g6.... X......r.4.....o9...S...G.]..f.[*.@.^of.S......V...6Ct.B...,........`..T....~.p....3.4L.c.L...[d...n..Pz!....{.D._.......Y.......nH..-...t..#+....(..L.i.Tg...j.z&..-.....NWNzeS.hq..g.."~.3:...g...OP...)...o..G.L.!.I.......fe.{Z..|..2...?...2...W......="..&.%.,.....p...~..2 ..Lj..d*-'

C:\Users\user\Documents\UMMBDNEQBN\UOOJJOZIRH.mp3.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.776046320148664
Encrypted:false
SSDEEP:48:MD5EN3dWzzXD5VZmNnZoiUEqOGnw1mEFLM:M5u3AzTNmnZOw1Pw
MD5:521341984AC4BE721083C8F1B2D31603
SHA1:2DBD7281FEC21292618EEE0B159F7E42461AAE41
SHA-256:167037247AD867821C760467D0F4CE6697C12908E8819972001A3E6F59432E3E
SHA-512:41F64BDD814CFF9C49CA5B8E7DE08515013ABB581DDFFE058F62D981EA346C0CE5CBE388C7358230D94E53F5082093EA6EABCA5CCE39B849AA1B00F000DEE5AE
Malicious:false
Preview:gA..x1..R.[...]>......x.h=7\D.jk.[.......A...=...E.....{Y.....n....-P..`.9.%v..O.X.....?.h.C%...{!.).1f....oB.e..~.,...~.}..OYLB...[J.\.J.x.../.`JO:YlEI.W.L..&..Z88..U.l[D..9.F...].A.....0........q.b.a..Ozk.0..YX.zt...D..:(T.t.X..v.a.@..>.[ #.O"..Ix....D..b...'/...J.G....+..I....b8.$.RF.J./.f..ReiV.g=Fn2n......K.d..}...m..TC.........8..V.X......#/....{.C._7.:.+.C.^..U.Z:...;pSf._......O.c............o..a.T.....9...v.(^....v<....D.Qj^..|s...Y.(.=...K.......}.Q......^.S.N?(6...U..'..^.G.{.)'...G.x.....H...MR...W2.H..F...5...v(e|...&.9p.....n.4......C..[...j.6.<lI.....P0..|L..Tz.....O..o.....ih^.CP..;u....eg..i..R....4hA..F... .(...S...;.v..........O0..:..}.f1u.f....A=.A...2....e.X.m#Z$x.....$>....gRI.4..:.g...}.d..X....n.{d.P..p.........%...FpW.8.+....lPs20.I....u.;........C.,..<.....".i....2.G7R.....?.j.........Z..L..|.B.."..W.?...A2.`..N.;l......F....u..P....9...u...!S.*.V.O.....LM]}.....?..N.t.k.I)..N=...+..+.@...]..4.`.>.

C:\Users\user\Documents\UMMBDNEQBN\WKXEWIOTXI.png.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.745993724833707
Encrypted:false
SSDEEP:48:/S7NVCN3l9Zm7Mxbce5Eda2/NnZoiUEqOGnw1mEFLM:/SBVMY7HNnZOw1Pw
MD5:14AF2DCDECA4D5326573945251060ED0
SHA1:BB1FDACDB1E645020AB9FD040E647CA698693CF5
SHA-256:4A34159A7D0AC34713849BB0D5B59AA18E4ED054B2156D49DF8626ED8804D56A
SHA-512:00AB7705E6A35D540B313FAFFA78E0A96BD1743C1352395407D46123470DA518DC10EB5932D2C4F9AFB11550DDED534E8824CFBE89C704C5B4B65B2F42F2BF2F
Malicious:false
Preview:gA..x1..R.[...]....^..m...R.7%...L.j.u..=OC-..;..@.....Y|.].. f....PU.(..w.mTE+..F...NI...|.(.DWoj.......... 5..u.y7.r....=.kj..R_...V'...<'u/..\/.s..>.#.....S.Y.tHX/...U=...|Ub].i}k.N..$...d.....p.l.|h.N..|.."..B...2.........B.xM...iF...eN..."W.&....2..#1....K_5\.]J.7L.....1...~...rF.$..W...'W.\..8.[....{e..}+...k.%. M..p.....qb...W...%...#g.$g.]..KS.E.W.n..b1..0.....w-......_n...r...5.w4C6&k....5\..7......U..E.3E.6N....u...v..[.H.!v......:..q.{..4..6..u...9.....Q.#...Y..E!4.G[mA@..S.....m.....*......bPB..1.N.>..[...t......Z...,...o9.../..x.....>..-3p..v.+.-x.@8}..4.'wU9.g.g."....q..&..|.?.....P.[.....!)5...J....{T...UA.g.@.`..C.7..T,....,.....(....1..1.>......h.i.KC.)R@wF...../2.Z#.,.]..G...=.C].j..<X.O`.c.Z+.......a.p.x.-('...n.Kx...%..#Z.!.+@.T.d.....++?xC.<..+b*.cc..\.V....8*`.w....U.i....$.5.U...!.*.a...6.R$.mK.3.&M..oo.u..A.k.....-..U.0.:S...g@N9..%...3pv....T}.8..w...F5....7fW.P..v...$.tNY1..Le1...X.....T.i...\jNk.G..#.0.q.J..

C:\Users\user\Documents\UOOJJOZIRH.mp3.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.776046320148664
Encrypted:false
SSDEEP:48:MD5EN3dWzzXD5VZmNnZoiUEqOGnw1mEFLM:M5u3AzTNmnZOw1Pw
MD5:521341984AC4BE721083C8F1B2D31603
SHA1:2DBD7281FEC21292618EEE0B159F7E42461AAE41
SHA-256:167037247AD867821C760467D0F4CE6697C12908E8819972001A3E6F59432E3E
SHA-512:41F64BDD814CFF9C49CA5B8E7DE08515013ABB581DDFFE058F62D981EA346C0CE5CBE388C7358230D94E53F5082093EA6EABCA5CCE39B849AA1B00F000DEE5AE
Malicious:false
Preview:gA..x1..R.[...]>......x.h=7\D.jk.[.......A...=...E.....{Y.....n....-P..`.9.%v..O.X.....?.h.C%...{!.).1f....oB.e..~.,...~.}..OYLB...[J.\.J.x.../.`JO:YlEI.W.L..&..Z88..U.l[D..9.F...].A.....0........q.b.a..Ozk.0..YX.zt...D..:(T.t.X..v.a.@..>.[ #.O"..Ix....D..b...'/...J.G....+..I....b8.$.RF.J./.f..ReiV.g=Fn2n......K.d..}...m..TC.........8..V.X......#/....{.C._7.:.+.C.^..U.Z:...;pSf._......O.c............o..a.T.....9...v.(^....v<....D.Qj^..|s...Y.(.=...K.......}.Q......^.S.N?(6...U..'..^.G.{.)'...G.x.....H...MR...W2.H..F...5...v(e|...&.9p.....n.4......C..[...j.6.<lI.....P0..|L..Tz.....O..o.....ih^.CP..;u....eg..i..R....4hA..F... .(...S...;.v..........O0..:..}.f1u.f....A=.A...2....e.X.m#Z$x.....$>....gRI.4..:.g...}.d..X....n.{d.P..p.........%...FpW.8.+....lPs20.I....u.;........C.,..<.....".i....2.G7R.....?.j.........Z..L..|.B.."..W.?...A2.`..N.;l......F....u..P....9...u...!S.*.V.O.....LM]}.....?..N.t.k.I)..N=...+..+.@...]..4.`.>.

C:\Users\user\Documents\VLZDGUKUTZ.docx.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.784494256000039
Encrypted:false
SSDEEP:48:UWpq8d2N29yx5M79ajw0f20lZP0uU6Q7dHkF/f+rWUU8IDqo4caQZFh:UW1d2N2gxm79aj7f2OZP0oQGgXU5qo4Y
MD5:82956F37485B116DCB99C87A181AEF52
SHA1:7A07DD239AD5B0C388450F5A66FF7CB0FBEBF9D5
SHA-256:DA549BCFCA02E86300E6E128D1A75075789A39D62E13C7DA6A24B0D0083496BA
SHA-512:AAAF847C1CB18F9E54F7FE522365E2885112790AA9F985D32CD20C14BEC92B824BDAAB203E3841B8CE0AE21B329304467670571087D02F3F1EA60D307ED5659A
Malicious:false
Preview:j....:g....U.[......-.[.P.[[....X.9aD.(r.\x...f.........hv.8.@.2.Ryp ....MR.........V3.T..u.Y.{l..5Q.ru.....V....U...X........H1.....&.....x..i..`X:...H....30..v-.....X...........|u....d..~R@W..:....,.h!.;......O..../...2.h.9M$Qv6d./,..Q.........#.'...(c..K.'........,.J....k.......D...:...A.'...#..s.xE....soEm..eu.P.}.AE......4..k.6....p..=3M...>....4.......E.G.....M 2...Q..|q....t....}..y8;.R.&M..!..g\.5..^...2h...b6..O...%.4.lq....&.....F...s_...MC..o..T.`U.V._...|.......UI..u..*....F.... 0..:.D...(t..%.{..w...........,8...&..1.6..kF....../..6!G....]{G...5..(H../.d..V/..............-.k...K..z...QS....,dm...L...`.....q.]Kx,o..e....:..1..E...........r. [.......\..Ds..i..U6......=.T.F....XBWQ.....+..xC...^Gy.I..Ys`.cU..l&./.`..7.:f...J.....?....h.&..C=n...z.S..y.U.Q..^6../....K.4.j......}4.c..*.=...O..:...>x...kt.....MH&....).....$...p../b..;...U..u......j.J]wN>.....5...Q....K7T.F3.~...d@[..Dr.iJ?..b.}..{..0......F.$.<?o0..Du......Nq+.

C:\Users\user\Documents\VLZDGUKUTZ.pdf.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.784494256000039
Encrypted:false
SSDEEP:48:UWpq8d2N29yx5M79ajw0f20lZP0uU6Q7dHkF/f+rWUU8IDqo4caQZFh:UW1d2N2gxm79aj7f2OZP0oQGgXU5qo4Y
MD5:82956F37485B116DCB99C87A181AEF52
SHA1:7A07DD239AD5B0C388450F5A66FF7CB0FBEBF9D5
SHA-256:DA549BCFCA02E86300E6E128D1A75075789A39D62E13C7DA6A24B0D0083496BA
SHA-512:AAAF847C1CB18F9E54F7FE522365E2885112790AA9F985D32CD20C14BEC92B824BDAAB203E3841B8CE0AE21B329304467670571087D02F3F1EA60D307ED5659A
Malicious:false
Preview:j....:g....U.[......-.[.P.[[....X.9aD.(r.\x...f.........hv.8.@.2.Ryp ....MR.........V3.T..u.Y.{l..5Q.ru.....V....U...X........H1.....&.....x..i..`X:...H....30..v-.....X...........|u....d..~R@W..:....,.h!.;......O..../...2.h.9M$Qv6d./,..Q.........#.'...(c..K.'........,.J....k.......D...:...A.'...#..s.xE....soEm..eu.P.}.AE......4..k.6....p..=3M...>....4.......E.G.....M 2...Q..|q....t....}..y8;.R.&M..!..g\.5..^...2h...b6..O...%.4.lq....&.....F...s_...MC..o..T.`U.V._...|.......UI..u..*....F.... 0..:.D...(t..%.{..w...........,8...&..1.6..kF....../..6!G....]{G...5..(H../.d..V/..............-.k...K..z...QS....,dm...L...`.....q.]Kx,o..e....:..1..E...........r. [.......\..Ds..i..U6......=.T.F....XBWQ.....+..xC...^Gy.I..Ys`.cU..l&./.`..7.:f...J.....?....h.&..C=n...z.S..y.U.Q..^6../....K.4.j......}4.c..*.=...O..:...>x...kt.....MH&....).....$...p../b..;...U..u......j.J]wN>.....5...Q....K7T.F3.~...d@[..Dr.iJ?..b.}..{..0......F.$.<?o0..Du......Nq+.

C:\Users\user\Documents\VLZDGUKUTZ\FENIVHOIKN.mp3.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.790762936725624
Encrypted:false
SSDEEP:48:kbKZnRfVq3rQ/u/fUrBuiQv3g0uU6Q7dHkF/f+rWUU8IDqo4caQZFh:3fQrQgsrBuisQ0oQGgXU5qo452h
MD5:FE6A20CBA565AE63181653E51F038B89
SHA1:E15B17C52F0E6301D7813047166D700D3CC0CD2C
SHA-256:B2A5706F3AF96C838ECE779E45BFEB358BB18B4C7FD16ECA746748DDC3E2C878
SHA-512:0B10104D28A040B78167E1931F338F04C79085352F703408813B3786FF02C1AED5F01E0C0E40C63A5B2AA7B7B59B6A77A8B41FC09C0F04902D82E5CD44A0D980
Malicious:false
Preview:j....:g....U.[c{.,S_..9(.....6Z..(!..6u..k.7F,.."..{.{.W..vK.[..N..Vk.A...?$......._...2......G...Q(......h+;d....L/.z.._?|....w..Q......F....W.?.;.y%+..G.....;..Q0..<T M..f"M"$.3\..G..Tr*N...R..\y.n.....;..w...(.J.x.....u.........Z:7._t\......mQ.|...s..t......1..P.~/...}........J..+.....w...]...e...CR....|..6xZ.B.,....+.[..@.)bP.'..b.oM=O....o...E.].h.w/..R%R...j\2z...K...A..\....K..."u0!o....Z..*.jT....f..8O..+Br.o.c.`>.!*.w.{.|. ..[........V..-S....h..b...{:.p...P>...&<..qL.I.....?..L..ie.V...E.,a.h.. <.I.........r..[...V.......v...`r.`...H...M.....l(...E.k....:=.B....S.>.lao.].#....qY......<.|X..\V.{...\.....V...F..t.|.y....k4.tM.......|yD.@.A....@C.0..$F..k.+R.R.1....qH.>._..7........c.<.....w..Ba...M....%M.YQ.....$.C.S.. 8.....e...&}....$F..H..&.=......fH.......Q.",_O.#\o....w.s.@..Py}..l.<7.r.k..gI.Z....T.D._....."....... E...R.'4.c..."..P.8.....&....J.t<..4..,R..}{<..e...H.b.n...>..J..+..V..<2.\.e.#......U&.=..C...0.(.......@

C:\Users\user\Documents\VLZDGUKUTZ\HTAGVDFUIE.xlsx.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.778884613528968
Encrypted:false
SSDEEP:48:uJ4w+pCAJ7UzLkCVhh0KzX0uU6Q7dHkF/f+rWUU8IDqo4caQZFh:oxQCA+3Th/zX0oQGgXU5qo452h
MD5:193BDA6ED77471A70E7953659AA75F09
SHA1:D659251F29B933FA2160EAE489AEE63BD724DE11
SHA-256:91A76C8AF11F0D9A5C39CA33FA57207968D1E3DD0E814A00BE8B92E181F3E032
SHA-512:1B825E6E6FC431AAE5D75550206860449A7075A9A33AFF46F3AD1B0E8674790785AC8F0798C89CCA6F7E542D4124BE75DD00442EC97576920C344E4E932E91CC
Malicious:false
Preview:j....:g....U.[7l.......~.7 S..n.....c.dj......w......"E.P.5.....Y....3.....M..D...."F.%.&y...K.L...h.:;..?g(...L.....t...g._...x.4\\|.^I...Y.w..P..v...5. .4.......C....2c......HRY......@i8..J. .w.F..,..{2].......k.=....U....o.......57..F.p.~C:}....V...Q.h...y../...L...x{.-%...%._.e...D....`:....|...OY.y...\..0......w.U.+.h.s..*..|'.^".:Z.J>x.~.x.....*,..,.p.<..H.lb....lc........NNGK.....i...!..}%U..7..>...He.S.....#.J?. .-c?.....dE[z..{U.>.G.Sr.I.=$>.......jm.;A./H.&.6.G...).`k.r....c..3.(.V...G8...5....<.UQ........'..1..&>N..a.4~#.S..n......."3..*n:.^....X.y.T..?]...d-I..#./.X==..w..cc.qK......1b.....B..T..OOm.Fw...R.I......H.s.j....S8./.b.[P...q3.R....UJ...8...$.".....= ..u...6..<~s._.e......nT.`.......{o..Q.O......z..GQ"B...A.c.4....z+=.yB?.u..........."vd....G.q.I....+.q..s..f..lf.j..#......s..*....;r=..Ew...B.{.\.P|U.R.\<]i..0..4.....u.3.%..u.l...[.B...MysWM...|.H)p.a:.j,Z................c...T..0..!D...1X_.O EO.K....Y`k.2...!.8.*..

C:\Users\user\Documents\VLZDGUKUTZ\KZWFNRXYKI.jpg.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.749037073656452
Encrypted:false
SSDEEP:48:oZdbmbqxlq50QBFtIqljaFO34U0uU6Q7dHkF/f+rWUU8IDqo4caQZFh:KdKboq+QTSXF/U0oQGgXU5qo452h
MD5:F33071176622B46152F96A5B61AC809F
SHA1:BF39BE1064AC34D29D3CE731D58B7D2922C21C22
SHA-256:0532442658155D30FA9E24AB11C4DAC0D19D379F468CC7FB6F0DC712EC9DA08D
SHA-512:2C27C79F16B04C052BDB4A2A3503E7A6EDDD01DE1F365DE272C6302A6A0D3F6887B257E3AEDE283D2B9F0B423C77F557453719E44BB574D67029237566170251
Malicious:false
Preview:j....:g....U.[..D]..Flf<^M.;S.....".....~0!.X.....{k.........4T.7i..7..V,.3...i.8....K."...^.......ro;.W.H.{..5.}..z.......2...p.K........ ......7..:.......v.O.|t..1Z>...m.`....C.....].m...z......i..n;.j....B..t.:!Ln..v ..up.|;.4 .A..l..l;>...8.~.i......Z....{o....#..Z(.8..,.....M....\Hb..\.......c^.L.2.GR.nC.<..S}.\.\...fX......*e..`.^$.\..I......)]V..TM.B.j..uAsc.......>..z..#.......|.{.X.`...c...;..u.K.l..n;b>r......y|g.tQ]..j.;.B.u.PQB...}.O..O.....~6.i.z.OKc.u...S.i.^I...P...".5B....<.,LRX!.....8.c...e.e.G.D......Y...D.......\kf...PW.00...8....-.V.Ge.i......6...*.X..^m......e}.&0....)..iy...e.oYm..0..r.^v.DX.-.)9...9U...........xv%.n6S.Y(.9i.&....:,.N;..q*...2.&y..k..=BI<..e...4R[.#.`5..-*..e{.../..J.Q.E.l.s.$.....S*.C.6u.:c:......O[....s.7%WGso..beu.7rf....x^I*.d..!..su{osn.:..Lgw....d^_W....A.h..j...`$H..k.T...J7v.?;..(...L<o.A..^v5q......+..o..........+...<..+..)Q..V.{.x./.b.A.nq.}p...l......go..(<dJ..a B..-.............w

C:\Users\user\Documents\VLZDGUKUTZ\NIKHQAIQAU.png.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.7349051027944
Encrypted:false
SSDEEP:48:9HIA55ZxFzVCgtgPawK7JYy0uU6Q7dHkF/f+rWUU8IDqo4caQZFh:FnFz5t+y7Jz0oQGgXU5qo452h
MD5:C0CD7CB541C8E652CCC7D5D4096AF2CD
SHA1:B0EE1A67B9C502B1BE7E800696ED321858505069
SHA-256:C796E58197EA325760A0F740DD4A77D540565BF3ECC3C135325DFEF3ADB10CDA
SHA-512:E565FC367B6FECC7ACA05B3CDA39D13D093A2F928F3ABF10C8CF8CCA4FD4A0CA5A2DDFFFF82DEC87E968839BA36BBBEB6D4C78FDA2A1E04D55B36FDCAC7DFD0E
Malicious:false
Preview:j....:g....U.[...0:.e.F#7.f."..^..U`D...#oc....Y.o....."X`.xp.."...ER./[....wH.....7=.................066M.......S..KB.:{.~.R.#...v..Q.W..4W.1..hb[..-..".<.b...1.x.C.96.C....(.>Sh.&.sR&.X.m..`A..?B......K_..].|...*..&.......\..Y3.......J.i.:....]i....9<....5..2OZW?...@.a...[..*.....g..UAC..f.}...%.;..[.}.I.A...8..tN.....6..9?.wSY..l...S..w5.=...|k.kez-4...bL..*.x%...~.7..c.r9j..../..........u.~0..7.3.....d...F...Fs..V.c..P...{....E....".I3$.Fb=....x...o.)..q.B+...a.x...X......6..o..3..0....LzM...tv..2..W....S.L.......}...*.....Y.D..#.....b.}...O....S......I9..j.......W.....mu1P.V.h.E....}.x..it.aJ.&.96.y.U..`....d.y....Y>..EO8+..Kd...~<.$./,.xZP.-.........2\.H.z..$.s.....+..k.?.&....om.[a...<..8.`.... .v*....'..f.!<.P..=.<....s.q2.....6..M. .,Y..v.\.+.5......>..M.X._.C..D....0...:f..U.=..i0o..K.O2..fx....$.iVX..*{.;%....p\e...ea.`..g.x...N.erw(.a..(...&.IR@....................G...N.[.`...8+.t;........yIN].a.U....8t7.v.W.t].9..QBg

C:\Users\user\Documents\VLZDGUKUTZ\NWTVCDUMOB.pdf.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.7494720657939435
Encrypted:false
SSDEEP:48:Q/X5AVlEPhRemmT+pP5AWEbwXTi0uU6Q7dHkF/f+rWUU8IDqo4caQZFh:Q/XGVlE5LpPKMXO0oQGgXU5qo452h
MD5:08DDC3057994FF1C6377FA6D3ED5B37E
SHA1:FA5FA8C80A63CA80246EE82C9E1C11692F9804BF
SHA-256:F664E8CA401B1D6BBEA2B277DF96ACF0720DB62151DF5A25E5EAD3F9C2A11B1F
SHA-512:8BD0C8712B95504E9C520B3819F7E355A0B805EF5B3947D4F1C75CBBBFD5CCEA82086195A85B3D95F37A783EBDF1A19E89AB4F4DF710BE17318522BFAF0AFBB5
Malicious:false
Preview:j....:g....U.[..^NiCY..p..@.w...:.....\FX...!I)k. ..P.l..p....G....f....fi\)i.....j.0.dH._.~..?e..K.!.Y..|...tp{.'.tE...{V....O......x.a......=.....\.tvP+*2.......Q....)l.d0w.r.+.7........D.>:?....).G..\......H..&..@.fVi.;+."a..d.nPlT.&uF.SP....tP...\...P..=......$..$...f........aZ...H...Q.m..V&...UuXp{.}.N2.Y.......R...}.Y.9.MU..........n..r1F'ye.i..(....+.w..1].v*..gN..^......M.m.K....p...P.j..,+.}.L.,.....}&1.../.n.86..3f.3.\.......D5.;T..>.t..........O)V.......y6;..f...|.M..... .h.%N>.!..0H...G.)......YS.=".X:%.....1$..j..4.xs/B.@N.*.L.......qL..;v.!.9b....h.8Uu..+.m.uG.x.....N.l.[...].{..::4\..<...{...tf.`.d...M.?y+..9i.m.|.Kf.ir..^.Ia...J.2.'..F.....R&................7.".}.*...|..{....%......+...4\\p..!.t..J..3.;Vg?.x."..|b.,.....7V..w^.4.\...K.`..+4o......L.n....q.KS7.X.4$........$.E..5.{&NY.....2...(."STyXW...yU%...:....|39g....[lF....d#0.....t.!.<r|Ri.S....=.....$....:n%'.9.....!..C.Tk.J...c.vd......`..s.F......../....e8".U7..l.n.).....Gs..7,z

C:\Users\user\Documents\VLZDGUKUTZ\VLZDGUKUTZ.docx.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.784494256000039
Encrypted:false
SSDEEP:48:UWpq8d2N29yx5M79ajw0f20lZP0uU6Q7dHkF/f+rWUU8IDqo4caQZFh:UW1d2N2gxm79aj7f2OZP0oQGgXU5qo4Y
MD5:82956F37485B116DCB99C87A181AEF52
SHA1:7A07DD239AD5B0C388450F5A66FF7CB0FBEBF9D5
SHA-256:DA549BCFCA02E86300E6E128D1A75075789A39D62E13C7DA6A24B0D0083496BA
SHA-512:AAAF847C1CB18F9E54F7FE522365E2885112790AA9F985D32CD20C14BEC92B824BDAAB203E3841B8CE0AE21B329304467670571087D02F3F1EA60D307ED5659A
Malicious:false
Preview:j....:g....U.[......-.[.P.[[....X.9aD.(r.\x...f.........hv.8.@.2.Ryp ....MR.........V3.T..u.Y.{l..5Q.ru.....V....U...X........H1.....&.....x..i..`X:...H....30..v-.....X...........|u....d..~R@W..:....,.h!.;......O..../...2.h.9M$Qv6d./,..Q.........#.'...(c..K.'........,.J....k.......D...:...A.'...#..s.xE....soEm..eu.P.}.AE......4..k.6....p..=3M...>....4.......E.G.....M 2...Q..|q....t....}..y8;.R.&M..!..g\.5..^...2h...b6..O...%.4.lq....&.....F...s_...MC..o..T.`U.V._...|.......UI..u..*....F.... 0..:.D...(t..%.{..w...........,8...&..1.6..kF....../..6!G....]{G...5..(H../.d..V/..............-.k...K..z...QS....,dm...L...`.....q.]Kx,o..e....:..1..E...........r. [.......\..Ds..i..U6......=.T.F....XBWQ.....+..xC...^Gy.I..Ys`.cU..l&./.`..7.:f...J.....?....h.&..C=n...z.S..y.U.Q..^6../....K.4.j......}4.c..*.=...O..:...>x...kt.....MH&....).....$...p../b..;...U..u......j.J]wN>.....5...Q....K7T.F3.~...d@[..Dr.iJ?..b.}..{..0......F.$.<?o0..Du......Nq+.

C:\Users\user\Documents\WKXEWIOTXI.png.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.786432575791565
Encrypted:false
SSDEEP:48:rIE5pkw2N3Oon1ebbK+YhPez0uU6Q7dHkF/f+rWUU8IDqo4caQZFh:lPkwM+Yy0oQGgXU5qo452h
MD5:A8A94D6F1C8E8270A6355E9E526D356A
SHA1:7F0E2C339E4A3F81CE297F05C4FBD12185C18813
SHA-256:DD154AF74E6A9C1C06F80EA92AF021788D33BB1C19D28B38B2CCB3B5D82B3F41
SHA-512:1EB521E0DDCAB2DCE82E801DB301057F90AEE8146898FA91D5F3423F229713E95F3EB4563873E967C79437E7654E198B92A25C38DD034E89AB52096C6412D948
Malicious:false
Preview:j....:g....U.[.....J..`.`.]}u8.@...jHyi... ..q..xHk.Qv.T..i..\.z,.....?.l..J`..'#3...R....Wm...6.FP...L..#.$.;....5G..J..^..#[.....f.5......._|.T.J.....Zk.=[?x`..C..,..G......`...P..b...%;..1.+W.....(..to...O.*_0...qkYz..=[...?u.^.........=f.}..'....U...:.....).m.</M....".A{{.j..X0.a...1~.Q..1.!..4.)P...R..R./.v.$J...*9.:.2..Qu...KE1.......mv..'.v..p..LV..3.....K\U..@..J[...2....V...)h...g.!j..u..ze_p..U#.X...*....l..#.....-X\:.U.5..jS....". w.}I<..v.n.A......UNkP..../:. 5.QZtn...q%..`..VO..?P...|^.....=.Y...u..fG].f!A...mT.N...g..d...<'%.Q6....I..m.@...|.k..s.W],.........`q....]...j..E..-....m$./8...v.C....F~.e/K..4.O.U..+n.c...XX.R.....6..(_..7s.8I./....,...;.j.....y#.....51..R.3...S......asuL.........N...I.....f....].}.M..G.XW.}/.,..Fg'..h..Z...........c5'0#5........yc ....J...6.....Z...2y..g...*.,.....*EFz.M.%..'..{...;.v".\.#..2<xP.lj...(....&I[a.s.E`.m%...Dn..:FH._.Q.....+...^..f[..j....~.#l....e2.....KB.p....p...`.g..y...l..*

C:\Users\user\Documents\WUTJSCBCFX.png.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.758192238504359
Encrypted:false
SSDEEP:48:U7DBGckeTRR4XNs3+M0uU6Q7dHkF/f+rWUU8IDqo4caQZFh:elG6RRQaL0oQGgXU5qo452h
MD5:70A397374BDCFF7D8F0FCBE6F8891850
SHA1:F074FCE8EDB54197F4E309862D27E95C03D6B034
SHA-256:CD75191F0C2F5525059876FFBA57BDF4B1E599B6D13FEB6360DBD494F89A8793
SHA-512:1F5BAE33293D7EDE0168E16E0EB5BA9E978AA410D065AF7A59E8575E4DA451C86551E2DC579BD42A4EBD1FFA80C628DE9C448F84BFB45154D5806345196E38AE
Malicious:false
Preview:j....:g....U.[..$...F.B..&.G...'.$.U)........E...ap1H...0.....ft.X.]Y.T...p.+.)#.r..cZ8.*....6...q.1..Y..../.......>..4.%E..r..h...p...V...d.o.2..C4.-.O........d...q...*...k.1.J............R.0Sw...k..Q.cG....9...)....,#w...;0r..CY_z..)...........".2.H..rD...4..k.Z:u-n.=8...........".........;....o"ZS9..H.V.f..Ij..k.......2......v~$.B.A..0.!P.J6Z..o..4.y%....`..J......Y."...%..>....)\....|<x....5.......oM:....c.....].....sv?.o..g..Ei....np.c.....x.v..5fY.Sn.fVN...o6.X(f...nX..i.a.,...Y$PD.%<..Z.~../..w5..+.,69$u.?............%....V..c..JM>"H..M............(.%.(.O2..:T..A...+.f@..\...=|..!.!3.s/%.*..{....&h......}.).r-^..G....n//.@Ji..x.%../...]..qn...]f..q/. ?n)..^.A..Z<......;i..E.Z.i..+.j.....>B........$$.' 5tV..?$...D..X..SN.....{.E....3OY..x[R;...`..Z.G.A..Z.i..}..6....{.OZ...xQB..S%K......)].......L.Kw6Om..../=..;..7........x.X~j.[..cR.......[.:{&.$.rp">.0.....Z....~.KF._N].z.......s.-..g.B....i..d.gF.9...7.Y.i1..4)_..N..2.....}K.

C:\Users\user\Documents\XZXHAVGRAG\HTAGVDFUIE.mp3.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.778884613528968
Encrypted:false
SSDEEP:48:uJ4w+pCAJ7UzLkCVhh0KzX0uU6Q7dHkF/f+rWUU8IDqo4caQZFh:oxQCA+3Th/zX0oQGgXU5qo452h
MD5:193BDA6ED77471A70E7953659AA75F09
SHA1:D659251F29B933FA2160EAE489AEE63BD724DE11
SHA-256:91A76C8AF11F0D9A5C39CA33FA57207968D1E3DD0E814A00BE8B92E181F3E032
SHA-512:1B825E6E6FC431AAE5D75550206860449A7075A9A33AFF46F3AD1B0E8674790785AC8F0798C89CCA6F7E542D4124BE75DD00442EC97576920C344E4E932E91CC
Malicious:false
Preview:j....:g....U.[7l.......~.7 S..n.....c.dj......w......"E.P.5.....Y....3.....M..D...."F.%.&y...K.L...h.:;..?g(...L.....t...g._...x.4\\|.^I...Y.w..P..v...5. .4.......C....2c......HRY......@i8..J. .w.F..,..{2].......k.=....U....o.......57..F.p.~C:}....V...Q.h...y../...L...x{.-%...%._.e...D....`:....|...OY.y...\..0......w.U.+.h.s..*..|'.^".:Z.J>x.~.x.....*,..,.p.<..H.lb....lc........NNGK.....i...!..}%U..7..>...He.S.....#.J?. .-c?.....dE[z..{U.>.G.Sr.I.=$>.......jm.;A./H.&.6.G...).`k.r....c..3.(.V...G8...5....<.UQ........'..1..&>N..a.4~#.S..n......."3..*n:.^....X.y.T..?]...d-I..#./.X==..w..cc.qK......1b.....B..T..OOm.Fw...R.I......H.s.j....S8./.b.[P...q3.R....UJ...8...$.".....= ..u...6..<~s._.e......nT.`.......{o..Q.O......z..GQ"B...A.c.4....z+=.yB?.u..........."vd....G.q.I....+.q..s..f..lf.j..#......s..*....;r=..Ew...B.{.\.P|U.R.\<]i..0..4.....u.3.%..u.l...[.B...MysWM...|.H)p.a:.j,Z................c...T..0..!D...1X_.O EO.K....Y`k.2...!.8.*..

C:\Users\user\Documents\XZXHAVGRAG\KATAXZVCPS.png.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.760590877235607
Encrypted:false
SSDEEP:48:nlnjkRPZZp3DUoD74VnjbK0uU6Q7dHkF/f+rWUU8IDqo4caQZFh:VYZBDtDuj20oQGgXU5qo452h
MD5:169243A6B872E8147763E5620F5A12CB
SHA1:51D854481ABEFEE6F5FA21E02685E1A8441FFB87
SHA-256:2894E23EE44CEF23C37E6610F9DC153263C698B7BDEB113F8C44245F1DECE198
SHA-512:1B4502444D4E40E6D38C2D41ACB436ADA0E66135D62D670C2269D8252DEA63F9906C88835EA34BAAAA7CB6282EA7A4863E92AAA45B2ED82F09313908D7CE7257
Malicious:false
Preview:j....:g....U.[...._.{.0.[.d......A.>*........d.......G.|.H......=..*.....[..BF..5xv.T.^.V..%.rv}.Z.(.m9..e...e.z}..[....m.r.mA..f9T...t...`.D....v.h4..)0tvH... r?...@*|4..CG....*.......zv..(....T..E....H........<&..f.K(.U..B%.V.*..u0..f ..C.....!O.....v.C.=X......[V:<...yaI....p..@D..i...W.t.E..$..R...7t. ..m..M....... EJjQU....l#A..{.{o?.......$.3......AT.. .#.6...B4...E..)zEP.:O.......Q..j...(.h..,8...OP(.....O.../.w%........pAN*|l.V......w.R..DA_...@..|."J....o>S.3$. . P6....^?...Ws...q....R.A.!..N^F..e.w.....+D.z...x..8u.G...`&3\A.8..Y....E|.~..L..`..9..6H.xC....?.jH.^..o;...,e..bf:...<+v........y.*P.}...ovfC.~............w.+S.[...<.!L.S.%.(...W../..CHE.D.......|...3i.g....2...H.B.@..@.s.h..?Dw..!..Z...ZR.;...#\...4.......6E%%...).U.g.S..........V.TR....D.aR-.jc....uR.P4.p'.T.ZD.f.GA..%.q..~..G....2..--L .{..R...9O1w...G..t.>@T!..f.&..+..#i.z.J&...8.0.3..~.........k.r@.8Y..Z/..@.}..Q.z[6...X...<....F4..A..w{2V._.%U.(..a....t...x...

C:\Users\user\Documents\XZXHAVGRAG\ONBQCLYSPU.xlsx.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.76492788529227
Encrypted:false
SSDEEP:48:2OTaLf7NR6Keo/ZPwV58dzkKj1amMu6M+3WGluQu+U/QvI89ztQp:1TaLzNRcohIV2YQA/3WGluQu+wQw8rM
MD5:B6A48F3474773ECF5CA1CFAB4EF61324
SHA1:5FE3BD2BB243ED5105669209806BE47D0FC6ADA0
SHA-256:5F228442E332BC4E43CE43212D5BEF0F2013943E71AABB7748A267E0A2D86C23
SHA-512:7B14C46E9EBB4ED176EEE6B3A2EB700202BBF157EE2098A717CE5E3C1A91748275C416E43A451F0F3A4CB60888389131D24147D981F3906422191B83F2C238F2
Malicious:false
Preview:m..._..m..w..8k..Z..%q...Q:|...&.....[..~.{6.v..d..QTt..KR].MsG.,...f.Z...h....hF......w6......#iqF..)3`.p%.@...M........|...o..;.........<.....j........+.x...U....eH.c..T...b.....'2.Ss|UpJ[cC.0d.IAB_..[.v.h.Q.....5..T...=..V...b..'..'\..W..EY.......ye.R*^..R..$iisv....".@C?!.s.o.....`.....Q..,.{w.b....`..v}..C....IG...L0.....@0..&...T?.N.F.B../..K....,..Q0.R..j..'.]h./....ju^Df..Y..)+.d..+.'E.5.)...p2...~)......&.]r&.6.xk.b.`.,Z....dlP{-..`O6\.p.........tyY...7a.IXb%v...._.....]n.C.....FQ<..H..P.........;..s.h..!..T.Li.7i.S.%..)%.[=..w1.$.4f0...c.FU....tiN.*...6.......S.w7..4ZPs...C.K...F..L\.sl.......rJxD.z.&.K......x.<..n.y.....,./U..Wn.|. ...v.T($q.Z .V...Gt`...-:5....D!...2...{."6&..U-..n..H.>..'....yj}W..l.....`.z.u)A&.-.{...r.R.G2f..ou.c.. `...{.3$..^..iX@W...O.e.......F..;i..F....W.@9L..N0X.1:L..*..x....ZY^.....J*.A<N.{G.G..B.........F.,.W..-[...$...p...a0c.z..7.........:..b..7x~.`J....7H..h..Y.os........A..G.,l.U..A...gc.PJ..r...x.i..y@

C:\Users\user\Documents\XZXHAVGRAG\UMMBDNEQBN.jpg.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.763877155905144
Encrypted:false
SSDEEP:48:hyhVc+v/+CU72G1nkMhZ9BAFM+3WGluQu+U/QvI89ztQp:uVoqcZtW/3WGluQu+wQw8rM
MD5:2B8F7ED79C3EDE405D51313AC9238D6B
SHA1:70DAF24AB8C77245C6A8943C7811F085478F8991
SHA-256:8476C4D7A42F9B7DC054AA3A5FB17A6322920F91E9B932D2998FDB16AF57F887
SHA-512:E185EEC719A677888BB6C9E33D43BECC2F1662DAC4F294D7F73F4743101E45829939658BE5439C8747118ECE42BAD1535976AE6DDF1672EF7E93E3BAC9A6665C
Malicious:false
Preview:m..._..m..w..8k....K..]....d.vd..G.1-..-.T_..9..W}Y....~..r.s6._i...C`....../$...w..?..S.V....W...?.1.7ot!Q ...3.Z.:..~1Sn..............L.._-.....I..97...E=jS.2Y....z.CJ..x_.S^C.&x.....PQ..V3j..v...F....]..i.f..o....p...I..j.^....(....!I|.........[.:r..F..r.rxc......[.m.....-._l..o.12l.O1..$....TnUha.a$.dN\{.....AG...|T.u.]..Vu...VPc..'4...5o....>).M..!;a...T.[.y......ZAg$.i$.E.$h.T..`M!=.7..Q....9;7a.|-.D.hn2.......+.].....0..xH..P..Q.}.pX1..q.M....N.L....u.=..a.Z.-.^....HJg S....@.%.(._.z.K...6...8.xjU...=...N-h.....Q.h...%......9n..x...\.1..n'...%..s.(.q..C.+.=....V{z.5"._3.<1....=.hQ.$..PH.....:d........<.(W.....`.-.W..H~S..E.G.b...!.`,..$..g....f.D.e=.8E.Os~.....e...]\....3..4i.JN.?O..g...M"...f.Wr.'&r.\-.....!B~...M..2.......8........S.e."A.S.....A.............j..X}....8.y]......D.H.Qi.}.>q.R.../.\)..*....p".6.1P.....V..:.a.S.L.<\...........&.7I}..m......]Kk..N..iJ..6..ZKb.D.......a.j..U.rfzs4.........hn....Jw#A..{{....B...z.

C:\Users\user\Documents\XZXHAVGRAG\VLZDGUKUTZ.pdf.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.760930242193539
Encrypted:false
SSDEEP:48:FzyU3Wgpg779xtdXhVo3XSM+3WGluQu+U/QvI89ztQp:AYzpQLrhVo3XS/3WGluQu+wQw8rM
MD5:713C5580675FE202FB7B6D5793FEB346
SHA1:D1C907C8AB85721B6AFB5C66B72F041954B066C1
SHA-256:C5E867197282BAA73CF421075AA95999D7C9289928CB4D63A4A72C92EA2B994A
SHA-512:D37E6500A971A591952036FC2C7B0A150EAE7D0666FEE9A17C92DBA82C3D144D6B2710688E255C5F255E8905900BBA315934DAE4EBD55F940494CD288E75C876
Malicious:false
Preview:m..._..m..w..8k...2"..................y..B.....u.d<4\.....&]XG0.,BC|.Y.ff..W....{~54....a..Q....:.`O`.m....)a.Vlu.h.DAy.gA..K....e .h.Z.x....|..]V.II.X.,|...b"p..Z.B.%.Dr-WS.z. ......\....@T.,M.z......1..Ci@...Y 2..n.j...EV9>0g.......,#x/KM.!.x&..R.;'.A...6.A...}.F...1\G.:eA.....zy...T..P.[p..........Z...-d..3.m..Q[..e.=...z.i.AX.k...m@......b.@O.....E..<..~t.+.....q.K.9.R.x.v.L...R.~...HZ.D../...k...W`d..?...=.)....s.UO.\[G2b.i#]..[.%%.e.a-d..wfx.......w..2.......z3r1+.....v.....?m.....IW0i...<.....S5.I.c!dZH.(.......9..Vv..Q.a.6:.o.....N....@.,... A..[..d......ZP9...gmt..b.O6.._$2.......h.,...wm...G)..r.RJ/0....*!i.....1......V....0.~.W.CX..S.F..E..no.&.PY..J.1{...D....Zy..n(L...J..]..C..S."..2...T.X..HE.1~.B....%!(..c...`.]wX... .....".........d.KQ..L.Q..g{....j..!.u.\...7...j.f.4...W.V........`k[y.x...X..I.Z.{FC.sY............E.....xY...$. f.......A.OAq+.D... ....Rf./.S.a<..o.C..QY.. ..N........s>k..Sj.....4..JW.n..?yx....B.T.z..o..\

C:\Users\user\Documents\XZXHAVGRAG\XZXHAVGRAG.docx.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.759011531017875
Encrypted:false
SSDEEP:48:KgG1Eieeopr+9MUTTPMEm2NOPCn2+HM+3WGluQu+U/QvI89ztQp:KvKiBKmgHanH/3WGluQu+wQw8rM
MD5:1C3374A2919D86B08AF28F47352C7CE4
SHA1:916F0089A3BF8E55C61079AEB5AF5BC967286186
SHA-256:E14195202B3191BCE20A49E86419123B65E13134811ED3931B3515B3E3C51852
SHA-512:5546D96CDFFC732C83C8CDBCEC0403F6322735A86D1C908757B8D308687CD2D10A832F2D6D02BCC246FE8B26153317E4D47045A3E44070D8C8ACA631B27671D7
Malicious:false
Preview:m..._..m..w..8k.......w..W..&..~E!.g}..;r!..W.[.............(..Hc....@.......1WF$f..3.c.mg.}~'...*.=........B.....74(._#Y....aid2..mSd...Gd.Y..q;....7.b:.]...S*...m....89.S.$$..)R7g..~.3..[n.M.D..~M........eH....*...EIwjTxu...bne.f.2..........6.h....'&>z|.aS....]7f...g.H...l2.9....:gZ.'.:..~..eB./J.:....8.!.....X.(g.h|.....W\...r........Qp.....J`h.D.N..j._.r..1.m...Q..........u.K..v...$oo2........m6......;..k...........;Q"1}.^.$L..V.+.'p..#...|...;.V.=.....j.x..0..d...x...H.....]...s.w...}d+.!V\."..]p.=f.T...'T..ET....`K}.B+q..)..;.9..DS.H...1.=Z........(.6.\.f8+&..7.....C..u:lo Y@<3.0...&H.p.$zT.g...p.M..X4.Z)m.RK.n%.........04...Ph)8.Q..Qn....../..*.j...aZ>N[..Tv.Onq.....k.6T....J...I.R.+u.......T.=&9\.....$..GF'B_..pC......"F......k.x.[.J...*E.......@.1.....d:S..)........7.B.u..._.+_B.jG..l....%z.P.x.I....`.k."......X"....L..9.Y..t...&.k.....?|E.V..AqI%Q9v ...K...3+L....h.kO....+.p..^...?.t.......l.a.vT..........5.....:

C:\Users\user\Documents\desktop.ini.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):1468
Entropy (8bit):5.826213895837954
Encrypted:false
SSDEEP:24:fX9Lcn7rJdcfx2j48wkfz8zWUjiuEOcEVB81swS8QgzRF6S0MJivbPPV17A7xbAv:fXw7rK9tk5XacE41swS8QgzaMkvbFRAm
MD5:051EE2010509B0D81041167F32A26EEC
SHA1:9B45829656C462CCAA6DFB87F4184920E1ADE021
SHA-256:223E922FD9B5F6752ECBF068DB74BBA1A5C0FDCAB43C04827C37B761A286FD60
SHA-512:C19836E5CDA93FB7267F07944F5357A3CC71BE1EC91BE3225941D341256ABF3E80FB0A7702AE406479DA96AB5CF50B1DD3956E3DE12E393BD099BD5EE8573378
Malicious:false
Preview:d.p...].n5/1.W..].D..}.<...`..Evp......C.....c...uD.&...../X....e!....s...k,....2...c2.[.p.t..u...=.3.S<T<.z......{,h....;....!.l...=..^.J.Tu.....VFd..+.y&q .a.?.n=..3...U..i..\...m.Di...[oA.?.cq.&ec...w.F.Z..?.w#.u.=.M....U.<-...3......I........_>.....e...H;..Z...o...).../..j>...(...F..x.y....`Lw...Pf....@)..ZN.,.J.`..FzF%.f..H4bB.3.p...,....f-.J..q...-..4..-........#._..0...Xkq3.x..R..H.J|......"T...---*8+8*---25df5b12d8495ef460499e1e33206cfee93b8c710e0874dce2463c9eaf2e934c5fa1cdac172311ca25577fd54dde7857415b89ec4359060780bac02cec996febeb30e91e081f6e7f77861d32fb446341f6d33ea669fa8f77d796bcc7c3dfe9fbdd6104cfb108f7ce05aca84f6d1bdfaa0234924a6112fcc3d638642fef836494e72d7d3cf36bcf49c7f3ce905dc45421f5a3a2c88b408c74372505d802ac51cbe6dfa70e51cd599fc1af95345e855db5aa298057915d861c4e950db020416d7862c712c3fbb868184bd94585269b43be3500d574a89cbb84556c69e6aa3a2d356154dcbbfe24c86d4f1f5fd885a06acfa4f6decc1e4d387afcbe99b71625508225a6b912c56d067bcca5ed5e1979c1673f91bff1f70a7

C:\Users\user\Downloads\BPMLNOBVSB.jpg.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.734621720909464
Encrypted:false
SSDEEP:48:cTGbmnLeoon/M+3WGluQu+U/QvI89ztQp:cTmWeoa/3WGluQu+wQw8rM
MD5:EDA3712EFD999510706DBD4620E71553
SHA1:6EC96A225C6D6D352D04322F4B944F94E3974AA4
SHA-256:A2B4C3DF6BA931A5280FD8FF32EF23F20A4CFDFE1B89E0AD7EC101740D8635EE
SHA-512:6A0167C95B22E595922C8D4A357B8C7C178BB455D94E86985DB1A0950DBC773588BA0C8C9483E37F47DF4EF1FD9FDC0D05043E324CD5CD0B015E91E1067C9C48
Malicious:false
Preview:m..._..m..w..8k....>'.In.y...p....h.v..7T6.>~...E.2~e.]xn..n=..?N t...]O@^:2.... !..2.Y^...X......=....c^....V.d..H&.b..*............|t.5...Ifvs...n...9 ...X.kU1&V#..VGI..|...Qj....W.9XD.Tk.a.....P3....J)e>..........).......,..0i..7..[xE..W.....#i_t.~HJ7..%.eps(.......v.....18%<..:.<.3..[..3..-vB..i|.0..c.y.jEX.w...8.#m6.`^.Am...>.m\..q)...n5#~.X..~...&Q...,..4.?..?M.L.:#..G.;..# ..[^.}o.='....K..A.....5.\.c.RKp...'...my.....+./....."5@s...Q3.......Q[..aA.f.q...a$..5..h..]4T.!1E.........$.o...z|CC..us..+1..q.4..%.{...g........4;..{.S....G-I.I..z.j;.:~.K....e...~.B#2.7..=...O._`O.f3..I...c...m..*.w...m...b1.J..P2....... .a.X.fRr......8..')..v.j..5pb.r....w..`.h......'.S.C[....M..9v..6.+f.p..c...=W.}.N`z..4.R+eX..c..x..e.R........7.w.!.t..P.'.xn..6.\uT...W.~.m/......!..a.....]......w...C..1.\1.>.......u.<E....,..d'.U.U...T..H....W....XJ.....p.....[....Y y....O..9.e.....gG...t...zM.j....$u..AxX...VY........9T%.........[..._>a.=..X|.......@#..

C:\Users\user\Downloads\FENIVHOIKN.mp3.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.73300615793857
Encrypted:false
SSDEEP:48:aNFd3UP0xFI92uqAAF1YJOIlqM+3WGluQu+U/QvI89ztQp:eXxiouqAO1w+/3WGluQu+wQw8rM
MD5:895389C9107BBB0983EEE9A38F34F4D3
SHA1:C844B074C51C72F3ED789C788193A0944781582D
SHA-256:D2D36DD69AA2CEEB9DEDF176987A678953C70263D2C3DF90C456D146493E2C21
SHA-512:00473DF529A49CAD710DFB47F95E64E672849198458ABBA6FEF5E1DA8B7701FBCEFB6EF569261982A8C274333884E8349C3211C5BA4A3733F08F8B3F3A7F49EA
Malicious:false
Preview:m..._..m..w..8k...N....e).8&>X.............W].....9..H*..7..=`u~..........vS.[P.H...Z.g.Q..2..@...%..g...G..]j..G^.. 8....'WG...+...f..-..G..r..1...Z.C....d.^h3p....Z......S.Q....oM.A8.....J.a...o..`..H?.[..K.7.6:o...8.....4..q.r..^...5..eN...c.q2r.7.&/.?S.Uk]\.F..b.g..........m...,N.....,.c..uym.X..7.R.....u.#qX....8.T..C..k.M.3...3...X.8........].....0."...3I.>.E..<...`f.S.9..N.F..",u.gq.q.}.C....%.r.T.....s..02.!..S..D.............Jq.^...q...<.>@...'%...O..be+.....8.g.../..h9j....^...+.._>..P.^m...U_..:I.t.\..'.zV....~...F(.7 .Z..Qe..m....y9.a/k.bJ...ea.j.${...49...../.mP............2.5..n..h"J6... ...m.3..l..ap...I2XM...'...{..P...P.'7.o.#fB7..'.)....?..P@H,....N.W..U#K...3n2*d.T+.{......a..I.......Re...d.....z.T.. ..JY.$......}R-....7....T...................e..J%.ma.|..Zvd^-....[lJ6..q...F.NE.[&yt.....Vy.k=...S*.t.L/v......)a....U.*!....._.wl...y.9.j(.;.=.....Q...K.V..U.... >..2'..*D....8./1.D..6..C.....7...m..TT..s..Y....

C:\Users\user\Downloads\HTAGVDFUIE.mp3.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.73779564618558
Encrypted:false
SSDEEP:48:19SmPIbionfAdhEzLfMl/8+M+3WGluQu+U/QvI89ztQp:TSJfAdOHMlU+/3WGluQu+wQw8rM
MD5:27C98EB6A9A2F2F71B680F555A1005BB
SHA1:477B638F65439CD11A49253341FD319A3A2CB346
SHA-256:B7031EEF9E5821ACE158DD9C9B17F5194FE298332945C91C9946D357E052E7AB
SHA-512:8A0E570B6EB691D7620A211D985D33C2F2494F12E2318C058F0316D94C9152A446ADD6FA43D2BF711E7106850246241633AB2CB7586B136EBEC3B89D1B74CA53
Malicious:false
Preview:m..._..m..w..8k..g...}j.T%.!q].....;.b[.H..:.;!9Sg.\.u.G......k.R..#...'2?.K..$Z.0.!.X,.+.U.I.....xP`..T.l<....S....h#.i..1~bG..F.C*...V.8[.B.c...wn.u&J..y.I.B.TV.?gc^..._..s.w.W[...2.t...38......j.m....x....K..Y.H..1...A..i.R.<.......4...\...f....9Jai.)=9 J.b-."..m{....0....?._..,.d9<..%.0.I.~Q..[..7t....q%..U...g,...Cm.."..}U7+.t".e87.x.mg....l5.n......sb.......P.6HI..z.K.~Z....C....%1..o........G...a.6.....K\).=...PL...uT.G......&..;...iL.M....t...Q..7....-.N{h.,+...K....k.dr7O..u....^...k.9];=./..O(..3.m..e.{.?..;O....."........p..._|'9^....\.y^..4-.....}.|#.J.T...3.1..A.]T$.I...9`.?pb.y.&.v.>.+.FjJ.XY.\..n.q._.;.!u.;....*K'K...g..m.m...,K.o.a.J...a~je";3..db.R!...lj...e4.3........o!..@3.FmI.y...:..........e..D(.I....\..s..u........,..Md..a....#7c,$^...K.3.].G..k.......l9........[&.....].]d~....\.n....Zt.M5.E&.....xB....i...Vk....\...W.r.4....Y.41.....N.....v.../<...9....;....M(.......|e./?z..N.2c.s..R......@..F.-*.7...1.0'.&..r...,

C:\Users\user\Downloads\HTAGVDFUIE.pdf.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.73779564618558
Encrypted:false
SSDEEP:48:19SmPIbionfAdhEzLfMl/8+M+3WGluQu+U/QvI89ztQp:TSJfAdOHMlU+/3WGluQu+wQw8rM
MD5:27C98EB6A9A2F2F71B680F555A1005BB
SHA1:477B638F65439CD11A49253341FD319A3A2CB346
SHA-256:B7031EEF9E5821ACE158DD9C9B17F5194FE298332945C91C9946D357E052E7AB
SHA-512:8A0E570B6EB691D7620A211D985D33C2F2494F12E2318C058F0316D94C9152A446ADD6FA43D2BF711E7106850246241633AB2CB7586B136EBEC3B89D1B74CA53
Malicious:false
Preview:m..._..m..w..8k..g...}j.T%.!q].....;.b[.H..:.;!9Sg.\.u.G......k.R..#...'2?.K..$Z.0.!.X,.+.U.I.....xP`..T.l<....S....h#.i..1~bG..F.C*...V.8[.B.c...wn.u&J..y.I.B.TV.?gc^..._..s.w.W[...2.t...38......j.m....x....K..Y.H..1...A..i.R.<.......4...\...f....9Jai.)=9 J.b-."..m{....0....?._..,.d9<..%.0.I.~Q..[..7t....q%..U...g,...Cm.."..}U7+.t".e87.x.mg....l5.n......sb.......P.6HI..z.K.~Z....C....%1..o........G...a.6.....K\).=...PL...uT.G......&..;...iL.M....t...Q..7....-.N{h.,+...K....k.dr7O..u....^...k.9];=./..O(..3.m..e.{.?..;O....."........p..._|'9^....\.y^..4-.....}.|#.J.T...3.1..A.]T$.I...9`.?pb.y.&.v.>.+.FjJ.XY.\..n.q._.;.!u.;....*K'K...g..m.m...,K.o.a.J...a~je";3..db.R!...lj...e4.3........o!..@3.FmI.y...:..........e..D(.I....\..s..u........,..Md..a....#7c,$^...K.3.].G..k.......l9........[&.....].]d~....\.n....Zt.M5.E&.....xB....i...Vk....\...W.r.4....Y.41.....N.....v.../<...9....;....M(.......|e./?z..N.2c.s..R......@..F.-*.7...1.0'.&..r...,

C:\Users\user\Downloads\HTAGVDFUIE.xlsx.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.73779564618558
Encrypted:false
SSDEEP:48:19SmPIbionfAdhEzLfMl/8+M+3WGluQu+U/QvI89ztQp:TSJfAdOHMlU+/3WGluQu+wQw8rM
MD5:27C98EB6A9A2F2F71B680F555A1005BB
SHA1:477B638F65439CD11A49253341FD319A3A2CB346
SHA-256:B7031EEF9E5821ACE158DD9C9B17F5194FE298332945C91C9946D357E052E7AB
SHA-512:8A0E570B6EB691D7620A211D985D33C2F2494F12E2318C058F0316D94C9152A446ADD6FA43D2BF711E7106850246241633AB2CB7586B136EBEC3B89D1B74CA53
Malicious:false
Preview:m..._..m..w..8k..g...}j.T%.!q].....;.b[.H..:.;!9Sg.\.u.G......k.R..#...'2?.K..$Z.0.!.X,.+.U.I.....xP`..T.l<....S....h#.i..1~bG..F.C*...V.8[.B.c...wn.u&J..y.I.B.TV.?gc^..._..s.w.W[...2.t...38......j.m....x....K..Y.H..1...A..i.R.<.......4...\...f....9Jai.)=9 J.b-."..m{....0....?._..,.d9<..%.0.I.~Q..[..7t....q%..U...g,...Cm.."..}U7+.t".e87.x.mg....l5.n......sb.......P.6HI..z.K.~Z....C....%1..o........G...a.6.....K\).=...PL...uT.G......&..;...iL.M....t...Q..7....-.N{h.,+...K....k.dr7O..u....^...k.9];=./..O(..3.m..e.{.?..;O....."........p..._|'9^....\.y^..4-.....}.|#.J.T...3.1..A.]T$.I...9`.?pb.y.&.v.>.+.FjJ.XY.\..n.q._.;.!u.;....*K'K...g..m.m...,K.o.a.J...a~je";3..db.R!...lj...e4.3........o!..@3.FmI.y...:..........e..D(.I....\..s..u........,..Md..a....#7c,$^...K.3.].G..k.......l9........[&.....].]d~....\.n....Zt.M5.E&.....xB....i...Vk....\...W.r.4....Y.41.....N.....v.../<...9....;....M(.......|e./?z..N.2c.s..R......@..F.-*.7...1.0'.&..r...,

C:\Users\user\Downloads\KATAXZVCPS.png.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.737024383663018
Encrypted:false
SSDEEP:48:usjMuKmck51SWpsRJrMRw1fRIA9zBxvM+3WGluQu+U/QvI89ztQp:uswILS9g2fRIW//3WGluQu+wQw8rM
MD5:C4CD20CA2CDCC657A58C2DF81EB4C364
SHA1:8E2AE01C6E8C711A0DA17B4CCE8897D85B0EAE30
SHA-256:0389CA49AE3CFEE1834EF0B2E42F096ED658945371F5C114621B3F2CBA0EBCE9
SHA-512:0598CC3B3ECE4EA49F7DB25AA00390052FE368CA7177A90CF812079A6F379E1F10DEE58AE61B4436F13171360DB37CE4B5220213E85A2CC8C09F3AD6103520A9
Malicious:false
Preview:m..._..m..w..8k..f...?h....<.iBv.-pG.62...-......'m..XK...H=F.....S'.3Y...,l\rp}.x..*.F............s.t..';......3.fL.5~W...i..).~.[.... .u`.%|....F.?.m...Cj...c.7......9F../...w.6f...1. *e...ib.....x.y...0WZ*3=....*...i.<7.Tl.mz..3..KO...8......v....<;;..M.L...........G.<..'y.Y.A.'S5x.r..a.3%=.......|.;,..n..>.uN..W...P<..6...i..P../..../.B..Q.....U.+'n.d...#.:.k. ...6o{......W.P.K,e8..p..q8..|C..x.z.6..q.B.X%.:.]..>..^...).W{.....r+..$.-.....n.8.k.'..d.....a......xwMQ.l~(?..x....:e...j....+&.&.......3h.j...M.(.....M.R.....'.]..{D..%.3..z...!Zd.b0..(/. ....d.;a....I.......H..Wv.2b..@....Be.K.....8...D.......4.....F..........?BK.!...:.x.......ABu..,..F!'w`..xNL.>$D......8..Zl.k...q$]........5\K.x4.c... ?.E.^.K...i..1..M.O/....`. "h.1-8.....9P....94.Z~.Z.f.<E.T..{.a..5L.'%..U...C...I...1.q(lY._..y....(.'N-....E7I/....A...9.`.,..\..}...C.7...,.8.f./.=.0.Q.{.....8.8.gM6....vjM..H|..bu.g(e.....[..vp.h,.m'b.=...8....h....:s../F..2..N$.o...!..t

C:\Users\user\Downloads\KZWFNRXYKI.jpg.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.768015776739963
Encrypted:false
SSDEEP:48:cUe8uC5+MH9H+U4vkMk/JLGoM+3WGluQu+U/QvI89ztQp:Q8RNHwUXdGo/3WGluQu+wQw8rM
MD5:AA6B8D6B034B4694B30A6A53CE6D8A5A
SHA1:50B55625D91A1C7C31C3E113C56FDECFAE3F674A
SHA-256:67D5EEB0B8379FCA4CA87781889012DD69887ABA59BB47F7B3F1A8D63496CE34
SHA-512:4CFBCF6607B7DD6A9B30343BF0416F3CF9A333863E5227D1102B91BEA9F2634A56149A95ED7E28089EC93A088EFA95EDC2674300A4B6819769904868888A37FD
Malicious:false
Preview:m..._..m..w..8k...7......3...^..hV}5.;...B..&BNz...r..k=%...RJ........@...q...*s.3..c..ym..^...o..O...y.~V.$1...,....f..8..rQ.o....M+..P.P..}.j.>.h7.T.....y..~...0.....W.]-..#...`.......R.W9.E.. ...G......wI..~iA.....5...K.e..7.'..O.........B...B.O......H*....O-z..Q...tj.."..i....t.e.}.....O.&..w.\@=@#.j...`.N..|.".Q...#&.[.V...... .....7..t .C..cn4.,.jR.."W$@.,.hm..,....Z_...(X...E.T^z....{J..g..,......!.W~>r..1..".RF.mN.}.%l.z.r\..yL....).....:.A.........J....zf..a.....A.*Q...K.$j.I...hp.FZg.............$t.O|e2}.3...Q..[..|..-....L..-.'k.C.......e......1....U.MRS...|.;@..{Qo.y.7.....]il.,...z.(dt..1,6v.Q.. ..}t.w.J...}FZfJr....}.g..-.h!.G.r..~.=..a.D.Kf.."......c4....1p.K..x..HM.}.y|+r...*G:K{s..D.$q. g..0...zlY...'...&..kB.z..pB3....K.i...Fv... .....X.v..H.l..v....0..e7.tqV.|..i..$.C.c.. ...Ch.....wV.%^Q.?....2....;<6..e.a..o.......iy...{!.U.......+ .V.....x\e$t(....3D[.`....gj]B2.).P?......!#....Jnw&..)....8.6.t.}.B..

C:\Users\user\Downloads\KZWFNRXYKI.mp3.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.768015776739963
Encrypted:false
SSDEEP:48:cUe8uC5+MH9H+U4vkMk/JLGoM+3WGluQu+U/QvI89ztQp:Q8RNHwUXdGo/3WGluQu+wQw8rM
MD5:AA6B8D6B034B4694B30A6A53CE6D8A5A
SHA1:50B55625D91A1C7C31C3E113C56FDECFAE3F674A
SHA-256:67D5EEB0B8379FCA4CA87781889012DD69887ABA59BB47F7B3F1A8D63496CE34
SHA-512:4CFBCF6607B7DD6A9B30343BF0416F3CF9A333863E5227D1102B91BEA9F2634A56149A95ED7E28089EC93A088EFA95EDC2674300A4B6819769904868888A37FD
Malicious:false
Preview:m..._..m..w..8k...7......3...^..hV}5.;...B..&BNz...r..k=%...RJ........@...q...*s.3..c..ym..^...o..O...y.~V.$1...,....f..8..rQ.o....M+..P.P..}.j.>.h7.T.....y..~...0.....W.]-..#...`.......R.W9.E.. ...G......wI..~iA.....5...K.e..7.'..O.........B...B.O......H*....O-z..Q...tj.."..i....t.e.}.....O.&..w.\@=@#.j...`.N..|.".Q...#&.[.V...... .....7..t .C..cn4.,.jR.."W$@.,.hm..,....Z_...(X...E.T^z....{J..g..,......!.W~>r..1..".RF.mN.}.%l.z.r\..yL....).....:.A.........J....zf..a.....A.*Q...K.$j.I...hp.FZg.............$t.O|e2}.3...Q..[..|..-....L..-.'k.C.......e......1....U.MRS...|.;@..{Qo.y.7.....]il.,...z.(dt..1,6v.Q.. ..}t.w.J...}FZfJr....}.g..-.h!.G.r..~.=..a.D.Kf.."......c4....1p.K..x..HM.}.y|+r...*G:K{s..D.$q. g..0...zlY...'...&..kB.z..pB3....K.i...Fv... .....X.v..H.l..v....0..e7.tqV.|..i..$.C.c.. ...Ch.....wV.%^Q.?....2....;<6..e.a..o.......iy...{!.U.......+ .V.....x\e$t(....3D[.`....gj]B2.).P?......!#....Jnw&..)....8.6.t.}.B..

C:\Users\user\Downloads\KZWFNRXYKI.pdf.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.768015776739963
Encrypted:false
SSDEEP:48:cUe8uC5+MH9H+U4vkMk/JLGoM+3WGluQu+U/QvI89ztQp:Q8RNHwUXdGo/3WGluQu+wQw8rM
MD5:AA6B8D6B034B4694B30A6A53CE6D8A5A
SHA1:50B55625D91A1C7C31C3E113C56FDECFAE3F674A
SHA-256:67D5EEB0B8379FCA4CA87781889012DD69887ABA59BB47F7B3F1A8D63496CE34
SHA-512:4CFBCF6607B7DD6A9B30343BF0416F3CF9A333863E5227D1102B91BEA9F2634A56149A95ED7E28089EC93A088EFA95EDC2674300A4B6819769904868888A37FD
Malicious:false
Preview:m..._..m..w..8k...7......3...^..hV}5.;...B..&BNz...r..k=%...RJ........@...q...*s.3..c..ym..^...o..O...y.~V.$1...,....f..8..rQ.o....M+..P.P..}.j.>.h7.T.....y..~...0.....W.]-..#...`.......R.W9.E.. ...G......wI..~iA.....5...K.e..7.'..O.........B...B.O......H*....O-z..Q...tj.."..i....t.e.}.....O.&..w.\@=@#.j...`.N..|.".Q...#&.[.V...... .....7..t .C..cn4.,.jR.."W$@.,.hm..,....Z_...(X...E.T^z....{J..g..,......!.W~>r..1..".RF.mN.}.%l.z.r\..yL....).....:.A.........J....zf..a.....A.*Q...K.$j.I...hp.FZg.............$t.O|e2}.3...Q..[..|..-....L..-.'k.C.......e......1....U.MRS...|.;@..{Qo.y.7.....]il.,...z.(dt..1,6v.Q.. ..}t.w.J...}FZfJr....}.g..-.h!.G.r..~.=..a.D.Kf.."......c4....1p.K..x..HM.}.y|+r...*G:K{s..D.$q. g..0...zlY...'...&..kB.z..pB3....K.i...Fv... .....X.v..H.l..v....0..e7.tqV.|..i..$.C.c.. ...Ch.....wV.%^Q.?....2....;<6..e.a..o.......iy...{!.U.......+ .V.....x\e$t(....3D[.`....gj]B2.).P?......!#....Jnw&..)....8.6.t.}.B..

C:\Users\user\Downloads\LTKMYBSEYZ.jpg.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.759814427562307
Encrypted:false
SSDEEP:48:IkpOVXfKS9mEB4VtfM+3WGluQu+U/QvI89ztQp:IkpmX59mEB4VJ/3WGluQu+wQw8rM
MD5:31A5945071CA663D59115221A83AD1D0
SHA1:7DD5F894F15A1C3D39EBEC8D450F8F0903E74F8C
SHA-256:158BFBA9DA80F30B4D31EA600FF9B80E9C1B0E62E64B5F97B1336D5479F0955E
SHA-512:54C851916F78DF92B47E961C7D492248D75D1F64E96DF0C1440BC6D71A6821871B9ED8E581142D8FB16EE5C5AF266840D0BF0C8FEF139F38C42320006291900F
Malicious:false
Preview:m..._..m..w..8k...i2.qC_#.$jy..t..Pw`.,.5.2M...1....w..f.........{4...9(......L.gP9...?,j..J.3..?.?..}....l\.....0.<.bp....YD...:..h....;...f.>..w...s4./..C...m......K'.2<../...;..b.z/...2...'L..1..A..Q.$.*X..j....gSU..36.....x.,;..Y..f<.%#'VH...>*..t.K..MW........................u.WQ.A/.2~?.vH....!.W....`.3.jP....'6.qz.vp...4....o.....EV.<...O....t. ..W.*T.(u.7.li..7.DYL.F)....$.48.;(....%.H.H|]..2$..^3.y..H.$.7.NH7...@.q....`.....f..........u.s...\.....3,)..P.......E...kP..D$..3j..J.P..l.0.p.jn.. .).<{r?{..q.....*....uJ.c.J...G@-..t.....Q.M#wt.?..7F&.{....k.y...~.?o.DAn..m.....H..N~.SN......R.l._)...j........h.........K.E.].....y..6k..*.&..2=...E.4.b.[...%...(...c.....y..Y?.(...28+..X...8.........tn...j.....UE.#...q...q..0......2b.ps.'..Y..|......>V.'..lnUF1..N..yT..O$.f..'X..h.[..$.....Z....Y.....s~.3.&Gf.+D......;......T..RCe.g9yN.rp=...d).u+.=A.l..L..4..|..!4<.h..%..I].s....K,/...DX#....^r+..k{W....J...|...H....y..Rj..'...R.a....Z.

C:\Users\user\Downloads\LTKMYBSEYZ.xlsx.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.759814427562307
Encrypted:false
SSDEEP:48:IkpOVXfKS9mEB4VtfM+3WGluQu+U/QvI89ztQp:IkpmX59mEB4VJ/3WGluQu+wQw8rM
MD5:31A5945071CA663D59115221A83AD1D0
SHA1:7DD5F894F15A1C3D39EBEC8D450F8F0903E74F8C
SHA-256:158BFBA9DA80F30B4D31EA600FF9B80E9C1B0E62E64B5F97B1336D5479F0955E
SHA-512:54C851916F78DF92B47E961C7D492248D75D1F64E96DF0C1440BC6D71A6821871B9ED8E581142D8FB16EE5C5AF266840D0BF0C8FEF139F38C42320006291900F
Malicious:false
Preview:m..._..m..w..8k...i2.qC_#.$jy..t..Pw`.,.5.2M...1....w..f.........{4...9(......L.gP9...?,j..J.3..?.?..}....l\.....0.<.bp....YD...:..h....;...f.>..w...s4./..C...m......K'.2<../...;..b.z/...2...'L..1..A..Q.$.*X..j....gSU..36.....x.,;..Y..f<.%#'VH...>*..t.K..MW........................u.WQ.A/.2~?.vH....!.W....`.3.jP....'6.qz.vp...4....o.....EV.<...O....t. ..W.*T.(u.7.li..7.DYL.F)....$.48.;(....%.H.H|]..2$..^3.y..H.$.7.NH7...@.q....`.....f..........u.s...\.....3,)..P.......E...kP..D$..3j..J.P..l.0.p.jn.. .).<{r?{..q.....*....uJ.c.J...G@-..t.....Q.M#wt.?..7F&.{....k.y...~.?o.DAn..m.....H..N~.SN......R.l._)...j........h.........K.E.].....y..6k..*.&..2=...E.4.b.[...%...(...c.....y..Y?.(...28+..X...8.........tn...j.....UE.#...q...q..0......2b.ps.'..Y..|......>V.'..lnUF1..N..yT..O$.f..'X..h.[..$.....Z....Y.....s~.3.&Gf.+D......;......T..RCe.g9yN.rp=...d).u+.=A.l..L..4..|..!4<.h..%..I].s....K,/...DX#....^r+..k{W....J...|...H....y..Rj..'...R.a....Z.

C:\Users\user\Downloads\NIKHQAIQAU.png.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.760899528650916
Encrypted:false
SSDEEP:48:bdtXiN+e9PFbLrtqcfHGNFcqDA+4lmAlM+3WGluQu+U/QvI89ztQp:bNe9dRrH4FZA+g/3WGluQu+wQw8rM
MD5:FAFBD5E3AC2ECA30EBF9AD32C85A8744
SHA1:F54911B97A497D811E46C0BA7945B74E1EB0F9FF
SHA-256:0DDF1A5750019B14260647B67119BE95975381AFC607C37888F1994DCAE967FA
SHA-512:195100E4BB83B11517C230534C95FCF467D04EA75EF778A392B7C32239F13B65540FFCB561329B61A8D119C96963470747FAB8FBD7EA74B6D149FD958D90E983
Malicious:false
Preview:m..._..m..w..8k.jb6...%nO.m..!.......x..........VQl.~8+...@.c4...........'..sL..Q..?..P*/^..4.G.{].;......S.x........ed`..F.&.:p..>o.<IFM..2%.m.......`.1.S.T....H.2]...g0?.a-.M.6@..I.y..._N... 6...a.<,..,L...c..u].....Y.k=!.....c.;.2.....C..qP.]...Bu.fn......$......M...f).....5@}.. .../...ig .]..dU.Y.Xr5.3....|....iC_y..;..\.~.-.V..Fm]+'s...n.F..W..6..j....9..}.'#...`.V..d.$.39n.J.......%.;fs..~.GV..+[.CBo..ej(u...E..H.R+...Ge.+#.2V.|.h..&W"yU.....t..q...`4.5..\..Z.o..7.p..Y. ......'p...[.g.M....'.t.>.B...^......y.....i_......I.....Nc...Y;....z..]..({....Fd8...}..hH..&..C.8Q4.K+..V...KdGd..OU.....p.S.+......wK..g...*X....J.zY.\?3......2........ '..,...u".e.\...P..u..~.(....Z.7.....*.._..A.....}s...Qg...ZG..f..YHcxuw.x..+..w..FH.m..z......`.U..nma.{/$`PiW%..Cj.).cw[8...V6......o;.F.\..KV..{w..!.{i....~K..K.....<..'8..D0y.Z..d..{......?.[;O>.b....d..qG......>LO.....E...s....l.G............o.....k$<J.93.....n`^..j.y.N...d....|..;}.D

C:\Users\user\Downloads\NWTVCDUMOB.pdf.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.758004997907733
Encrypted:false
SSDEEP:48:cWLd1A1aic2OJW9xtGh/Q17pM+3WGluQu+U/QvI89ztQp:cWLd/i+JW9xtY/U9/3WGluQu+wQw8rM
MD5:BE8364756C5D7699D479B92183D0D592
SHA1:E4793611F6368D79FF975364E41C59CD6385F069
SHA-256:AF4A29E46266ED2F0D65D11E8D7D8483B39105BAEF584B651B19828481191235
SHA-512:F9BCFCDF07E123DDADCD3975139CDBA65578F9539C0A8E2955773F854EAFC66066951A5C751BE1CB46E9CA7375D1F24FDB6A2C0C084297BDF40F1D9771835850
Malicious:false
Preview:m..._..m..w..8k.v{|.....(......R..+.Y&....=.,j.....T2........2.41K..we.y..b...Vp.......}.:./EO._...Vw..,q}......G.NN...O9n.k..S.,...IN...b.6...bby=....@n.F.......G%GQ0..ei_.V`6bD.N.Y.].t,..AqX2.Rn........F1.Z...J....T...|...Z..9.o..#.kT..N..".5..B.2.ZC$r..l..,<P. .@.6=08.C...U...,.r6.. ..k..3.......C././.v>[?/..u.+35.wq....'@Av-..t.Y..!O.YX. ...o.\...l...Gu^....+.e....z.U-+.Y.....v...`...6.q.9[.WS..WnJ{...A;z0.*XI./..iiV..g..n._...Z./.Z......T..Z..Y.H.:..o.%.....;..jQ..m..3Sn........@..........F,......S"2.#R.)dB.F......eE.Gum8g..'j..../...,^,....E....... p.@.j..{..Y..<..^.TU"m.x.REM\.ho.;_...pe.H...1..f...r.%..o...c.7.I..L.6...`......d..=.d..8O$LSQ~...o.U..1U......f.oj....#...~a=..(Zk...Q.w..6..Om.......Gho.....O.^y....p.r..0U...F.....&.../..g....O.E<x.'UT.Z.r..az..)..@J./..X..,.@..Q(...b(..nJ..`s.{...&...... .i...gv./....*...Z.?..6#.D....ahC....a.......W..;..K..5.#.h|n..4.K4..1..Oz@#.U{;......T..I..s-.#. ...1.:.w.}nc......r<.....MOK.

C:\Users\user\Downloads\ONBQCLYSPU.docx.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.76492788529227
Encrypted:false
SSDEEP:48:2OTaLf7NR6Keo/ZPwV58dzkKj1amMu6M+3WGluQu+U/QvI89ztQp:1TaLzNRcohIV2YQA/3WGluQu+wQw8rM
MD5:B6A48F3474773ECF5CA1CFAB4EF61324
SHA1:5FE3BD2BB243ED5105669209806BE47D0FC6ADA0
SHA-256:5F228442E332BC4E43CE43212D5BEF0F2013943E71AABB7748A267E0A2D86C23
SHA-512:7B14C46E9EBB4ED176EEE6B3A2EB700202BBF157EE2098A717CE5E3C1A91748275C416E43A451F0F3A4CB60888389131D24147D981F3906422191B83F2C238F2
Malicious:false
Preview:m..._..m..w..8k..Z..%q...Q:|...&.....[..~.{6.v..d..QTt..KR].MsG.,...f.Z...h....hF......w6......#iqF..)3`.p%.@...M........|...o..;.........<.....j........+.x...U....eH.c..T...b.....'2.Ss|UpJ[cC.0d.IAB_..[.v.h.Q.....5..T...=..V...b..'..'\..W..EY.......ye.R*^..R..$iisv....".@C?!.s.o.....`.....Q..,.{w.b....`..v}..C....IG...L0.....@0..&...T?.N.F.B../..K....,..Q0.R..j..'.]h./....ju^Df..Y..)+.d..+.'E.5.)...p2...~)......&.]r&.6.xk.b.`.,Z....dlP{-..`O6\.p.........tyY...7a.IXb%v...._.....]n.C.....FQ<..H..P.........;..s.h..!..T.Li.7i.S.%..)%.[=..w1.$.4f0...c.FU....tiN.*...6.......S.w7..4ZPs...C.K...F..L\.sl.......rJxD.z.&.K......x.<..n.y.....,./U..Wn.|. ...v.T($q.Z .V...Gt`...-:5....D!...2...{."6&..U-..n..H.>..'....yj}W..l.....`.z.u)A&.-.{...r.R.G2f..ou.c.. `...{.3$..^..iX@W...O.e.......F..;i..F....W.@9L..N0X.1:L..*..x....ZY^.....J*.A<N.{G.G..B.........F.,.W..-[...$...p...a0c.z..7.........:..b..7x~.`J....7H..h..Y.os........A..G.,l.U..A...gc.PJ..r...x.i..y@

C:\Users\user\Downloads\ONBQCLYSPU.xlsx.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.739911168161694
Encrypted:false
SSDEEP:48:1C8KAMvgfvNxZ9xFilz0RIb2ZyGZVrTBwqt0Ot0qYlxUn:1FMviPZ9uw5dfteVqQUn
MD5:D4395F29BEEFBCACFC74067BD73E1B17
SHA1:E9E189792485BFA3CBDA3E6143CBC25B19312336
SHA-256:0B5EE3289E93180610BA02AFFE639C78FBDB542809D941D415FCB4DEC09BBFFA
SHA-512:E4BDC3D13298A506367F2B4B43BC6500CE07D6C50824E0983ED096A9F849FADF4170FF59E3E89F6C6E5C4A5D23C09BD24335FD293B8502C9C6C2C37DEFD5FB4A
Malicious:false
Preview:q4..Qc"..~.......x4]....D.Cu.i...S..H....jb..M.)#....umD>..w.e..R+<..........r;.........u.........1..p...B55..j.....!..b5.e.5.....`.<8.h.>.e'.......n.y(.;..A..2..s."p.j....X....8.s.A.'..o.+..f8..i%..*..ol.....[+.....h0...T..... e....uiQ}+.WTu.....n)...}..|.T.4~3.X.....d..j.......PZ..OtMg.f....gt`...5n.?i...7..B5.^.........Zx.,3.R..>}e...58j......=.hq....6..........V..&...D...'f..x6.ku?.'......).]e.l..pUY.....\.;o..%.-..R....8..eG.=.<....we....\.|.....F..=.S...(...<.;...(.S'.,..b_....KH..OD..1.Y*..}@......&.A..*..3/..F.."....U....lFA.y.5...A....eFp". .l...Hm........n.0....n..A6._.a8.O..D..7..I.*..{a..^.h.@..{..Tf...L.'n..mo.9.S.t-.........3.b.<..|...:.S.2.3..I...P9..S...r.AR..1..........j.Ek...I...?.b........;...b.K..z.Jnl..r...:V.y6.6..0.(..Ox.*C.5!.q..I..>O....=|..Y.A_.m8..A.6.U......'..P.l7...g....e.....&...z.D.G.n..cQ;...LAv...}]..$.s.L..oA.,wN.q.S.[.]...,.....~..W..=D.O*..2...I........{G..RD...j)...*....b.v..3b}

C:\Users\user\Downloads\UMMBDNEQBN.docx.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.7425371968686285
Encrypted:false
SSDEEP:48:1WjP9qcGrr2OTuLI3xWi6Ib2ZyGZVrTBwqt0Ot0qYlxUn:168ramuLGYigdfteVqQUn
MD5:75AD3DF8B232B7D31C470CB1BAB6B073
SHA1:B0039C1A396C1EBFB5FCC48896B745CF106B3256
SHA-256:0363753F08C18F5A1EDF82D511C087C167E45D3191CA8F5EAD353FEA0D4B352C
SHA-512:FD32116805465F4CA132313D5FD313CEC33FED040B736BE0281C4F9085BAB29B496C4F91C913371E88103EE76969740266807337F16A9947BF3D0417F41375EB
Malicious:false
Preview:q4..Qc"..~..........*d|(.S.A..@0.....,..-~....hQ@.+....E.4q.....[3b.9...!.D...Q..G..P[z#(......oPb0.....~~?+.2wA..\.J..hg.me0.&p.wW.t.@8..b..L.Q...C...JMHx.%.iZ..B..w.o.s...R./...a.".J-..^....G..z..2q.....6C.n#.x.....M.&A.mR=...^.d*...RH..m..{..R>I%Q^+.A..Z...}9.m....t..T...q...'".p..6...s#H@...8]!..+n...u.+......k.}'.$....:...'L..../.#/.\.&..7...<....M.F.M...<4..Sj.:..W.F..i ..Q...kj..@......cvc...Y RQ.3W}.x.......kr..8......^...6.U.a.n.K.La..1.=Su.j.Z......6[...}..F...WO<.(........MP...3Z...2..Tl{4.*...k\...=,.kg.X..(.1.......R.,..R..&,Y.)....A5m...I..7.>..........H'..;.w..R+.04.L..@.g..j.%XR...tu.....{..V...E^...|.X..... .Uk../.D.1.k.#TG...Y....;.P.A......4P0.W..>....a...c.._lc..6.>.|...j...3...f..........2M.....a."..1...u..b.g.dL...8J..../.K.v}.Y}..+." .&...s.a*a6G.iL.4.}9U~......T.....|.....v3rb^..:..'?..k#...GY?S.c.G,qxe.<P.p.5q.nT;.n..s~...*...v..r..*...@...."FI+._....!...).....HSQ.......`.^|#>6-....E.>.n....9.f..`h...x.~.....

C:\Users\user\Downloads\UMMBDNEQBN.jpg.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.7425371968686285
Encrypted:false
SSDEEP:48:1WjP9qcGrr2OTuLI3xWi6Ib2ZyGZVrTBwqt0Ot0qYlxUn:168ramuLGYigdfteVqQUn
MD5:75AD3DF8B232B7D31C470CB1BAB6B073
SHA1:B0039C1A396C1EBFB5FCC48896B745CF106B3256
SHA-256:0363753F08C18F5A1EDF82D511C087C167E45D3191CA8F5EAD353FEA0D4B352C
SHA-512:FD32116805465F4CA132313D5FD313CEC33FED040B736BE0281C4F9085BAB29B496C4F91C913371E88103EE76969740266807337F16A9947BF3D0417F41375EB
Malicious:false
Preview:q4..Qc"..~..........*d|(.S.A..@0.....,..-~....hQ@.+....E.4q.....[3b.9...!.D...Q..G..P[z#(......oPb0.....~~?+.2wA..\.J..hg.me0.&p.wW.t.@8..b..L.Q...C...JMHx.%.iZ..B..w.o.s...R./...a.".J-..^....G..z..2q.....6C.n#.x.....M.&A.mR=...^.d*...RH..m..{..R>I%Q^+.A..Z...}9.m....t..T...q...'".p..6...s#H@...8]!..+n...u.+......k.}'.$....:...'L..../.#/.\.&..7...<....M.F.M...<4..Sj.:..W.F..i ..Q...kj..@......cvc...Y RQ.3W}.x.......kr..8......^...6.U.a.n.K.La..1.=Su.j.Z......6[...}..F...WO<.(........MP...3Z...2..Tl{4.*...k\...=,.kg.X..(.1.......R.,..R..&,Y.)....A5m...I..7.>..........H'..;.w..R+.04.L..@.g..j.%XR...tu.....{..V...E^...|.X..... .Uk../.D.1.k.#TG...Y....;.P.A......4P0.W..>....a...c.._lc..6.>.|...j...3...f..........2M.....a."..1...u..b.g.dL...8J..../.K.v}.Y}..+." .&...s.a*a6G.iL.4.}9U~......T.....|.....v3rb^..:..'?..k#...GY?S.c.G,qxe.<P.p.5q.nT;.n..s~...*...v..r..*...@...."FI+._....!...).....HSQ.......`.^|#>6-....E.>.n....9.f..`h...x.~.....

C:\Users\user\Downloads\UMMBDNEQBN.xlsx.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.7425371968686285
Encrypted:false
SSDEEP:48:1WjP9qcGrr2OTuLI3xWi6Ib2ZyGZVrTBwqt0Ot0qYlxUn:168ramuLGYigdfteVqQUn
MD5:75AD3DF8B232B7D31C470CB1BAB6B073
SHA1:B0039C1A396C1EBFB5FCC48896B745CF106B3256
SHA-256:0363753F08C18F5A1EDF82D511C087C167E45D3191CA8F5EAD353FEA0D4B352C
SHA-512:FD32116805465F4CA132313D5FD313CEC33FED040B736BE0281C4F9085BAB29B496C4F91C913371E88103EE76969740266807337F16A9947BF3D0417F41375EB
Malicious:false
Preview:q4..Qc"..~..........*d|(.S.A..@0.....,..-~....hQ@.+....E.4q.....[3b.9...!.D...Q..G..P[z#(......oPb0.....~~?+.2wA..\.J..hg.me0.&p.wW.t.@8..b..L.Q...C...JMHx.%.iZ..B..w.o.s...R./...a.".J-..^....G..z..2q.....6C.n#.x.....M.&A.mR=...^.d*...RH..m..{..R>I%Q^+.A..Z...}9.m....t..T...q...'".p..6...s#H@...8]!..+n...u.+......k.}'.$....:...'L..../.#/.\.&..7...<....M.F.M...<4..Sj.:..W.F..i ..Q...kj..@......cvc...Y RQ.3W}.x.......kr..8......^...6.U.a.n.K.La..1.=Su.j.Z......6[...}..F...WO<.(........MP...3Z...2..Tl{4.*...k\...=,.kg.X..(.1.......R.,..R..&,Y.)....A5m...I..7.>..........H'..;.w..R+.04.L..@.g..j.%XR...tu.....{..V...E^...|.X..... .Uk../.D.1.k.#TG...Y....;.P.A......4P0.W..>....a...c.._lc..6.>.|...j...3...f..........2M.....a."..1...u..b.g.dL...8J..../.K.v}.Y}..+." .&...s.a*a6G.iL.4.}9U~......T.....|.....v3rb^..:..'?..k#...GY?S.c.G,qxe.<P.p.5q.nT;.n..s~...*...v..r..*...@...."FI+._....!...).....HSQ.......`.^|#>6-....E.>.n....9.f..`h...x.~.....

C:\Users\user\Downloads\UOOJJOZIRH.mp3.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.743897954171635
Encrypted:false
SSDEEP:48:1zlSJ93rbNOdn5nnJqbIb2ZyGZVrTBwqt0Ot0qYlxUn:1xSJ5sd27dfteVqQUn
MD5:DD15054AD6B4A568BC8AA22D7E4C06F5
SHA1:B09C22E942608866110E4663517D0BCCFB1D0F35
SHA-256:86AC7FE117EB6632959D169C67B78424D8B81C8D283842F374B193A8683223B9
SHA-512:BECF4B1D183F3FE29C0FCBD08D1C0C20AA2410F6C2E4E2D511BE22B01D05669771EBB47CDE6C8FA6A9A5F9BCB4969AE9677466FEBF82F57FBA25D671600F2C93
Malicious:false
Preview:q4..Qc"..~.......M.... ......bt~.M&.%.`..z..V..FB.g....Hq.....a&f..\.9..+.<.....i."...Sj..4|v... ...4.;ay)<.H..|IU(.@yd9..l&....9......gl.....:...].i..2m.1..^..6....V@.Vm.Q..E.\......-+(T.3V.&3.IT-j.D,Nm[..A.k,......u....8..P.6...,.....C%.$.....}"3._\.8..".V.kw)...H.a..E:.....5FW ...9_Ift.V*..'...Q.fA..O.$I..2.i...[yP.9...........m]...@R...!._.B...XP$./...o.. ...'-`..k.@%.... ;.(.....+.U2...1.T..27...4...>...Z...os.....6q...F....5h...I..f-%.....H..]e........#.E....?U..Z.@@cW....)......j....x.......Ll..zw...n...dACt..&..r9.9.A.!r.>...+.r...#...3..[|....oH....RH.g..W.a@k../6.?.z...Q.(...*....c..;.0`.".=C....z........m"/.C.y..l....0i.S...(.F..N........oF...p..S.A__.>....;;..e..i..9a....9..<*`..o,....R..#....V..%...*...1.8.j.iG.&...+6.5.Y.p..o..H....T...W....1.R.......H.z..H3...J.?S...2".. .k.B#...1R{...j..."..tl.+'u....p..,KI.......t..;n..I.lY...sc5L}l.0...z......FD......................B..EF...1......&.v.b.9....Ip....#..q...V...A.!.3

C:\Users\user\Downloads\VLZDGUKUTZ.docx.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.782740692165353
Encrypted:false
SSDEEP:48:1sQszAagnJtU84O26yAT5mTYCYEHUIb2ZyGZVrTBwqt0Ot0qYlxUn:1VsMaIUqvTcydfteVqQUn
MD5:C18FA7F3F5368D9E496CD76B79FA83DC
SHA1:4116DF7A2CFF3FAF094B99E04D6E0ECB5C7221F0
SHA-256:C828E592D34EE6E5FDDDC6651EF63E66DC2D352B7F27B8B07AE8DE864E6D08CD
SHA-512:971E5A5998AC9CA52860F6158A529EEB51DE91D37A0240160524974B7315BD2BC028B17675ADBACC2A0BE359D1086066B8CECB6973DD40848A4F772EEEF48372
Malicious:false
Preview:q4..Qc"..~......C.V\..`]i..f.yA>.^......^..i;...w...T..$.V..8.wG.................^...m.`S...O..D.....\...b3..e.u...!.A..?......bB=.......`..%.w./H...p.?...mt../...[... ..I..(....SS.$...7.P.{....@j.......B.\..M.NK>...uR.I..6..d....n........hO..8.[....~V.*$..g...t..W..... .4Rf....R..C.}.@:.....? ...&.Z&7l....P.4..U[.P...j..<W...M.62VB....+..H..Xr..F.8......@..3..l.a.....Z..V..U.....H....}y4G..l..~.A..,E....,..B- .b...H....4nl.S.Z.l...Z&~uFRvo.I.k.....Y.?II..U*...&'...p....3...X.OD.vbS.@<..$&e.....wj.L.9Jc.....3&._........ma.........H.|M..k...>....;N".n..2r.`$..&.we...~#...E$.....k..n..i_r..D.!...."P.ud..8......(.Y9 .G..H1.zJ;.Wc).}.]..N.0..d.....G.N....w.K....9..U>.,Y}F..T....Vhj.@'..&2..k..=G....1.....B.]w...M:..|...SH..8Z.j1..5..Y.&Y!.(.1.H..'+j?..7".~..*.?..T............l...i8{c...E.....>.......$.....V./E6.lV............4.)a.8{K......e9..B.D...m5..K[..A.\'.C..u..n.x*....%..v]./So.|.}?K?AM...}[...X1].(7..>..z.O...xHF..f.(AL...'.d.^5./.

C:\Users\user\Downloads\VLZDGUKUTZ.pdf.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.782740692165353
Encrypted:false
SSDEEP:48:1sQszAagnJtU84O26yAT5mTYCYEHUIb2ZyGZVrTBwqt0Ot0qYlxUn:1VsMaIUqvTcydfteVqQUn
MD5:C18FA7F3F5368D9E496CD76B79FA83DC
SHA1:4116DF7A2CFF3FAF094B99E04D6E0ECB5C7221F0
SHA-256:C828E592D34EE6E5FDDDC6651EF63E66DC2D352B7F27B8B07AE8DE864E6D08CD
SHA-512:971E5A5998AC9CA52860F6158A529EEB51DE91D37A0240160524974B7315BD2BC028B17675ADBACC2A0BE359D1086066B8CECB6973DD40848A4F772EEEF48372
Malicious:false
Preview:q4..Qc"..~......C.V\..`]i..f.yA>.^......^..i;...w...T..$.V..8.wG.................^...m.`S...O..D.....\...b3..e.u...!.A..?......bB=.......`..%.w./H...p.?...mt../...[... ..I..(....SS.$...7.P.{....@j.......B.\..M.NK>...uR.I..6..d....n........hO..8.[....~V.*$..g...t..W..... .4Rf....R..C.}.@:.....? ...&.Z&7l....P.4..U[.P...j..<W...M.62VB....+..H..Xr..F.8......@..3..l.a.....Z..V..U.....H....}y4G..l..~.A..,E....,..B- .b...H....4nl.S.Z.l...Z&~uFRvo.I.k.....Y.?II..U*...&'...p....3...X.OD.vbS.@<..$&e.....wj.L.9Jc.....3&._........ma.........H.|M..k...>....;N".n..2r.`$..&.we...~#...E$.....k..n..i_r..D.!...."P.ud..8......(.Y9 .G..H1.zJ;.Wc).}.]..N.0..d.....G.N....w.K....9..U>.,Y}F..T....Vhj.@'..&2..k..=G....1.....B.]w...M:..|...SH..8Z.j1..5..Y.&Y!.(.1.H..'+j?..7".~..*.?..T............l...i8{c...E.....>.......$.....V./E6.lV............4.)a.8{K......e9..B.D...m5..K[..A.\'.C..u..n.x*....%..v]./So.|.}?K?AM...}[...X1].(7..>..z.O...xHF..f.(AL...'.d.^5./.

C:\Users\user\Downloads\WKXEWIOTXI.png.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.725077185918721
Encrypted:false
SSDEEP:48:1eSUK3XjgkrKjNIftB/ROCIb2ZyGZVrTBwqt0Ot0qYlxUn:11jgkrKjufEIdfteVqQUn
MD5:9182E07B6A1E1395467E2DA03D76C6B6
SHA1:B772B43F961F06EB848A2427A1FEBF1AE976A4DA
SHA-256:20B8C1AA2525C69EC6857BA933A5E622266920E3F2E24519581596A779D05CD9
SHA-512:9AEBE5EF780C522B06D9A4C61472D4DE374054AFCD6EDE330E57AE5772F1D138AE7532FB99A442853376EC172666C293841C7DCE29CFBD847DA94CF4937AF789
Malicious:false
Preview:q4..Qc"..~.........s..A.x..B..F...c..|.}....5..L......x-....F...CrlN.(..|...c*....../.C-..4..#2e..].\...Nw........pf.A..d....v..;.z...8....6.V.|.QX#..}.....n...*.x/0..#T.#JCe..@[w..R..:3..6 ..f..}s'^n.X5=.u.j%.B.V..ac...@.EvN..b.rz..wz#.>a.Y../.....Q.hc.}.:.WH...C.;.;W....|..-j..[.J.._......o..o1.....o.O..41..g.E.I.8..%.>.]...h.....K.9.Y5M..k...,c.).2RK....u..8Q...[..|..\..t..4t)+.p.CkpbfN...K.P.....Qo..&..%......Cr......3.^..+.....$e.t..ct.....V.0....F.....P...:X.W.........d..b..bp.H...L.e.T..g...._oec).1...A.O..^Dt.{.}ls..[._.b....F.w......o.65..1..l...&0Qj..`..".o......8...52..!.w..;T....(....5....V1....6.f..%+$frRB....JQ...}A....2%....w...x.~.-.......,.^.F.0Wbl.<k...sqY....8.....:,VqmZ.....PP..>...N ...~m...d..brr.Y..2.Ng......*~s.....Iz..!..bZ....D....Aoq7.5.C..&.KW....w1.........7.\.R.o.~.,..v.. ....s...3..d0.3...>.............2.?j."Kk.y.g..(...8.B..|&3Ki.%.OG...~.>...T..Z.U.s..?Wy^.;.1ml...M........X...TDl.Gay......;..H{.".....|{0..c.

C:\Users\user\Downloads\WUTJSCBCFX.png.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.7821989405028775
Encrypted:false
SSDEEP:48:1j7ogyvVMnGO1/XWIb2ZyGZVrTBwqt0Ot0qYlxUn:1j7Ns61fMdfteVqQUn
MD5:1471B475A74246601ADA5477CBF95F1E
SHA1:D14716B98E61390EE0442B8B515DEF914D99DDED
SHA-256:CE5F398BD8F5D2FA6E2E85833F3EB505998547B68C5CCD7A9D485E0D24E3BAA9
SHA-512:BD087342B1151059C83A489B0EC61C3F9CD099197E129CE23F6C89D92ED4B21EE28593AC726B09909D87C7A9674931D6409C6751DF108FB93106FA6D86A804DA
Malicious:false
Preview:q4..Qc"..~.......<S+.T..Y..$n. ...#.]XE.il..\...U.-s0A.1,)..t.-.5.:*K...B......22......................M.h..2|.......=...~G..M;...pC;.l....P..;T....R.j....3w..r.In.B.W..a&FQ}f?. .......3.....|...7CX.......=.......k..v......*.;s=..@S..m.4m<z.gL...(......x^EV.2.._V.........2..5...Ou...]....0{. ...L.m..v.....N.9.W).. ).....7.Br.....O9Sf......./....x.g.&...#.*KRS.._N.....YN....+2.Z....G......B.z:....u..Pc..$..k8.Nz...........3.....h`d....r.j........+...8........0#..+.....s.lB*K..v..#1u..!..A..O..Wys..t.$..M..k.......L_...X3.L.F.S.\......O..l...s.._..K..c.M..S..i6NC.]^x.-.-.l..<[..Z6......78.+;.&.=q.D...1c.....|.G.g.S..:Q..I..).v.k.m..k.#.:z+....vP.DX......}.-.h....m.;.K^yq.....b..._.R.8B.B-.M...an.sU&-j...3...6..DK....tr.;..R.!..P~...^..@.j..Q_.$....<<........zqQ(A.=Y..et..!.B.#......#.....X..uF.....m.z..r...>.....@i@...+.....9=...........w..[.&x.|...hT.8..I?....k9p}.J.3...i..E`.......!b.M...V.....0x);.2?.YQ=p...=..y.]...E..I.....M...%b

C:\Users\user\Downloads\XZXHAVGRAG.docx.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):2078
Entropy (8bit):6.792340536083412
Encrypted:false
SSDEEP:48:1hepAU6nlQPS/RqVnclIb2ZyGZVrTBwqt0Ot0qYlxUn:1heR6nfkGddfteVqQUn
MD5:B979C7E63A722CDFDB4692DF7E402BA9
SHA1:2F4122FE39C4D5B6128979015547569A373B2428
SHA-256:F7F5D1732BF5C2F9E0A4EC648226E9D8949F6619F3FFE62A1285C7580EB46E0D
SHA-512:E25A895C964E5660F3AAECDD988218F4081A6974923E7BB879A4B4E0733AE29409BFE2851DE9FFB52EF9309EDFC7E71E64D262248F8C454196CE35C819DC68D7
Malicious:false
Preview:q4..Qc"..~......g+9...P...'.W@B.!P.O..c.@.>..[..H$.i.~F.v0o[..u....u.~....#..-...ZG6C.g..v.^..}......n...1%&.....F...-I....x).*......A.VA...7p..........{...,j....&....Qe.8.).#...m....j._..D,Uo..?.....v.xH...>}3...A.Z...h.5r....;.l......C...q...&..A....Y..J....Q._..Yk(.......m....}.7T..f...m.*...q~./...'i...H......G|.ZM.AIPAa..{]..@...[....8....HRM....D..."..U.....)..z..d..:IS....lj...9.7.ZJ....R.V...q;....-(5..v".C.....R`....?..w....6.......X.w7......... `..l.3&...\......-.a..Rh..e>.}TQj..r.....$..K|K.....l.F..e...X.~U.P.w..P.....z.}z.}.H7...t.]y:.:.$..!5...2..N.NQxD...p3Dv.mrF...t...E s.k.O.1{p.....x...EP.JK...%K..y,.F.P..!N...2.T../......k..-&5.u.......'.1.B.q.,...P.K.B...]ZY2.....l.(.M...*.e..e.@.2.*...../..//\NV]<...PY......H..-}..s.TY..;.n..uh.p..j....D..%....o...U..;..3.b..o.?.....6...q...l....../...i.BH_]..9..e.d...]..SH}...u}.....6O....37..K.G..C...&......K...\.{.8./rlt.....f.O.|..&z..qJuj.^...ZQK7...{...a..S..'L>....w9Li..H..

C:\Users\user\Downloads\desktop.ini.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):1340
Entropy (8bit):5.446479498350057
Encrypted:false
SSDEEP:24:LVBOxHf+JE0YbHsNS7uQ5csBsqm5aXTlunQu+IBt/Z1Iz4qI8gW3a8zZdRQp:BBOfawHM+3WGluQu+U/QvI89ztQp
MD5:FC302FF8CFC7784D4520CF36BC267109
SHA1:A3C90F4ED1717C47F0CF73937CFE7DC1F81246A1
SHA-256:0EAE370D0A378B57722CA2B8123A9E9D2643B7FC50C34E978202BD6EAABA1F48
SHA-512:BE9CB7863DA809FC50B995B5CC5066AB2CA7BD006D7BD8AF47260104DC87E77EBC35E7A6AA79BC00ED0600B4027DE5436E481BB5882210A5108A807CB3F91FA2
Malicious:false
Preview:m..._..m..w..8k...>..G..6..$....=..CL.t.Q.\m...$u.......e..6..*.<..8.....N.j.C.Z.tvJ..7"I...|...yO).\...cO.....+hw....(Kc..hs.D..m......R.<q........}<0...:.'y.Z..H.5.Bq.u.5..~..c..R?;...l...3z.9..wpP.d.x...X..m.....3,...z...2...q.....*....?.H.<o..=]08>%.y\)Y.t.U...F.d..R...#..a...n>..Lc---*8+8*---9e220de61fc5d79caf010827d032a3616c38738f828b19f1cd31e514cf5507e899172d7e88b919366279992ba59a9a47e36a0ad8aa95f316670242188b4ab388e34df38bcd0eff43104c630c99315859b1652684c586c9079f058102bb3c3c4f3d83c3a21208e6e86b3483e4ad31f76c203606872105bdd08f56ad230982ef2db9df5bcfad5f59d670ad17017d897fef4d05b67a3098cc2f990b9c9348ce33a8155a6e82441fca0b2c04e2c881b3bf31c2fb4dbf4c203167a05c9534f4243eea4922737615f9204eded5243d44c7392de9fdc19d2738e933eb0cee0ae797bdfe4f69d0b5d41e9f1106cb721235b1bb84d34505e56fa9c1d716ec35c2084119b1cbf696f19a77effc2cc193cfa04455b4b27eaf6d98ff5fb7f984176606da5ab75a8abaf3f5dccd6b3f53775d91fa96d7ecd641cdabe47b19ec152e66ed02c9b9f1ada5f45ec03df7e4c4ffefb01cf65689d3b420fbd57

C:\Users\user\Favorites\Amazon.url.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):1164
Entropy (8bit):4.749404959170618
Encrypted:false
SSDEEP:24:1Eq3VrePIb2ZyfV8rv1L3/dTgwFuei3uBw0T0Us8maUoXTRXi6QqY+oxUn:1E8rQIb2ZyGZVrTBwqt0Ot0qYlxUn
MD5:BB2702D135101EE75B539B2389A5FAC3
SHA1:1734DF7E407FDD84B218BCC64C5E1D41580F923B
SHA-256:7D5DF51D4F59A0A2B0A7FD62DA3F502E8FAA7410B8BFB050788BD9E120B22D33
SHA-512:26F167FBF33B3436252CED72763CC9D9A395C3C6348BAA5316D81B85D984E162F7336D8C96A0AA46C8DAAEAB5C7617CAD8061645C3C635567257090CD822431E
Malicious:false
Preview:q4..Qc"..~......j...&..r........1..[.8..B.F.F`....f.....g..E..1I...?.}J.N.64..(...Q..Bc.ZO.fy..8,....M.............J.:r...---*8+8*---4aeb81cf1e961c220fdde5002c0eb9b9ae815aad060aec460320e431df063d435ba2a7ae0b7ca549c16c535516b4c8877278775628b42a8932c62bd45f9289b711ab1d301fc1ce9ae48220117853d5bd42f84bc4499b79af8eed3921d80bfaf6e176b4fe08a1036c84e00b97786e370d67b26d125eb71c8653c998c39fa1093a5f5c078a70606232ec8e497a8469ad5997d8b23ad811bac9e1a9c0bb38efa3f5354517fe736e826f430980bdd5ae5dffb1009e87cd7e46d495cd77cc17d9e2f401eeeba3b199c7b96ba425fa2ad2d59278a59243493b036650d19e34c5e0209893213eb0d35c09dffb15e8bba76f6327dc6da1e0e6b952a026a6b598e18e6128742ae271a887c051b976a534067233b0492fa34e27a67a1ffa044c957522596d385b33e76965966d340b154cd8ca1758ed90d9b389ad8cd4614fe605260841ebb1f78840738f39746294a2a3b08261ea1de73100e81bc418ed72a238d5f6411ad607eb4e7d2450f5004df1b2e69000a46b438c68b139432e5489e13b59c12f3a20a637dcf86647eaec18550a37312512badd73525950c11b68a2202bdb0e284c075933aec04dfb4d6a0c09fa54c71

C:\Users\user\Favorites\Bing.url.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):1260
Entropy (8bit):5.151702852965338
Encrypted:false
SSDEEP:24:1Eq30/AbCnbojPIb2ZyfV8rv1L3/dTgwFuei3uBw0T0Us8maUoXTRXi6QqY+oxUn:1EXbbsIb2ZyGZVrTBwqt0Ot0qYlxUn
MD5:DB15F5EB55B063A6C6E8BBB9D740E9F4
SHA1:FE02E9C74E64A32513AE022E71BB2047218A81F9
SHA-256:23FCEF9558D59D056077F21EBE31E342A410013790E95DD474A9330575A393FB
SHA-512:393587E1756B99D9A823FAA8988D295671DCAE1B737FC3721C0CBDEC4DFA877E416C05140DBB807D31D1CF42D2BA9E3B420E1653B9291106A311D15B98374921
Malicious:false
Preview:q4..Qc"..~......j...&..r........1..[.8..B.F.F`....f.....g..E..1I...?.}J.N.64..(...Q..Bc.ZO.f0.u.0..........Z.r".Q..2fx...3.Q....vM.R..t..?A..O....P..R ..l^e q............3}.....N.N.......3.i....Y.~....hhP6u..]...---*8+8*---4aeb81cf1e961c220fdde5002c0eb9b9ae815aad060aec460320e431df063d435ba2a7ae0b7ca549c16c535516b4c8877278775628b42a8932c62bd45f9289b711ab1d301fc1ce9ae48220117853d5bd42f84bc4499b79af8eed3921d80bfaf6e176b4fe08a1036c84e00b97786e370d67b26d125eb71c8653c998c39fa1093a5f5c078a70606232ec8e497a8469ad5997d8b23ad811bac9e1a9c0bb38efa3f5354517fe736e826f430980bdd5ae5dffb1009e87cd7e46d495cd77cc17d9e2f401eeeba3b199c7b96ba425fa2ad2d59278a59243493b036650d19e34c5e0209893213eb0d35c09dffb15e8bba76f6327dc6da1e0e6b952a026a6b598e18e6128742ae271a887c051b976a534067233b0492fa34e27a67a1ffa044c957522596d385b33e76965966d340b154cd8ca1758ed90d9b389ad8cd4614fe605260841ebb1f78840738f39746294a2a3b08261ea1de73100e81bc418ed72a238d5f6411ad607eb4e7d2450f5004df1b2e69000a46b438c68b139432e5489e13b59c12

C:\Users\user\Favorites\Facebook.url.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):1180
Entropy (8bit):4.819743509956118
Encrypted:false
SSDEEP:24:1Eq3VrO2rPIb2ZyfV8rv1L3/dTgwFuei3uBw0T0Us8maUoXTRXi6QqY+oxUn:1E8rOKIb2ZyGZVrTBwqt0Ot0qYlxUn
MD5:19B395454B6D3939E387BB8BCC50DED5
SHA1:608D023BF4719140967566EB9C72CE4DCCBD6FC6
SHA-256:ACEDCD2050306F702DB683472DF3A2AFF571DA097094657F6097754E76674797
SHA-512:5385157657C1AF1693C15C9594B64C1EA02F7ECE9CB0703322968FF838DCE15138B7EA1C483ECE660564EDF4E948D9B0F743420B0411569CDEE53A8EEEC9E86E
Malicious:false
Preview:q4..Qc"..~......j...&..r........1..[.8..B.F.F`....f.....g..E..1I...?.}J.N.64..(...Q..Bc.ZO.fy..8,....M.....Q..<.-.>2..jv...-..)..g{:..8..2---*8+8*---4aeb81cf1e961c220fdde5002c0eb9b9ae815aad060aec460320e431df063d435ba2a7ae0b7ca549c16c535516b4c8877278775628b42a8932c62bd45f9289b711ab1d301fc1ce9ae48220117853d5bd42f84bc4499b79af8eed3921d80bfaf6e176b4fe08a1036c84e00b97786e370d67b26d125eb71c8653c998c39fa1093a5f5c078a70606232ec8e497a8469ad5997d8b23ad811bac9e1a9c0bb38efa3f5354517fe736e826f430980bdd5ae5dffb1009e87cd7e46d495cd77cc17d9e2f401eeeba3b199c7b96ba425fa2ad2d59278a59243493b036650d19e34c5e0209893213eb0d35c09dffb15e8bba76f6327dc6da1e0e6b952a026a6b598e18e6128742ae271a887c051b976a534067233b0492fa34e27a67a1ffa044c957522596d385b33e76965966d340b154cd8ca1758ed90d9b389ad8cd4614fe605260841ebb1f78840738f39746294a2a3b08261ea1de73100e81bc418ed72a238d5f6411ad607eb4e7d2450f5004df1b2e69000a46b438c68b139432e5489e13b59c12f3a20a637dcf86647eaec18550a37312512badd73525950c11b68a2202bdb0e284c075933aec04df

C:\Users\user\Favorites\Google.url.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):1164
Entropy (8bit):4.753534115041325
Encrypted:false
SSDEEP:24:1Eq3VroPIb2ZyfV8rv1L3/dTgwFuei3uBw0T0Us8maUoXTRXi6QqY+oxUn:1E8ryIb2ZyGZVrTBwqt0Ot0qYlxUn
MD5:01599913EF2F1563ADF9C14921C8EC63
SHA1:361D9B1BBE994EA02B31CE01C20F99BB0056FBA6
SHA-256:02677038C512557D86B861B9157F532430DCC4D0779127B8665D8C726150CAB8
SHA-512:2D3C7A673C451BE051FB202D8C84B689B0D1516461F5F1961A20CBB6C01BF59F74610EF6A5E6A16EA412F95179CA87338CF181E91F4D2F48FB7C2285E5370A71
Malicious:false
Preview:q4..Qc"..~......j...&..r........1..[.8..B.F.F`....f.....g..E..1I...?.}J.N.64..(...Q..Bc.ZO.fy..8,....M.....V!/..#.f9:...._---*8+8*---4aeb81cf1e961c220fdde5002c0eb9b9ae815aad060aec460320e431df063d435ba2a7ae0b7ca549c16c535516b4c8877278775628b42a8932c62bd45f9289b711ab1d301fc1ce9ae48220117853d5bd42f84bc4499b79af8eed3921d80bfaf6e176b4fe08a1036c84e00b97786e370d67b26d125eb71c8653c998c39fa1093a5f5c078a70606232ec8e497a8469ad5997d8b23ad811bac9e1a9c0bb38efa3f5354517fe736e826f430980bdd5ae5dffb1009e87cd7e46d495cd77cc17d9e2f401eeeba3b199c7b96ba425fa2ad2d59278a59243493b036650d19e34c5e0209893213eb0d35c09dffb15e8bba76f6327dc6da1e0e6b952a026a6b598e18e6128742ae271a887c051b976a534067233b0492fa34e27a67a1ffa044c957522596d385b33e76965966d340b154cd8ca1758ed90d9b389ad8cd4614fe605260841ebb1f78840738f39746294a2a3b08261ea1de73100e81bc418ed72a238d5f6411ad607eb4e7d2450f5004df1b2e69000a46b438c68b139432e5489e13b59c12f3a20a637dcf86647eaec18550a37312512badd73525950c11b68a2202bdb0e284c075933aec04dfb4d6a0c09fa54c71

C:\Users\user\Favorites\Links\desktop.ini.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):1132
Entropy (8bit):4.598876891345885
Encrypted:false
SSDEEP:24:1WohKFPIb2ZyfV8rv1L3/dTgwFuei3uBw0T0Us8maUoXTRXi6QqY+oxUn:1JhKlIb2ZyGZVrTBwqt0Ot0qYlxUn
MD5:DC1150926764F4B617A037B65E8EA690
SHA1:FCD19A1C42BB1A129F36C73661434072C909B9A3
SHA-256:C68D2985EF085130438132ABA288405F89E3E41C4D54E671DA4426D5D0D997A2
SHA-512:E574B0E5DD3096735629559EAE4CA8A83DF3512554C53DEDC696A2C6EA1E78A3C8139A1CACB03B74BD1001508B279788B2626B84065BB2450620B5073F45643E
Malicious:false
Preview:q4..Qc"..~........My.O.Sprc....:..v..8+...vl..6..(.T.^..Q%......g...G..1.C+...d....A.~S---*8+8*---4aeb81cf1e961c220fdde5002c0eb9b9ae815aad060aec460320e431df063d435ba2a7ae0b7ca549c16c535516b4c8877278775628b42a8932c62bd45f9289b711ab1d301fc1ce9ae48220117853d5bd42f84bc4499b79af8eed3921d80bfaf6e176b4fe08a1036c84e00b97786e370d67b26d125eb71c8653c998c39fa1093a5f5c078a70606232ec8e497a8469ad5997d8b23ad811bac9e1a9c0bb38efa3f5354517fe736e826f430980bdd5ae5dffb1009e87cd7e46d495cd77cc17d9e2f401eeeba3b199c7b96ba425fa2ad2d59278a59243493b036650d19e34c5e0209893213eb0d35c09dffb15e8bba76f6327dc6da1e0e6b952a026a6b598e18e6128742ae271a887c051b976a534067233b0492fa34e27a67a1ffa044c957522596d385b33e76965966d340b154cd8ca1758ed90d9b389ad8cd4614fe605260841ebb1f78840738f39746294a2a3b08261ea1de73100e81bc418ed72a238d5f6411ad607eb4e7d2450f5004df1b2e69000a46b438c68b139432e5489e13b59c12f3a20a637dcf86647eaec18550a37312512badd73525950c11b68a2202bdb0e284c075933aec04dfb4d6a0c09fa54c71fd8e92acc6de72555279acf601bf2aab

C:\Users\user\Favorites\Live.url.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):1164
Entropy (8bit):4.751727157485083
Encrypted:false
SSDEEP:24:1Eq3VrZcPIb2ZyfV8rv1L3/dTgwFuei3uBw0T0Us8maUoXTRXi6QqY+oxUn:1E8rZWIb2ZyGZVrTBwqt0Ot0qYlxUn
MD5:AE5DC2BBAB529F6A104E331E29A7092A
SHA1:6C1AC5AD61AA980828892955821616F3236D551D
SHA-256:069260DFFE9DC04383D4017B60077D0EA4486C2C0FDBCC21CA864ED91E762BE1
SHA-512:969735674BDBFC02BE8FE0A319448C4711A2C522D3D3D2EE90CD8F290C45A31C8F41ADFCAF815A74E54AD7687EB2F6DD0FA185E6B49AC56E960906251447AD90
Malicious:false
Preview:q4..Qc"..~......j...&..r........1..[.8..B.F.F`....f.....g..E..1I...?.}J.N.64..(...Q..Bc.ZO.fy..8,....M.....I...R..5.hs.NtM---*8+8*---4aeb81cf1e961c220fdde5002c0eb9b9ae815aad060aec460320e431df063d435ba2a7ae0b7ca549c16c535516b4c8877278775628b42a8932c62bd45f9289b711ab1d301fc1ce9ae48220117853d5bd42f84bc4499b79af8eed3921d80bfaf6e176b4fe08a1036c84e00b97786e370d67b26d125eb71c8653c998c39fa1093a5f5c078a70606232ec8e497a8469ad5997d8b23ad811bac9e1a9c0bb38efa3f5354517fe736e826f430980bdd5ae5dffb1009e87cd7e46d495cd77cc17d9e2f401eeeba3b199c7b96ba425fa2ad2d59278a59243493b036650d19e34c5e0209893213eb0d35c09dffb15e8bba76f6327dc6da1e0e6b952a026a6b598e18e6128742ae271a887c051b976a534067233b0492fa34e27a67a1ffa044c957522596d385b33e76965966d340b154cd8ca1758ed90d9b389ad8cd4614fe605260841ebb1f78840738f39746294a2a3b08261ea1de73100e81bc418ed72a238d5f6411ad607eb4e7d2450f5004df1b2e69000a46b438c68b139432e5489e13b59c12f3a20a637dcf86647eaec18550a37312512badd73525950c11b68a2202bdb0e284c075933aec04dfb4d6a0c09fa54c71

C:\Users\user\Favorites\NYTimes.url.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):1164
Entropy (8bit):4.750120850654282
Encrypted:false
SSDEEP:24:1Eq3Vr+4aPIb2ZyfV8rv1L3/dTgwFuei3uBw0T0Us8maUoXTRXi6QqY+oxUn:1E8rnMIb2ZyGZVrTBwqt0Ot0qYlxUn
MD5:0833A8E25E349B4DFE9735D91DB07EA1
SHA1:DB9DC58F884B3CBF4019DF84A0B06562AA70C177
SHA-256:CD89C56D5D38A97B8597645B0758E3C92721B376DBAD40D057B7242AB50A1A44
SHA-512:A56A21EB90189C675116B9F74EBC09F825D7021AE0BEDF26685B72AC9DB820C68EFDFB52C428D0E218425A045A261E48B9353F4F5953BEB7D2F973587AFBD85B
Malicious:false
Preview:q4..Qc"..~......j...&..r........1..[.8..B.F.F`....f.....g..E..1I...?.}J.N.64..(...Q..Bc.ZO.fy..8,....M..........R...ze..---*8+8*---4aeb81cf1e961c220fdde5002c0eb9b9ae815aad060aec460320e431df063d435ba2a7ae0b7ca549c16c535516b4c8877278775628b42a8932c62bd45f9289b711ab1d301fc1ce9ae48220117853d5bd42f84bc4499b79af8eed3921d80bfaf6e176b4fe08a1036c84e00b97786e370d67b26d125eb71c8653c998c39fa1093a5f5c078a70606232ec8e497a8469ad5997d8b23ad811bac9e1a9c0bb38efa3f5354517fe736e826f430980bdd5ae5dffb1009e87cd7e46d495cd77cc17d9e2f401eeeba3b199c7b96ba425fa2ad2d59278a59243493b036650d19e34c5e0209893213eb0d35c09dffb15e8bba76f6327dc6da1e0e6b952a026a6b598e18e6128742ae271a887c051b976a534067233b0492fa34e27a67a1ffa044c957522596d385b33e76965966d340b154cd8ca1758ed90d9b389ad8cd4614fe605260841ebb1f78840738f39746294a2a3b08261ea1de73100e81bc418ed72a238d5f6411ad607eb4e7d2450f5004df1b2e69000a46b438c68b139432e5489e13b59c12f3a20a637dcf86647eaec18550a37312512badd73525950c11b68a2202bdb0e284c075933aec04dfb4d6a0c09fa54c71

C:\Users\user\Favorites\Reddit.url.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):1164
Entropy (8bit):4.7397561034008575
Encrypted:false
SSDEEP:24:1Eq3Vr6PIb2ZyfV8rv1L3/dTgwFuei3uBw0T0Us8maUoXTRXi6QqY+oxUn:1E8rsIb2ZyGZVrTBwqt0Ot0qYlxUn
MD5:759F19E511F012B0768C1CB4D2A20D66
SHA1:1A4A5369336D64F418A2D7F5E11DA7DB3D83DB6E
SHA-256:1716E1E52A4697794BD1E3B7387D8CA42F0C3AC95EF70329DCEF74D902844561
SHA-512:B0CDF897D901D133A8B2157CB931182B33F87A176161AE1C5D7AA0EF283EE494CB3F64FA234EC94EAADA5FBCADA3C94304D779B03A805C5ACF70751DE038A84D
Malicious:false
Preview:q4..Qc"..~......j...&..r........1..[.8..B.F.F`....f.....g..E..1I...?.}J.N.64..(...Q..Bc.ZO.fy..8,....M.....L..7f`ID.....8.---*8+8*---4aeb81cf1e961c220fdde5002c0eb9b9ae815aad060aec460320e431df063d435ba2a7ae0b7ca549c16c535516b4c8877278775628b42a8932c62bd45f9289b711ab1d301fc1ce9ae48220117853d5bd42f84bc4499b79af8eed3921d80bfaf6e176b4fe08a1036c84e00b97786e370d67b26d125eb71c8653c998c39fa1093a5f5c078a70606232ec8e497a8469ad5997d8b23ad811bac9e1a9c0bb38efa3f5354517fe736e826f430980bdd5ae5dffb1009e87cd7e46d495cd77cc17d9e2f401eeeba3b199c7b96ba425fa2ad2d59278a59243493b036650d19e34c5e0209893213eb0d35c09dffb15e8bba76f6327dc6da1e0e6b952a026a6b598e18e6128742ae271a887c051b976a534067233b0492fa34e27a67a1ffa044c957522596d385b33e76965966d340b154cd8ca1758ed90d9b389ad8cd4614fe605260841ebb1f78840738f39746294a2a3b08261ea1de73100e81bc418ed72a238d5f6411ad607eb4e7d2450f5004df1b2e69000a46b438c68b139432e5489e13b59c12f3a20a637dcf86647eaec18550a37312512badd73525950c11b68a2202bdb0e284c075933aec04dfb4d6a0c09fa54c71

C:\Users\user\Favorites\Twitter.url.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):1164
Entropy (8bit):4.7503777210329625
Encrypted:false
SSDEEP:24:1Eq3VrQ+hrPIb2ZyfV8rv1L3/dTgwFuei3uBw0T0Us8maUoXTRXi6QqY+oxUn:1E8rQQIb2ZyGZVrTBwqt0Ot0qYlxUn
MD5:C744059BD9ECEAD079B4C05DEE35178E
SHA1:45C8B064B02A28FCFB5A86F53C147B6D6080CCC1
SHA-256:F7D54AD277CB6B1FCF841538B2C1295CB72FFCE41F9E1FA22483E382189AB128
SHA-512:44D2612A9DED75ABD03C005FF7096C71C69EFA8BEF71308ADD172751DD6F2DB85B5C32D4F4ABC0F38FE2944244ACAF1070CFE26FDFB7B93303CFB0D8578FA8AE
Malicious:false
Preview:q4..Qc"..~......j...&..r........1..[.8..B.F.F`....f.....g..E..1I...?.}J.N.64..(...Q..Bc.ZO.fy..8,....M.....'.L...j.k.E....2---*8+8*---4aeb81cf1e961c220fdde5002c0eb9b9ae815aad060aec460320e431df063d435ba2a7ae0b7ca549c16c535516b4c8877278775628b42a8932c62bd45f9289b711ab1d301fc1ce9ae48220117853d5bd42f84bc4499b79af8eed3921d80bfaf6e176b4fe08a1036c84e00b97786e370d67b26d125eb71c8653c998c39fa1093a5f5c078a70606232ec8e497a8469ad5997d8b23ad811bac9e1a9c0bb38efa3f5354517fe736e826f430980bdd5ae5dffb1009e87cd7e46d495cd77cc17d9e2f401eeeba3b199c7b96ba425fa2ad2d59278a59243493b036650d19e34c5e0209893213eb0d35c09dffb15e8bba76f6327dc6da1e0e6b952a026a6b598e18e6128742ae271a887c051b976a534067233b0492fa34e27a67a1ffa044c957522596d385b33e76965966d340b154cd8ca1758ed90d9b389ad8cd4614fe605260841ebb1f78840738f39746294a2a3b08261ea1de73100e81bc418ed72a238d5f6411ad607eb4e7d2450f5004df1b2e69000a46b438c68b139432e5489e13b59c12f3a20a637dcf86647eaec18550a37312512badd73525950c11b68a2202bdb0e284c075933aec04dfb4d6a0c09fa54c71

C:\Users\user\Favorites\Wikipedia.url.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):1179
Entropy (8bit):4.8605568833349055
Encrypted:false
SSDEEP:24:FFvXK9GTKJ0R5zdc6kE0ihkDVSCmE6/zkUrUvWCSgzGNtXOcdeZaeKhftMSMZq:FZWGg0RrkEfC96/bzNtXOBHOftWq
MD5:A2DDD75216151547476C53A438243649
SHA1:382CFE6BD1EA3D51D91E12AC23E4163B86E05AEA
SHA-256:D5789743E145EDA7149D18F711700364BE799C7415F588EB41B32A14E7A12F3B
SHA-512:F840CFEC2ADFFCA044FB9935E6C89BE25FC2E1A505F014D504FCCA6F23763017883824B070364D35967112C01D491A957136EB909B8D6BB73AB63F2E35FBE7B3
Malicious:false
Preview:t.6...Ww.aN.H~.U.Y]......_K...g\K..(..t.bDYR.p.....f.'..\/.G.H....%......|..../.(.%.o....H....D_.!;...?.UC5.. .#.....B."..#.1.B...,D."....W---*8+8*---c35d04aafbdfa36bcea0b27ee25fc16a6abf16f3692cc2056b896c01b7fa53aed10785f5e456c2fbd2d26ca146a725b0b4d439711fa77ba50c318d91f14d3a99b8b181766397dcc35fa53494e7f34a22d316d441867a43a88f4ba5066aeaf2e614f639b2ffe451f1f35ac804c1e853ed50ccb152ac11e4a36065be3faf4926980e6590f625b4d1d1ed3ea8eb59158a8093fc458fd0cc676a68698283c6c2d832e32ecf1ef8ab099a8ac8809a128615359f8135491feb70b7d6de2d2fef1dc5703822582f97049c3fd713becdee5792114667b6b279a76e0ab6ac397f91dadd44bf5f3e55d95837d9e9f38aa8bb2b3c8444f3b24ceb606f1322d036742e6d1b2c92944ed24de1e35f65911a4dfdc62e292a92420830f9b085fef0b81ca796046cd223645abb63f2c1d171624fe7b5d48731e64ebfa3cef8c6928300c1474ec33bc0f44bdcbdd36468ecbcdd3137c96c65df198f05afe57ce22e5d2918b6a94fa001f44f0b591d405c0c30234346839157c8c8a1122852516f84f0f26e284dea36b17a256ffdd33cbb3d59088cc6a589ca91b0c2d353fe04dc17cfdd101a1f03116852d51910957

C:\Users\user\Favorites\Youtube.url.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):1163
Entropy (8bit):4.793559253765249
Encrypted:false
SSDEEP:24:FFvlcKJ0R5zdc6kE0ihkDVSCmE6/zkUrUvWCSgzGNtXOcdeZaeKhftMSMZq:FZ30RrkEfC96/bzNtXOBHOftWq
MD5:C40BDC4BB53CFD0F8466E74BDCFFD9EB
SHA1:18B31B6AAB7CD0E908CEDCDAA425B37CFD01BDBB
SHA-256:5B27DB8A99CFEFA9B45D9A3B7B387029DCF7D1C99C00AC59ED51DCD18C20B5B5
SHA-512:95EC9686D912A05F5F879E9365AE1E68A2488445CBB4A9F2106C534B1031DD2B5553E90D96FBF08C72DE6CCF421EB8486AF136407F738699D3E26FB37616AACD
Malicious:false
Preview:t.6...Ww.aN.H~.U.Y]......_K...g\K..(..t.bDYR.p.....f.'..\/.G.H....%......|..../.(.%.o....H....D_.!;...?.UC5....,%F)`M......---*8+8*---c35d04aafbdfa36bcea0b27ee25fc16a6abf16f3692cc2056b896c01b7fa53aed10785f5e456c2fbd2d26ca146a725b0b4d439711fa77ba50c318d91f14d3a99b8b181766397dcc35fa53494e7f34a22d316d441867a43a88f4ba5066aeaf2e614f639b2ffe451f1f35ac804c1e853ed50ccb152ac11e4a36065be3faf4926980e6590f625b4d1d1ed3ea8eb59158a8093fc458fd0cc676a68698283c6c2d832e32ecf1ef8ab099a8ac8809a128615359f8135491feb70b7d6de2d2fef1dc5703822582f97049c3fd713becdee5792114667b6b279a76e0ab6ac397f91dadd44bf5f3e55d95837d9e9f38aa8bb2b3c8444f3b24ceb606f1322d036742e6d1b2c92944ed24de1e35f65911a4dfdc62e292a92420830f9b085fef0b81ca796046cd223645abb63f2c1d171624fe7b5d48731e64ebfa3cef8c6928300c1474ec33bc0f44bdcbdd36468ecbcdd3137c96c65df198f05afe57ce22e5d2918b6a94fa001f44f0b591d405c0c30234346839157c8c8a1122852516f84f0f26e284dea36b17a256ffdd33cbb3d59088cc6a589ca91b0c2d353fe04dc17cfdd101a1f03116852d5191095774b7c01ef8343dc6

C:\Users\user\Favorites\desktop.ini.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):1468
Entropy (8bit):5.79142768069456
Encrypted:false
SSDEEP:24:1a4sAaRL9TrC9hWx7O0PIb2ZyfV8rv1L3/dTgwFuei3uBw0T0Us8maUoXTRXi6Qg:1ZIa6x7OOIb2ZyGZVrTBwqt0Ot0qYlxU
MD5:014DA8FFD17346FBD00EA068BC597EC6
SHA1:0F968738DD86041890899FE68E6F1773B419B3FD
SHA-256:CFF3E7456F199E2E305DCEA5722715C035D05D7833AF3F823B459E091E3E2601
SHA-512:DBD28C3E76331965D730F70FD36F145EFBE04D62A505706AC66047C46031785800C981D9A1FF25BB31AA992EE1164D4D0866A13B72ABBA4CE3AD31F0D5250986
Malicious:false
Preview:q4..Qc"..~......_. &`..PU.....@...([..0]Ll..X>../..*+e.K@..J{.|v.m....]oc&.....7<.&*7=....@...X8..l.CO<\...c...5D'..!...syy}......0.........7.P.c..g.I.......X...IK.O.S......E.h@z....pY.....5.'...h...S4.O....R.HJ..~..#fg.B.$.q%...A.........."...Q......3...b..97..*4:&..A/8u...@a\....A.J....._JA.\.......T.....v b..L......cX..0/.S.......l.c$..35sPi..&..A....{..nO....h.<%...3.J.K?.-.b....h....4...V.K@.Z..,.l.---*8+8*---4aeb81cf1e961c220fdde5002c0eb9b9ae815aad060aec460320e431df063d435ba2a7ae0b7ca549c16c535516b4c8877278775628b42a8932c62bd45f9289b711ab1d301fc1ce9ae48220117853d5bd42f84bc4499b79af8eed3921d80bfaf6e176b4fe08a1036c84e00b97786e370d67b26d125eb71c8653c998c39fa1093a5f5c078a70606232ec8e497a8469ad5997d8b23ad811bac9e1a9c0bb38efa3f5354517fe736e826f430980bdd5ae5dffb1009e87cd7e46d495cd77cc17d9e2f401eeeba3b199c7b96ba425fa2ad2d59278a59243493b036650d19e34c5e0209893213eb0d35c09dffb15e8bba76f6327dc6da1e0e6b952a026a6b598e18e6128742ae271a887c051b976a534067233b0492fa34e27a67

C:\Users\user\Links\Desktop.lnk.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):1547
Entropy (8bit):5.994558191942854
Encrypted:false
SSDEEP:48:1JlstsgMwiDx/rA0RrkEfC96/bzNtXOBHOftWq:RsO3hkEh/3NlO0VWq
MD5:FB99AC376C62EAA4331D99A0F4F2C3F4
SHA1:6E2759CC299EB229E2E525D091D48AC874376BA6
SHA-256:ACFAE6983B3AA36D5CCDA359779DFB6D90EB9D3CA7F0134222419CF08EEEFF6E
SHA-512:D7095DD8CA897016746C4531CBB62E5C2E6AF0140D222E0FC7DB0EEE8DD7DA174904356036717D82E02B8F10CC5FD73A35AB41B97428FC3D3767657A7262A98E
Malicious:false
Preview:t.6...Ww.aN.H~.U.y?...........{...C....G.....3.5..O..:..`ja.Zi....g.DV>;.?*.X._<.....XF...;zV.s..s.............e..q0dc<6..j...5..6.i.......bynd..p@o{.Hof.>d..@cl4.k.f...%su......O...+.E@.w3...csh.@..'.%@...T...uVCgF7.8f,}HRZL....l.d./..o....pr!.%....D..."co..-[.....O..k...2.....n............k......z..4|..&.oM....5.{>..`+.m........{,..@{2L./}.H..\..M..F..NK7%..Eg.cSj.Q.Q...E..`9b.....Np.@......{. ..^J7..l..../..u....L./.H.1{....N.X..h......mG..Y..X..]F.;...-..n.l..#.7\...c.>....J---*8+8*---c35d04aafbdfa36bcea0b27ee25fc16a6abf16f3692cc2056b896c01b7fa53aed10785f5e456c2fbd2d26ca146a725b0b4d439711fa77ba50c318d91f14d3a99b8b181766397dcc35fa53494e7f34a22d316d441867a43a88f4ba5066aeaf2e614f639b2ffe451f1f35ac804c1e853ed50ccb152ac11e4a36065be3faf4926980e6590f625b4d1d1ed3ea8eb59158a8093fc458fd0cc676a68698283c6c2d832e32ecf1ef8ab099a8ac8809a128615359f8135491feb70b7d6de2d2fef1dc5703822582f97049c3fd713becdee5792114667b6b279a76e0ab6ac397f91dadd44bf5f3e55d95837d9e9f38aa8bb2b3

C:\Users\user\Links\Downloads.lnk.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):1995
Entropy (8bit):6.675467077151765
Encrypted:false
SSDEEP:48:1JD/c4Hm/Ph8T+kIzH7LAT0RrkEfC96/bzNtXOBHOftWq:vG/p8akIrkEh/3NlO0VWq
MD5:225D6641B34C79BBC1778C4C315FF671
SHA1:D591CE13A0D1E9AF3D40130146416412FB62BB61
SHA-256:526DEC60E14843B508BB92A6DF577A261953DA7A55F61879B8FF2A41CC60E4D8
SHA-512:2CDE6641227F80B173BC8E58F250F874653B51FBF89E95C30A65D058B0902D1A59E28DBEF0A167731AAE4E5B1A718438C1FAE641C5D19048426B7826AFB9A707
Malicious:false
Preview:t.6...Ww.aN.H~.U.y?...........{..Z.M%~.T,j..!.ji..W~..w.D.e...........8...`..........*T,.W=...i-].:.^.....H...xL..48.T.bK.s.a..<.J.`v..u#...2...[pT. M./A....9f........K.~...X...~..DN..n4T ....f...d%..'..Ro...Z...mg..R].p..M........WG..b......Pb...t.X..Z....<I....'.~5Bv...P.*.Q....kF..... .n.,JC......y....vtS...,....JR6..#.Wa...9*e..wt.o/&...O..:...{....:...aS.(.0d.....T..Y...v&L......%O&........H1.dP..7.f..|..S.7,.+..m5...v.O"..DI.c.\j.U:<a.s,!...?.....@E.l..k.K`..s.v...H..#}hU...d4....Hz/.}m.|.X...C.t.fx.....{l$O..E{........X......C..Ni...|.o..^9.0..xNK$XDg..<&.^].+L.%.<...vyn...`.?.%X.iT.$....m..1.)..).dH*.I.8.f..6>..MwS.x].N.....`j.ror.[.8U.M5r.hi?...y.N..G.....X.c.....hj.+Ao..b]......T~_M-X..L.).6.XpP .......;.N.395`.b.[.$....K.....x....`=^+..3.:Q..|wS}.fUkXy....<.T)/.r;........Dl..g....i{._..U.!.....7|\..}"..[.1PI.J..........o=.y......_?.b*...<...z .N.)..)]....xR...i.....\c..{wM,..h...w)0....=.:...k..---*8+8*---c35d04aafbdfa36bcea0b27ee25fc

C:\Users\user\Links\desktop.ini.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):1563
Entropy (8bit):6.038684509413556
Encrypted:false
SSDEEP:48:F9LvnK1kp5h8ru6i0RrkEfC96/bzNtXOBHOftWq:PLi1Y5h8r1TkEh/3NlO0VWq
MD5:4E0BA7210391DCB02A71CE2A6F0C10DA
SHA1:8092BFDBA86A32082AC271D2707DAA84D2AB48A9
SHA-256:0C49F8C3D7D42C9549FDABB313E71BB8B7450297BBE18D720B05F6490CEFA1E1
SHA-512:1B4993EEFE4B2D630740C5260B380F37CFA4B158850A49BABE51C06BC9E5AB4AFFBC3D883D0EC63ACBBF953BABE290E56483D8A81E06A5448625C577297AE446
Malicious:false
Preview:t.6...Ww.aN.H~.U9.1.I.W[U......N~....~Ps.}.L!..;$...Yo.x..{.....!...TH...y......D.O*(...........r..........V!.O.~.HL...b.'...W.......w....hx....Z..!.@p....Rr.>.w9.N...E.....K8.{....N......;>z..>.=. .j.N7....^.MV.l...&.ra.4.~D.Z........!...DK.t..B.~.6..............i...Y.......<|f.q.><.K........../....e.-....j..'..("D.m..g..f`......t....0J...y8.G.cy@n.yM-01....R......Y#.}q.w..(....3.......}w..p....jR;~.F....5..f.7)1..m.1z..2D..u.xh7..M..Mp.....u@....H,......l%.K`Y..Ft........m.IJe..Y..wi.n..---*8+8*---c35d04aafbdfa36bcea0b27ee25fc16a6abf16f3692cc2056b896c01b7fa53aed10785f5e456c2fbd2d26ca146a725b0b4d439711fa77ba50c318d91f14d3a99b8b181766397dcc35fa53494e7f34a22d316d441867a43a88f4ba5066aeaf2e614f639b2ffe451f1f35ac804c1e853ed50ccb152ac11e4a36065be3faf4926980e6590f625b4d1d1ed3ea8eb59158a8093fc458fd0cc676a68698283c6c2d832e32ecf1ef8ab099a8ac8809a128615359f8135491feb70b7d6de2d2fef1dc5703822582f97049c3fd713becdee5792114667b6b279a76e0ab6ac397f91dadd44bf5f3e55d9583

C:\Users\user\Music\desktop.ini.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):1563
Entropy (8bit):6.044650887296566
Encrypted:false
SSDEEP:48:F9LvnKIjPOvFD3pK0RrkEfC96/bzNtXOBHOftWq:PLiAPOvbbkEh/3NlO0VWq
MD5:B21F289110005CC2B794EAA3C89F8931
SHA1:72F22DB6483684C5526687E4F83CEE7B29CF8F9F
SHA-256:E9A9ECD0F63CFF9C3720F5DEE330E94EEBACD6B2A4F578D974F4358A9294A662
SHA-512:5BCD8930493DC29EFF24E13BDD996AEF6FA2B2FD0155D360C38994766A24C03A53C1DB552F2E1E0771D9A78ADE218783CBF20BBD845A1B2E269D58E3B1E94A34
Malicious:false
Preview:t.6...Ww.aN.H~.U9.1.I.W[U......N~....~Ps.}.L!..;$...Yo.x..{.....!...TH...y......D.O*(...........r..........V!.O.~.HL...b.'...W.......w....hx....Z..!.@p....Rr.>.w9.N..S..............t..k.4......~.;..J.W.z+}..........wBi....U^@2=.M..I~,.w\b..'|.8...F..pN..S[..=x^6....@....24nUH..a...z.D.^...&?..j....V..\.yF]..?k..~..e.hVI...|....O.v......kr.N..,.4...Y....k.i.{jk;.L..L.{..l.._d....v..~y&..m..^[..p...`j ..b.I....t..$.qI7.......].>....)nN...sg..(+U L.G....O.>z.~...5.........1..k..A......Z.]..7;.---*8+8*---c35d04aafbdfa36bcea0b27ee25fc16a6abf16f3692cc2056b896c01b7fa53aed10785f5e456c2fbd2d26ca146a725b0b4d439711fa77ba50c318d91f14d3a99b8b181766397dcc35fa53494e7f34a22d316d441867a43a88f4ba5066aeaf2e614f639b2ffe451f1f35ac804c1e853ed50ccb152ac11e4a36065be3faf4926980e6590f625b4d1d1ed3ea8eb59158a8093fc458fd0cc676a68698283c6c2d832e32ecf1ef8ab099a8ac8809a128615359f8135491feb70b7d6de2d2fef1dc5703822582f97049c3fd713becdee5792114667b6b279a76e0ab6ac397f91dadd44bf5f3e55d9583

C:\Users\user\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TM.blf.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):66588
Entropy (8bit):1.6665331938944867
Encrypted:false
SSDEEP:192:dT+p+rSnw7iF6f1RUx4nQN/WzEV9B6f3RUx4Pw8DKNFBzJj89tsAyEcT/:h+UrSGiIfDVQN/6nfhxw8eNFvUJyE8
MD5:B12B1E313651751C58B70711A7A21A1F
SHA1:DCB8E2A8D354ED6E96BCFDDC79F9BEA1CA88BDE2
SHA-256:8FF791381871343DE8BE0FE985B6DF981CFF3794015BDE6C9B427ED10E806190
SHA-512:C67DE78E9E3E7394B930FEF718D27F10B8BB3B53420CE022FE3B51A19BBFFD411E0DDF6448623E0C327B6B1C6E5FCB445DED8305B4AACBB524A4F5CAB04BB66D
Malicious:false
Preview:..3.N...e....7A.I...].^..Ne7..-.c5....,g..........!.......{.#(u..G.:.Z...N...;e..m...Q...P/...*#.....E(.AE..f....."."_.:.......W&.l....~.....U..5....z-.F=..f?...|)R...t...m.. ....L4m.)r........K.<!.....'3..)^4.....,...i{0.b+.<2Dq..)E....K. `.#,...(....V9.0._D.-.NM.R0\T.:..Def...G/{C3.....e..wF|2/uI..p.=mR.I.......u ..xI..$?.~.>....ki.p./....N...f.Cn.@4..Z.t.*)?iL$.T............5|=.K..X..f. .g8.?*..V..a.- ..o.32...0O.>D..E..;.4<XFB.0A......~.z..#r...M.9R.jP...]w......*4.2.....2g.-c[G...|...........i.<... .5%7..,Q4.....v=l........{l.<..t".cZ..%.o.@.*.P.7..>...I._E.M.C-.5.73D]J.....j....k.6.....k.m5P..F..6.O.)..T#..}.c...#..+(.....Md.P]#Q.u.w...d..S..TFd..,.r...KS..F..p..TQ..z...y..Sv...<...t.....F.2.........8..M..;.$...N.w.yW.-.L..dNT.Cy.x.f.W..PZ.|..O.E....ny....|..p.Mb.{..G..a..t.l..T(d ...?.....f..e#i..7...mr.J....r6..36.Y..t.f.F.DYF.3.En./..J. @.x.I...S..|..oG.=..........(h.n"I.+.W..0..q:.1.p.Es{F.=...O.\.q...2f....!....//...h....

C:\Users\user\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000001.regtrans-ms.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:OpenPGP Secret Key
Category:dropped
Size (bytes):525340
Entropy (8bit):1.3009464704714786
Encrypted:false
SSDEEP:1536:3RhemNXzejkflpO9DAPKiAfLErhPjWDaRPOCEIomJt:3RheeC+dPXAYr40POCAmJt
MD5:4F8AD716ED6EF5AC85F7A6188036DA12
SHA1:B6F9EE1994C5869FE872A107EA73812006776BF4
SHA-256:E09D631621F933EF72E62DC9738ABA726C7B7224E9A47B97ADD596377126F065
SHA-512:E9B08F3BB6AC497AE7ED06CF2A9B12A35FF4D0960CA99F222225C07AEF0E1BA80A4E082D3C17A603920EFAA6EBE44B3D989D57490F7F98B7F90492993074468D
Malicious:false
Preview:..A..F.-.I..u...{...(..@q.6%...hC....><.l.......B..po......p.i&.-..".B.VK..a.h+..9. H<...A..%.;.#..$N..TN.@....Or.8.6..tyx......EG.C.]...;.M..l/..T.b#.....6.c*...|.....m8.Ou].?......:D.[I`=...h<.g.W. ..5.ZWK|."..u.......Z....\..k..!d.U..Z..:.1.}.:...5..u.\(t$.*.*.<q..>.)3.}..?.;......^.zQ.$a.....J.GH.hPE."=....Za$..gO.y>".|......(.t.._8<......w.J.x.............8..]....L/...4..Au.^y<..!..UJ....#4.........g..Rk..b...%.v.Gw.MV..3!A.M.=c...1v<."@.Y..F.\h<.\~{.....Q..........|M.OU....^h..vt...Z.+.U)(....{..`....St&.....5.vo.%...i.S.........e.U.......9...@.z.t.1FC..W...^i.!....> +./..V.Y.f....E.g....r)@^.m....~"..`Q. .C..{.5.....?.....3.T........W_v.`...}A.B.I.J.Nel.............%>.;...2.........pI.o..X.S..../.4_.k......5PY..lFw..Q...BR_.5..K.....\L...c.B.i....g.2...2C..j.7.0.%.V.U...O.v..Jf."&.),\D.K."!o..$..K.Z......e..|A..vEh....k.....I.E..e..II3....a...).{;R.....X.........{.ZM.r>I.f..ij.zU.r.7.Lv..;.....Q,*..E{...fu.."...l..woB.6>.3yZ.<.7bq.L.....s...J

C:\Users\user\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000002.regtrans-ms.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:OpenPGP Secret Key
Category:dropped
Size (bytes):525340
Entropy (8bit):1.300247246465576
Encrypted:false
SSDEEP:1536:wsFX8jdrHLav+BIHYf0mvIHoWuQ7I682iFxpY:fOdrHevg9wHoW3868S
MD5:68B94D31AF537F1DDEF2783E73B46C3C
SHA1:5C81DEAE2232A055062FA1B1EC544DA208DE997E
SHA-256:2489721888A625AD4C076846AA68F5DB4F8F9458439E9DC569E839887151B963
SHA-512:73200F27C8B601C2EC0F419E6BFB226D6FCA17FF937C938EB67E37D2767A2E45E8FA21394A035557DF3487F5D249416AEED6C606E5297B269582151E6EF498AB
Malicious:false
Preview:..A..F.-.I..u../o.4'.9D...}......-..T.E.....l....:..E..\;.....;g .....z+.\..4...v.<5[qfs..5..4Q..H..........@.c]i)..U...DFp......(lLe....<f).q.k@.K....t_.M...L./..q.l.@...v....Q..."...]v(.(..4%.~..i..u\.....2.....z...G...YX..zc...7......T..\}.k. !.....md."....z.aO..S@...&....2....(..t.]...E(W..p..)..>.?..DQ.....ni|.c.`n...2u.*."".|..C........N.T._....:..~y ..3W3.R#.Y.%.D...i]V.\..*.e........a.L..s}.w''a...^./......,Y....zC..y.s....+....i.8[.#..7..E...V..sO......Vo.".j>I.d.p%h2..h..._....{..*.....b........Q..V....R...Q..gu.Y..g&V.tS.:s.......j.s['.|.n........n>..'X....(.g...EO....6Sk..p#=....'..0..'_ex...v...g..?.j....~;...._.x...E,.s......3..Q.#*.n..z.......dI...C[.J..$gl...h....%.L...Ew.|.L.4....h.H.mo....].|...!|.f....S.X....1:...RT..9X...:....x..^F.x.."Y8W.rx?..h{]........!...mQ<.....\M...2..'>n...Z...<.@.X......wP.-C.`.f.v..?. N.....y.{.b.[..~m.T....o..O...)D.jL.._..G. \U....:.A.."a...b.r-..b.N....Lb&.1a....".....z.9.v. .F._.K.

C:\Users\user\OneDrive\desktop.ini.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):1148
Entropy (8bit):4.652912681113287
Encrypted:false
SSDEEP:24:MeNNisQHOIRvWOUbatNiMdLaj2flWb3xnV5UdfgyxFBmayn:MeLChRe78d+2NWb3NwfgynA
MD5:60C9F8CF9500F303D89BFD202F643CC8
SHA1:53AADA153900B4897A3693E6A6166D2D853E57E2
SHA-256:C2E9C0D49070F6B55CEFD134D2E2D74C9105A0CACEE09E3623D4A3862B87A8CF
SHA-512:F5B20BB45CBA60526F7DD26C325C35E8A091BBA35C0A8200127644F46399D6B7DFC827E746927F995412B525B27CC763B30DA5F1EF3AD036689B83C1F68C1655
Malicious:false
Preview:w.D.70...E.8...S.Oh....].;....b..yG%..*....3.:..N.....0@....?..b5.zZ.p.r...w =.8.R..g....9X.f.00....=....4.---*8+8*---9021c84367bdc192e5fcb2b64e488cb04c332a2d14c5b7b0a6d3302b1cfa59a41ed1142db46f32a1a3c8535e3c06a79e38635ce562294ea6e5fee09f5e0e77ba50abc2a6b3121d9302355eaceaca42b04b1cd1210689eb8d0edaf4e791550bfca13fb8f64d2df7caa2e596b145a49142934731c12a50a0752bf527eba4747fba984361dcaade97b6791fcb737dc021e8ab75cd8be8b47617c6eef5e646f0d4033bd9e115115fb6f4c7fc9aafac452598c8f49de5ac18f686556bdec87bde3a82eb5e4e2a72b647a70665da11f1fb30217b06a79c59993ad594a66a783d529ea8b226b99b3a113870b8d3c1bbd1d784770978b56261bd0119a01ed630d3565e6687e126b4b9204d2134f2dbcbbf098a0f629da99ddf4ad2a5db37e45608645467799c3a1f424cf2b75c697293a3b7a08ecb3653e61f7a178851290e767896a70c82c821d766c2e9ae3375239602ef3231ab6211a7c36932fe349da10c87fc82129a90f9b9a79792b85ff5d56e206d9ea86801c8a2aec335e6b627510a52303bc962c296fa761de01bae47526bea922fe036001c51e7d329212f3686c0829d89153a059a81601d088b2c31fc091cde4205bb3d9b1931d10

C:\Users\user\Pictures\Camera Roll\desktop.ini.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):1244
Entropy (8bit):5.108340084692013
Encrypted:false
SSDEEP:24:4BMH/GILGrFW9m376sQHOIRvWOUbatNiMdLaj2flWb3xnV5UdfgyxFBmayn:4BcGILGchRe78d+2NWb3NwfgynA
MD5:19A9B66DB6A779587C51561DE53DE4EE
SHA1:87D4C675239C6060D4CA0B7FFCB77EA5A56378D6
SHA-256:04EAB7639723752EBD04390A07C590619062C1E2773FBE258D238D6774AD47EB
SHA-512:06D446206528EB9718BD104F56183B86886D3052DD1662F22F35DDA09F6998F65501B8F862D11CA2998009DE440A28D12364338413839F38194A14CE15E4C7E3
Malicious:false
Preview:w.D.70...E.8...S?..T-......J....2.W...`]#..X?.a..Y?U.e. ..F$J?.y..h.p..j.H.C. .>..7;YN.......M!.%P.l... ..........A......r.'.i.N....$...aj.V.$*..;....k...~,3|(..b%.e.s.....1.\....2V.;5...w..#u...n zQ..d---*8+8*---9021c84367bdc192e5fcb2b64e488cb04c332a2d14c5b7b0a6d3302b1cfa59a41ed1142db46f32a1a3c8535e3c06a79e38635ce562294ea6e5fee09f5e0e77ba50abc2a6b3121d9302355eaceaca42b04b1cd1210689eb8d0edaf4e791550bfca13fb8f64d2df7caa2e596b145a49142934731c12a50a0752bf527eba4747fba984361dcaade97b6791fcb737dc021e8ab75cd8be8b47617c6eef5e646f0d4033bd9e115115fb6f4c7fc9aafac452598c8f49de5ac18f686556bdec87bde3a82eb5e4e2a72b647a70665da11f1fb30217b06a79c59993ad594a66a783d529ea8b226b99b3a113870b8d3c1bbd1d784770978b56261bd0119a01ed630d3565e6687e126b4b9204d2134f2dbcbbf098a0f629da99ddf4ad2a5db37e45608645467799c3a1f424cf2b75c697293a3b7a08ecb3653e61f7a178851290e767896a70c82c821d766c2e9ae3375239602ef3231ab6211a7c36932fe349da10c87fc82129a90f9b9a79792b85ff5d56e206d9ea86801c8a2aec335e6b627510a52303bc962c296fa761de

C:\Users\user\Pictures\Saved Pictures\desktop.ini.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):1244
Entropy (8bit):5.103685453781392
Encrypted:false
SSDEEP:24:4BMH/GILGrFW9mWKsQHOIRvWOUbatNiMdLaj2flWb3xnV5UdfgyxFBmayn:4BcGILGwKhRe78d+2NWb3NwfgynA
MD5:6CCC89189A78C420705AE58B3E7EB5DF
SHA1:C7D44677F8B16F7BC73B46670C6FE21657ACD58E
SHA-256:6E32CF9D6E787E4302B231C55A5DA86E2A1DC90E95474804DACFE9D6A7681886
SHA-512:56D78D09AB38D45ECF2066D01DDDC6B7496B8211D2ACF0AD8E97F3568853A299428CD79218458A5340E5A7B03B2FA686E661B1DAA348C67AFAB732ED463E11F2
Malicious:false
Preview:w.D.70...E.8...S?..T-......J....2.W...`]#..X?.a..Y?U.e. ..F$J?.y..h.p..j.H.C. .>..7;YN.......M!.%P.l... ..........A......r.'.i.N....$...aj.V.$*..;....k...~,3|(..b%.e.s.....1.\....2V.;5.......^.\-E..{.]..---*8+8*---9021c84367bdc192e5fcb2b64e488cb04c332a2d14c5b7b0a6d3302b1cfa59a41ed1142db46f32a1a3c8535e3c06a79e38635ce562294ea6e5fee09f5e0e77ba50abc2a6b3121d9302355eaceaca42b04b1cd1210689eb8d0edaf4e791550bfca13fb8f64d2df7caa2e596b145a49142934731c12a50a0752bf527eba4747fba984361dcaade97b6791fcb737dc021e8ab75cd8be8b47617c6eef5e646f0d4033bd9e115115fb6f4c7fc9aafac452598c8f49de5ac18f686556bdec87bde3a82eb5e4e2a72b647a70665da11f1fb30217b06a79c59993ad594a66a783d529ea8b226b99b3a113870b8d3c1bbd1d784770978b56261bd0119a01ed630d3565e6687e126b4b9204d2134f2dbcbbf098a0f629da99ddf4ad2a5db37e45608645467799c3a1f424cf2b75c697293a3b7a08ecb3653e61f7a178851290e767896a70c82c821d766c2e9ae3375239602ef3231ab6211a7c36932fe349da10c87fc82129a90f9b9a79792b85ff5d56e206d9ea86801c8a2aec335e6b627510a52303bc962c296fa761de

C:\Users\user\Pictures\desktop.ini.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):1564
Entropy (8bit):6.065885860048466
Encrypted:false
SSDEEP:48:4BcGILGAt4h10eYhRe78d+2NWb3NwfgynA:aMdt4kxfNWhwfgyA
MD5:764EB0E5BF5C9F03A285B745FB29AF11
SHA1:BD7DC8C68A5BAA9910FB6DC0E8A3D791D9B154A1
SHA-256:B6FC3EF5A6DCCA87FD9045B9C902460F297A278635DEA24C33E4AAF4F8F30925
SHA-512:D0E255A3AD85523B4F04DA76866FA2B4E37F3846A098DE69A629E5DA8544DE6251111C9B8E7FA8B6B4014D1434B1836D3968EAB762BC0B9B425EEC97E84FD511
Malicious:false
Preview:w.D.70...E.8...S?..T-......J....2.W...`]#..X?.a..Y?U.e. ..F$J?.y..h.p..j.H.C. .>..7;YN.......M!.%P.l... ..........A......r.'.i.N....$...aj.V.....{X=}.^t..K..b...[.......s....!.!..!m-....3.......Y.UDS..p(..p..t.E..f.J.....T.<..CX7>.)X...x.P.....P...H..'..c..zF........j.9Y.0.<D|1..d.....+...i.<......=.3.XK....V.K....c..1j .p...k..Lr_..{eT.....E.......C..*..5...{[.....G..`.....,..s:.$....:o`..h.P...vs.%X.....(Qn......g....[.{\..<vl@....Je.!....R{......P...c........|....a^....u.,w.P..l....../.,#.p.i.A.X---*8+8*---9021c84367bdc192e5fcb2b64e488cb04c332a2d14c5b7b0a6d3302b1cfa59a41ed1142db46f32a1a3c8535e3c06a79e38635ce562294ea6e5fee09f5e0e77ba50abc2a6b3121d9302355eaceaca42b04b1cd1210689eb8d0edaf4e791550bfca13fb8f64d2df7caa2e596b145a49142934731c12a50a0752bf527eba4747fba984361dcaade97b6791fcb737dc021e8ab75cd8be8b47617c6eef5e646f0d4033bd9e115115fb6f4c7fc9aafac452598c8f49de5ac18f686556bdec87bde3a82eb5e4e2a72b647a70665da11f1fb30217b06a79c59993ad594a66a783d529ea8b226b99b3a113

C:\Users\user\Saved Games\desktop.ini.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):1340
Entropy (8bit):5.459501099243048
Encrypted:false
SSDEEP:24:4BMH/GILGr92NU//YCkg5yCvZGFsQHOIRvWOUbatNiMdLaj2flWb3xnV5Udfgyx6:4BcGILGAN2AYvkhRe78d+2NWb3NwfgyA
MD5:8E3C53B746E2139C2E489B5D1EC72DE5
SHA1:DCFECCA1D5300C920033EB53AC1660AC4A3B179A
SHA-256:DA94DBE4F4BADDD751751643C1EB51D3C94C8678E26278B193880B44B5ECBCAE
SHA-512:5B06729BD80EF610B13F9119D1E691D56280436C399B2EE9C1A0B4A395CAD84E952B6B0EF8979A59D72BD3D7E89D1ACB71BCB2216309D850F23D4D36DED51BED
Malicious:false
Preview:w.D.70...E.8...S?..T-......J....2.W...`]#..X?.a..Y?U.e. ..F$J?.y..h.p..j.H.C. .>..7;YN.......M!.%P.l... ..........A......r.'.i.N....$...aj.V.....{X=}.^t..K..b...[.......s..R..r...p.X....0..G.._$..%dnP..#..,......R..o.1.DU4R.-.Y.Yn.\gs[..k..{.P....g..w.,.g..].P.^..4..@........e{.....[.H|e....---*8+8*---9021c84367bdc192e5fcb2b64e488cb04c332a2d14c5b7b0a6d3302b1cfa59a41ed1142db46f32a1a3c8535e3c06a79e38635ce562294ea6e5fee09f5e0e77ba50abc2a6b3121d9302355eaceaca42b04b1cd1210689eb8d0edaf4e791550bfca13fb8f64d2df7caa2e596b145a49142934731c12a50a0752bf527eba4747fba984361dcaade97b6791fcb737dc021e8ab75cd8be8b47617c6eef5e646f0d4033bd9e115115fb6f4c7fc9aafac452598c8f49de5ac18f686556bdec87bde3a82eb5e4e2a72b647a70665da11f1fb30217b06a79c59993ad594a66a783d529ea8b226b99b3a113870b8d3c1bbd1d784770978b56261bd0119a01ed630d3565e6687e126b4b9204d2134f2dbcbbf098a0f629da99ddf4ad2a5db37e45608645467799c3a1f424cf2b75c697293a3b7a08ecb3653e61f7a178851290e767896a70c82c821d766c2e9ae3375239602ef3231ab6211a7c3693

C:\Users\user\Searches\Everywhere.search-ms.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):1308
Entropy (8bit):5.341633670215991
Encrypted:false
SSDEEP:24:7Kv/NtbqO+VLsQHOIRvWOUbatNiMdLaj2flWb3xnV5UdfgyxFBmayn:evP/whRe78d+2NWb3NwfgynA
MD5:5846FD6ABDC02DEEACF1C3E7D4C917B6
SHA1:395F1643859AD2BC577C7E0A9A4C91592AB17624
SHA-256:0D9ADF31F84CECF34D00E85F4057A9DD9A09C98ECEE5F7DC57FC2D25F4F8EB65
SHA-512:4CCAECA66C14983B2BE16C566BAA4587B5A03D7F2CC74A88C4E56DC11AB52F22345C99A3ED531EDC14FAC64E81229B89726B515883C3B81A74256414C8B2F69F
Malicious:false
Preview:w.D.70...E.8...S]q..e..T....R.yu..|..bEbva;...Y%.......... .<.....PjO.WD...?Yp*.;...U.r{..*...P....l_..L.~.56.<.7.geq|.."F.....O.-.nW...m.$@p.C..2....E......uj.gICE...2..4....u.D.j.$../O....H.Z}X.i..RS..~.I.k.....p..].9...Q......q.A-...!$..37...5.q....[T.$..---*8+8*---9021c84367bdc192e5fcb2b64e488cb04c332a2d14c5b7b0a6d3302b1cfa59a41ed1142db46f32a1a3c8535e3c06a79e38635ce562294ea6e5fee09f5e0e77ba50abc2a6b3121d9302355eaceaca42b04b1cd1210689eb8d0edaf4e791550bfca13fb8f64d2df7caa2e596b145a49142934731c12a50a0752bf527eba4747fba984361dcaade97b6791fcb737dc021e8ab75cd8be8b47617c6eef5e646f0d4033bd9e115115fb6f4c7fc9aafac452598c8f49de5ac18f686556bdec87bde3a82eb5e4e2a72b647a70665da11f1fb30217b06a79c59993ad594a66a783d529ea8b226b99b3a113870b8d3c1bbd1d784770978b56261bd0119a01ed630d3565e6687e126b4b9204d2134f2dbcbbf098a0f629da99ddf4ad2a5db37e45608645467799c3a1f424cf2b75c697293a3b7a08ecb3653e61f7a178851290e767896a70c82c821d766c2e9ae3375239602ef3231ab6211a7c36932fe349da10c87fc82129a90f9b9a7979

C:\Users\user\Searches\Indexed Locations.search-ms.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):1308
Entropy (8bit):5.329662085076237
Encrypted:false
SSDEEP:24:7Kv/NtotkJN2Ye0+2sQHOIRvWOUbatNiMdLaj2flWb3xnV5UdfgyxFBmayn:evPOS2N0+uhRe78d+2NWb3NwfgynA
MD5:37053426C2161D352B0C8C5B5AA03E84
SHA1:F39E4FA9C4383E58547C17B77CBDDC5AA390F32E
SHA-256:E3F17224C19069D7041F1A2E9C32329A8C6550E225B84A4B7F8A7BFD39EA04C4
SHA-512:885EA885547B342C62D9E29912BDD600B663560E855EB49949CACA17F51464185C870136D267209C324365B30099E5D2A37CD6B419D7E6F91441505B32C3A02C
Malicious:false
Preview:w.D.70...E.8...S]q..e..T....R.yu..|..bEbva;...Y%.......... .<.....PjO.WD...?Yp*.;...U.r{..*...P....l_..L.~.56.<.7.geq|.."F.....O.-.nW...m.$@p.C..2....E......uj.gICE...2tC}.H....`.H..x..,.c..u...5]#..jsf......8+;&o...m.ZZ.c.2..;.s#.....uC.~..+?.....z..&...(.z..---*8+8*---9021c84367bdc192e5fcb2b64e488cb04c332a2d14c5b7b0a6d3302b1cfa59a41ed1142db46f32a1a3c8535e3c06a79e38635ce562294ea6e5fee09f5e0e77ba50abc2a6b3121d9302355eaceaca42b04b1cd1210689eb8d0edaf4e791550bfca13fb8f64d2df7caa2e596b145a49142934731c12a50a0752bf527eba4747fba984361dcaade97b6791fcb737dc021e8ab75cd8be8b47617c6eef5e646f0d4033bd9e115115fb6f4c7fc9aafac452598c8f49de5ac18f686556bdec87bde3a82eb5e4e2a72b647a70665da11f1fb30217b06a79c59993ad594a66a783d529ea8b226b99b3a113870b8d3c1bbd1d784770978b56261bd0119a01ed630d3565e6687e126b4b9204d2134f2dbcbbf098a0f629da99ddf4ad2a5db37e45608645467799c3a1f424cf2b75c697293a3b7a08ecb3653e61f7a178851290e767896a70c82c821d766c2e9ae3375239602ef3231ab6211a7c36932fe349da10c87fc82129a90f9b9a7979

C:\Users\user\Searches\desktop.ini.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):1580
Entropy (8bit):6.093962926585178
Encrypted:false
SSDEEP:48:4BcGILGA5ekL8pVc3hRe78d+2NWb3NwfgynA:aMd59kVKxfNWhwfgyA
MD5:6906FD3E62400BEA87E0C6AB6071143A
SHA1:C1F6753EDFF3AA9BFF9985B57FFE27274F7A5630
SHA-256:D4FA3874DF31DE6967A0BA71B9A1E7FA1C518D4913D811582F924FDCBE40CE7B
SHA-512:D269C77881A876E42D6CBAB815A1F87D5B69EF4F8771D0E0A12DF4CC7C51734AFD9E01BDD07F84EAB12E2570581B981544DE60C7A99F1950BDBE2D70D2BA26FD
Malicious:false
Preview:w.D.70...E.8...S?..T-......J....2.W...`]#..X?.a..Y?U.e. ..F$J?.y..h.p..j.H.C. .>..7;YN.......M!.%P.l... ..........A......r.'.i.N....$...aj.V.....{X=}.^t..K..b...[.......s.G...!V........K6...^..1`HDw.u..<..kk.`v....|.._....oV.l8G.........G.:.l..Qm,[....M%...._.....P..oQ...P.@.G.c...g.....;M.....f..[e.k....Y.Z........Xx..i{.0....c..B..&.*i......KKE1$..p..]i....@$Tzj..x...Is.H.&A..A..%.....?.*...J....`3....*.S9y...;.m....5F.,C.../..o.+...!3......{.s.zh~C.8*{.Y..c#....,..9!jb.[z..Sw.+P....n...9.Uf....K...Q.[.r...5&....---*8+8*---9021c84367bdc192e5fcb2b64e488cb04c332a2d14c5b7b0a6d3302b1cfa59a41ed1142db46f32a1a3c8535e3c06a79e38635ce562294ea6e5fee09f5e0e77ba50abc2a6b3121d9302355eaceaca42b04b1cd1210689eb8d0edaf4e791550bfca13fb8f64d2df7caa2e596b145a49142934731c12a50a0752bf527eba4747fba984361dcaade97b6791fcb737dc021e8ab75cd8be8b47617c6eef5e646f0d4033bd9e115115fb6f4c7fc9aafac452598c8f49de5ac18f686556bdec87bde3a82eb5e4e2a72b647a70665da11f1fb30217b06a79c59993ad594a66a783d529

C:\Users\user\Searches\winrt--{S-1-5-21-2246122658-3693405117-2476756634-1002}-.searchconnector-ms.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):1916
Entropy (8bit):6.609855086229882
Encrypted:false
SSDEEP:48:YIedsgxsIvkTENjOBp/hRe78d+2NWb3NwfgynA:xeCchMTojOBpXxfNWhwfgyA
MD5:33C0D73659442BDA0867ED42FD667B27
SHA1:F491385D6A5EDB56F6BA7F018FBFE6C603A44617
SHA-256:9D9B2D76C0082546757A9D05096EAFA667023EA7F677DB3D20247CDA434D9553
SHA-512:CEDA43FEC1A113611D8DA6DE44C3622193193493B655860D34654E05C6C8D3C55ADDDF73D11E1F423EAB9A49F7D347AD42C5DF62808DFF37FA11B7DE7AF669C7
Malicious:false
Preview:w.D.70...E.8...S]q..e..T....R.yu....'IK\j..o<..........!.A....&..}..A!E..5...qXn........*.B.......j.G.\Pk..w..D.....=0..b.[...Lg.....;....c....7...../.=.......A.....k..B8..9WH."....|.:bCG;.-..#.......#]..6.OK.X...>K..S..BPH%Y1.y.tl...&-.U.L..^.`G#B.N.....a_.3.Z8@.b..k.W.Y....R.P.d..'6...S.I..r....B%....Ms...[. u\&...k..CX.w..P.<....bYY'VxA?t.....ZLG..($-.M..>...Ky....?...BM.|k3.r$..}.i...G..1.....L.....=..>K..%7.......O.....>.z#..W&..d...O......JZ.. ..t.,.......oR\\)n.uw..=.^.[....;H.9_..L..yN2..%E..x...{..w<....(.2....Z.\..;...C.../.u..ko...l..d)m.M...(G.L..Ta..2&k}..*.U....H0._Z.R-....P..u.M.....8.j..?Tt..@i.>_.......[q....y\.~k...........>./........O..R..9X>.'.).6b..)!..@H..~...-*.^E...iK&..GF$...4IBH....M...,^M..S{|z.c..q.ANP"......d....{.x.o....D.b..y%<d.T,.i.d.,...$...J.`.^(......&....l.......(..^L.dws.q...Yw._....#..eS...3.q---*8+8*---9021c84367bdc192e5fcb2b64e488cb04c332a2d14c5b7b0a6d3302b1cfa59a41ed1142db46f32a1a3c8535e3c06a79e38635ce562294

C:\Users\user\Videos\desktop.ini.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):1564
Entropy (8bit):6.045776480331938
Encrypted:false
SSDEEP:48:4BcGILGA+gc3WNhRe78d+2NWb3NwfgynA:aMdJcG5xfNWhwfgyA
MD5:423CB3B4366E68777D1A25A36DFF4DAF
SHA1:6158B766A68B2434B7C069879324A602D3DFEF91
SHA-256:FA640F52C7E33E9E00384C828E98463EFD2256750874C142CA930A7CD816D7BE
SHA-512:C933274215C66AE6F45CC723001956038156E1950815CFA2309052B0A9EC81E45399A909D76773C33A435DAEE2A31F0E91FB49E1DE6623C47DB155F9B176E1FC
Malicious:false
Preview:w.D.70...E.8...S?..T-......J....2.W...`]#..X?.a..Y?U.e. ..F$J?.y..h.p..j.H.C. .>..7;YN.......M!.%P.l... ..........A......r.'.i.N....$...aj.V.....{X=}.^t..K..b...[.......s..t.[V..t"O...).&...... <.eK.n..h. ....a.W..c.Z.;.._..*....-........w@........=.6....L..10l.D.X. ...R2l...4.$.."G.* ..$.T.m...j^.R..:......:..M.M...h.q..nQ/.....a.....F.J..c..I%.0$..SN..B.jI....F.....L...Y..)y..\f......x~._.d..r$.n.u..rJu`k....%.nS"......%*..u..3...."a.b.j...a..".J..#....yU&$......4.p.t{...;#}.=..D.8..||..Q...ee)..&~G.a.A..---*8+8*---9021c84367bdc192e5fcb2b64e488cb04c332a2d14c5b7b0a6d3302b1cfa59a41ed1142db46f32a1a3c8535e3c06a79e38635ce562294ea6e5fee09f5e0e77ba50abc2a6b3121d9302355eaceaca42b04b1cd1210689eb8d0edaf4e791550bfca13fb8f64d2df7caa2e596b145a49142934731c12a50a0752bf527eba4747fba984361dcaade97b6791fcb737dc021e8ab75cd8be8b47617c6eef5e646f0d4033bd9e115115fb6f4c7fc9aafac452598c8f49de5ac18f686556bdec87bde3a82eb5e4e2a72b647a70665da11f1fb30217b06a79c59993ad594a66a783d529ea8b226b99b3a113

C:\Users\user\_curlrc.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):1068
Entropy (8bit):4.246757624585219
Encrypted:false
SSDEEP:24:J6sQHOIRvWOUbatNiMdLaj2flWb3xnV5UdfgyxFBmayn:UhRe78d+2NWb3NwfgynA
MD5:050022AA320EC262763EC78E02B7D291
SHA1:1E5FB86B87D3127F2695379D19299D844F4B8491
SHA-256:C7F1C4EEFCEAEDB6F2DA05AFC773CBA4B297AE11E95C7160AFD480478C932556
SHA-512:5EB8FE10B2DDFFC6B6A0860F437C99B5AA72622F78228CAC5A0B2BEF1C50AFDAD5FE831289977F2AEF80CF16EC4DFA1598B1CA322768312BC1F61A76E6C84E26
Malicious:false
Preview:w.D.70...E.8...SKiL,._..t.....Y---*8+8*---9021c84367bdc192e5fcb2b64e488cb04c332a2d14c5b7b0a6d3302b1cfa59a41ed1142db46f32a1a3c8535e3c06a79e38635ce562294ea6e5fee09f5e0e77ba50abc2a6b3121d9302355eaceaca42b04b1cd1210689eb8d0edaf4e791550bfca13fb8f64d2df7caa2e596b145a49142934731c12a50a0752bf527eba4747fba984361dcaade97b6791fcb737dc021e8ab75cd8be8b47617c6eef5e646f0d4033bd9e115115fb6f4c7fc9aafac452598c8f49de5ac18f686556bdec87bde3a82eb5e4e2a72b647a70665da11f1fb30217b06a79c59993ad594a66a783d529ea8b226b99b3a113870b8d3c1bbd1d784770978b56261bd0119a01ed630d3565e6687e126b4b9204d2134f2dbcbbf098a0f629da99ddf4ad2a5db37e45608645467799c3a1f424cf2b75c697293a3b7a08ecb3653e61f7a178851290e767896a70c82c821d766c2e9ae3375239602ef3231ab6211a7c36932fe349da10c87fc82129a90f9b9a79792b85ff5d56e206d9ea86801c8a2aec335e6b627510a52303bc962c296fa761de01bae47526bea922fe036001c51e7d329212f3686c0829d89153a059a81601d088b2c31fc091cde4205bb3d9b1931d10d82646786e5dfed5f2b1e3785bb0713760ff5d1b8cd23047c0db295554ac405ee806868230ba353f

C:\Users\user\ntuser.ini.invisible

Download File
Process:C:\Users\user\Desktop\CjFaGVmupj.exe
File Type:data
Category:dropped
Size (bytes):1083
Entropy (8bit):4.31063440936529
Encrypted:false
SSDEEP:24:TNZnKJ0R5zdc6kE0ihkDVSCmE6/zkUrUvWCSgzGNtXOcdeZaeKhftMSMZq:TNZE0RrkEfC96/bzNtXOBHOftWq
MD5:C681E419E28C7B3F04F379C9CADCA965
SHA1:6BB3A18AC6446C586600A478B0F2885D76FA69B6
SHA-256:AD28318D2EA0E590E24627470DD4E60BF1B96DCEB8F755F6B006B5002554EBCF
SHA-512:B0CB68CB2FA610033D7DD870C6C02A1B409E727D2F8C79EB001AF7329BE779CBE68E1642FBEE733C802EEBF4734D9A35AC6497BF456F3EE1DF36E0B8D6C9710A
Malicious:false
Preview:t.6...Ww.aN.H~.UV4.."F..49v..F6.....;'.*..G4zaL---*8+8*---c35d04aafbdfa36bcea0b27ee25fc16a6abf16f3692cc2056b896c01b7fa53aed10785f5e456c2fbd2d26ca146a725b0b4d439711fa77ba50c318d91f14d3a99b8b181766397dcc35fa53494e7f34a22d316d441867a43a88f4ba5066aeaf2e614f639b2ffe451f1f35ac804c1e853ed50ccb152ac11e4a36065be3faf4926980e6590f625b4d1d1ed3ea8eb59158a8093fc458fd0cc676a68698283c6c2d832e32ecf1ef8ab099a8ac8809a128615359f8135491feb70b7d6de2d2fef1dc5703822582f97049c3fd713becdee5792114667b6b279a76e0ab6ac397f91dadd44bf5f3e55d95837d9e9f38aa8bb2b3c8444f3b24ceb606f1322d036742e6d1b2c92944ed24de1e35f65911a4dfdc62e292a92420830f9b085fef0b81ca796046cd223645abb63f2c1d171624fe7b5d48731e64ebfa3cef8c6928300c1474ec33bc0f44bdcbdd36468ecbcdd3137c96c65df198f05afe57ce22e5d2918b6a94fa001f44f0b591d405c0c30234346839157c8c8a1122852516f84f0f26e284dea36b17a256ffdd33cbb3d59088cc6a589ca91b0c2d353fe04dc17cfdd101a1f03116852d5191095774b7c01ef8343dc67ac00b19ac8e1e34765eb71fd9dec860105839850ef444e04ccd0d0d5c1245f79eb920d487351a94

Static File Info

General

File type:PE32+ executable (console) x86-64, for MS Windows
Entropy (8bit):1.6241734188941572
TrID:
  • Win64 Executable Console (202006/5) 92.65%
  • Win64 Executable (generic) (12005/4) 5.51%
  • Generic Win/DOS Executable (2004/3) 0.92%
  • DOS Executable Generic (2002/1) 0.92%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:CjFaGVmupj.exe
File size:9'433'088 bytes
MD5:889e6365d82a9a89b6c8c86d672b8f0c
SHA1:59e293623e4fb828a29fb982d5ac9a4f993abc3b
SHA256:48630e76e438952a2030f1db408993e088839a801243b5d42e559afda4189f33
SHA512:cae479080f68f4f935a0694a5f948675c5c4be1a5dbcf437512af7f0ca801a129313daf915cefecbb62484b90c0579d1e50c9c4951bcc84dcdf5c814a8b231c0
SSDEEP:24576:i09gMRNaC6s6Hp15O3N22845VjpQaRdQtzHmhwFb+a:nWAd6sQp15/VgV9RdQxHmhwFb+
TLSH:7D96A406F7A621D1E0BAC139DD4621EEFC623C914F39E6D75285BA4A4B70BE4AD3C701
File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O.^..k0..k0..k0.@.3..k0.@.5..k0.@.4..k0.@.1..k0..k1..k0...3..k0...4..k0...5.7k0...5..k0......k0...2..k0.Rich.k0.........PE..d..

File Icon

Icon Hash:90cececece8e8eb0

Static PE Info

General

Entrypoint:0x140003a08
Entrypoint Section:.text
Digitally signed:false
Imagebase:0x140000000
Subsystem:windows cui
Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:0x66F58B8F [Thu Sep 26 16:27:59 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:6
OS Version Minor:0
File Version Major:6
File Version Minor:0
Subsystem Version Major:6
Subsystem Version Minor:0
Import Hash:bf2b250b786a474003e3b54a7aae5566

Entrypoint Preview

Instruction
jmp 00007FD2C8714E28h
jmp 00007FD2C878D463h
jmp 00007FD2C879B67Eh
jmp 00007FD2C8762509h
jmp 00007FD2C87E6E34h
jmp 00007FD2C8721B4Fh
jmp 00007FD2C87EE50Ah
jmp 00007FD2C87795B5h
jmp 00007FD2C8763570h
jmp 00007FD2C87219ABh
jmp 00007FD2C8737526h
jmp 00007FD2C873FA51h
jmp 00007FD2C8781AFCh
jmp 00007FD2C86EE937h
jmp 00007FD2C87F61C2h
jmp 00007FD2C87A0A8Dh
jmp 00007FD2C875FB28h
jmp 00007FD2C87A7D83h
jmp 00007FD2C874760Eh
jmp 00007FD2C86E9789h
jmp 00007FD2C87EF604h
jmp 00007FD2C87D1B0Fh
jmp 00007FD2C87D97EAh
jmp 00007FD2C87E5C15h
jmp 00007FD2C8748BF0h
jmp 00007FD2C8716B5Bh
jmp 00007FD2C8768456h
jmp 00007FD2C87005E1h
jmp 00007FD2C87616DCh
jmp 00007FD2C8715837h
jmp 00007FD2C87D6122h
jmp 00007FD2C8737E8Dh
jmp 00007FD2C8788C68h
jmp 00007FD2C87F84D3h
jmp 00007FD2C87AE30Eh
jmp 00007FD2C87A5E69h
jmp 00007FD2C8762774h
jmp 00007FD2C8737D7Fh
jmp 00007FD2C86F613Ah
jmp 00007FD2C871A8E5h

Data Directories

NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x1928f80x78.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x1970000x76dff9.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x1850000xb6f4.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x9050000xcc4.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x00x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x16a0b00x140.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x1920000x8f8.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
.text0x10000x134adb0x134c0091995eb8e5ed2c94c78da32ae6162e76False0.23546701037449394data5.159021170420693IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata0x1360000x4439b0x44400c3569d1ca291855478f75cd09e838aeeFalse0.18346497252747251data3.63476690267374IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data0x17b0000x9ea80x3600f9fccffed38fe9b237c2d65ac463a377False0.31589988425925924Matlab v4 mat-file (little endian) \322, text, rows 1, columns 0, imaginary3.8752471297602815IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata0x1850000xca680xcc00f78ee2f10b79b5677df13cc54a238db5False0.4958065257352941data5.6642298900603585IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.idata0x1920000x22e40x2400dc0bbcf783d07def8dcbb975b47bff64False0.2622612847222222data3.899804188125315IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.msvcjmc0x1950000x4460x600c5a290eb5c1b7d8f94af9429511f097bFalse0.027994791666666668Targa image data - Map (257-257) 257 x 257 x 1 +257 +257 - 1-bit alpha "\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001\001"0.9941694966703308IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.00cfg0x1960000x1750x2003f91d647a910a091acfa322ee993ba42False0.0703125data0.41168091652472194IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc0x1970000x76dff90x76e0003ae485e0acd83e82ef88a11e7dc6c306unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc0x9050000x4db00x4e004ef41c170cbcfb85a00624ab92632b58False0.09104567307692307data1.440759150022534IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

NameRVASizeTypeLanguageCountryZLIB Complexity
AFX_DIALOG_LAYOUT0x1974880x2dataEnglishUnited States5.0
RT_BITMAP0x1974900x5eec28Device independent bitmap graphic, 1920 x 1080 x 24, image size 6220800EnglishUnited States0.001010894775390625
RT_BITMAP0x7860b80x41ed8Device independent bitmap graphic, 300 x 300 x 24, image size 270000EnglishUnited States0.3934972596652348
RT_DIALOG0x1972800x204dataEnglishUnited States0.5872093023255814

Imports

DLLImport
USER32.dllwsprintfW, SystemParametersInfoW, LoadImageW, LoadBitmapW, CallNextHookEx, UnhookWindowsHookEx, SetWindowsHookExW, FindWindowA, SetWindowLongW, GetWindowLongW, SetRect, FillRect, MessageBoxA, GetClientRect, InvalidateRect, EndPaint, BeginPaint, DrawTextA, GetSystemMetrics, KillTimer, SetTimer, GetAsyncKeyState, EmptyClipboard, SetClipboardData, CloseClipboard, OpenClipboard, GetDlgItemTextA, GetDlgItem, DialogBoxParamW, SetWindowPos, SetLayeredWindowAttributes, ShowWindow, PostMessageW, DispatchMessageW, TranslateMessage, GetMessageW, MessageBoxW
GDI32.dllTextOutA, GetObjectW, SetTextColor, StretchBlt, SetBkMode, SelectObject, GetStockObject, DeleteObject, DeleteDC, CreateSolidBrush, CreateFontA, CreateCompatibleDC, CreateCompatibleBitmap, BitBlt
SHELL32.dllSHGetFolderPathA, SHGetSpecialFolderPathA
ADVAPI32.dllRegOpenKeyExW, RegDeleteKeyA, RegCreateKeyExW, RegCloseKey, RegSetValueExW
KERNEL32.dllCompareStringW, GetTimeFormatW, GetDateFormatW, FlsFree, FlsSetValue, FlsGetValue, FlsAlloc, GetCommandLineW, LCMapStringW, GetOEMCP, GetSystemInfo, HeapValidate, HeapSize, QueryPerformanceFrequency, ExitProcess, WriteConsoleW, GetModuleHandleExW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetCurrentThread, SetStdHandle, OutputDebugStringW, SetConsoleCtrlHandler, HeapReAlloc, HeapQueryInformation, GetFileSizeEx, GetStringTypeW, IsValidCodePage, GetCommandLineA, GetACP, GetStdHandle, SetFilePointerEx, GetConsoleOutputCP, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, FlushFileBuffers, GetCPInfo, GetFullPathNameW, DeleteFileW, GetFileAttributesW, SetFileAttributesW, CreateFileW, FindClose, FindFirstFileW, FindNextFileW, GetDriveTypeW, WriteFile, GetTempPathW, CloseHandle, Sleep, WaitForMultipleObjects, CreateThread, GetSystemDirectoryW, FreeResource, GetModuleFileNameA, GetModuleHandleW, LoadResource, LockResource, SizeofResource, FindResourceW, GlobalAlloc, GlobalUnlock, GlobalLock, WinExec, GetConsoleWindow, LocalFree, FormatMessageA, GetLocaleInfoEx, SetCurrentDirectoryW, GetCurrentDirectoryW, CreateDirectoryW, FindFirstFileExW, GetDiskFreeSpaceExW, GetFileAttributesExW, GetFileInformationByHandle, GetFinalPathNameByHandleW, RtlUnwind, SetFileInformationByHandle, SetFileTime, AreFileApisANSI, GetLastError, DeviceIoControl, GetProcAddress, CreateDirectoryExW, CopyFileW, MoveFileExW, CreateHardLinkW, GetFileInformationByHandleEx, CreateSymbolicLinkW, MultiByteToWideChar, WideCharToMultiByte, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, GetCurrentThreadId, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, IsDebuggerPresent, RaiseException, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, InitializeSListHead, GetStartupInfoW, HeapAlloc, HeapFree, GetProcessHeap, VirtualQuery, FreeLibrary, ReadConsoleW, RtlPcToFileHeader, RtlUnwindEx, InterlockedPushEntrySList, InterlockedFlushSList, GetModuleFileNameW, LoadLibraryExW, SetLastError, EncodePointer, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetFileType, SetEndOfFile, ReadFile, GetConsoleMode

Possible Origin

Language of compilation systemCountry where language is spokenMap
EnglishUnited States

Network Behavior

No network behavior found

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

General

Target ID:0
Start time:04:02:04
Start date:06/10/2024
Path:C:\Users\user\Desktop\CjFaGVmupj.exe
Wow64 process (32bit):false
Commandline:"C:\Users\user\Desktop\CjFaGVmupj.exe"
Imagebase:0x7ff725380000
File size:9'433'088 bytes
MD5 hash:889E6365D82A9A89B6C8C86D672B8F0C
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Has exited:false

General

Target ID:1
Start time:04:02:04
Start date:06/10/2024
Path:C:\Windows\System32\conhost.exe
Wow64 process (32bit):false
Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:0x7ff7699e0000
File size:862'208 bytes
MD5 hash:0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:false

General

Target ID:2
Start time:04:02:05
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true

General

Target ID:3
Start time:04:02:05
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:moderate
Has exited:true

General

Target ID:4
Start time:04:02:06
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true

General

Target ID:5
Start time:04:02:06
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:moderate
Has exited:true

General

Target ID:6
Start time:04:02:07
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true

General

Target ID:7
Start time:04:02:07
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:moderate
Has exited:true

General

Target ID:8
Start time:04:02:08
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):true
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x800000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true

General

Target ID:9
Start time:04:02:08
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:moderate
Has exited:true

General

Target ID:10
Start time:04:02:09
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:high
Has exited:true

General

Target ID:11
Start time:04:02:09
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:moderate
Has exited:true

General

Target ID:12
Start time:04:02:10
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:13
Start time:04:02:10
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:14
Start time:04:02:11
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:15
Start time:04:02:11
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:16
Start time:04:02:12
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:17
Start time:04:02:12
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:18
Start time:04:02:13
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:19
Start time:04:02:13
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:20
Start time:04:02:14
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:21
Start time:04:02:14
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:22
Start time:04:02:15
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:23
Start time:04:02:15
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:24
Start time:04:02:16
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:25
Start time:04:02:16
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:27
Start time:04:02:17
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:28
Start time:04:02:17
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:30
Start time:04:02:18
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:31
Start time:04:02:18
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:32
Start time:04:02:19
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:33
Start time:04:02:19
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:34
Start time:04:02:20
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:35
Start time:04:02:20
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:36
Start time:04:02:21
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:37
Start time:04:02:22
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:38
Start time:04:02:23
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:39
Start time:04:02:23
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:41
Start time:04:02:24
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:42
Start time:04:02:24
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:45
Start time:04:02:25
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:46
Start time:04:02:25
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:47
Start time:04:02:26
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:48
Start time:04:02:26
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:49
Start time:04:02:27
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:50
Start time:04:02:27
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:51
Start time:04:02:28
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:52
Start time:04:02:28
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:53
Start time:04:02:29
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:54
Start time:04:02:29
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:55
Start time:04:02:30
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7699e0000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:56
Start time:04:02:30
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:57
Start time:04:02:31
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:58
Start time:04:02:31
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:59
Start time:04:02:32
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:60
Start time:04:02:32
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:61
Start time:04:02:33
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:62
Start time:04:02:33
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff70f330000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:63
Start time:04:02:34
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:64
Start time:04:02:34
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:65
Start time:04:02:35
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:66
Start time:04:02:35
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:67
Start time:04:02:36
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:68
Start time:04:02:36
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:69
Start time:04:02:37
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:70
Start time:04:02:37
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:71
Start time:04:02:38
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:72
Start time:04:02:38
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:73
Start time:04:02:39
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:74
Start time:04:02:39
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:75
Start time:04:02:40
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:76
Start time:04:02:40
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:77
Start time:04:02:41
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:78
Start time:04:02:41
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:79
Start time:04:02:42
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:80
Start time:04:02:42
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:81
Start time:04:02:43
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:82
Start time:04:02:43
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:83
Start time:04:02:44
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:84
Start time:04:02:44
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:85
Start time:04:02:45
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:86
Start time:04:02:45
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:87
Start time:04:02:45
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:88
Start time:04:02:45
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:89
Start time:04:02:46
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:90
Start time:04:02:47
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:91
Start time:04:02:47
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:92
Start time:04:02:47
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:93
Start time:04:02:48
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:94
Start time:04:02:48
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:95
Start time:04:02:48
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:96
Start time:04:02:48
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:97
Start time:04:02:49
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:98
Start time:04:02:49
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:99
Start time:04:02:50
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:100
Start time:04:02:50
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:101
Start time:04:02:50
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:102
Start time:04:02:50
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:103
Start time:04:02:51
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:104
Start time:04:02:51
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:105
Start time:04:02:52
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:106
Start time:04:02:52
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:107
Start time:04:02:52
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:108
Start time:04:02:52
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:109
Start time:04:02:53
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:110
Start time:04:02:53
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:111
Start time:04:02:53
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:112
Start time:04:02:53
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:113
Start time:04:02:54
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:114
Start time:04:02:54
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:115
Start time:04:02:55
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:116
Start time:04:02:55
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:117
Start time:04:02:55
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:118
Start time:04:02:55
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:119
Start time:04:02:55
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:120
Start time:04:02:56
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:121
Start time:04:02:56
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:122
Start time:04:02:56
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:123
Start time:04:02:56
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:124
Start time:04:02:57
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:125
Start time:04:02:57
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:126
Start time:04:02:57
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:127
Start time:04:02:57
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:128
Start time:04:02:58
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:129
Start time:04:02:58
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:130
Start time:04:02:58
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:131
Start time:04:02:58
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:132
Start time:04:02:58
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:133
Start time:04:02:58
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:134
Start time:04:02:58
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:135
Start time:04:02:59
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:136
Start time:04:02:59
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:137
Start time:04:02:59
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:138
Start time:04:02:59
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:139
Start time:04:03:00
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:140
Start time:04:03:00
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:141
Start time:04:03:00
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:142
Start time:04:03:00
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:143
Start time:04:03:00
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:144
Start time:04:03:00
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:145
Start time:04:03:01
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:146
Start time:04:03:01
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:147
Start time:04:03:01
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:148
Start time:04:03:01
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:149
Start time:04:03:01
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:150
Start time:04:03:02
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:151
Start time:04:03:02
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:152
Start time:04:03:02
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:153
Start time:04:03:02
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:154
Start time:04:03:02
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:155
Start time:04:03:02
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:156
Start time:04:03:02
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:157
Start time:04:03:02
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:158
Start time:04:03:02
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:159
Start time:04:03:03
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:160
Start time:04:03:03
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:161
Start time:04:03:03
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:162
Start time:04:03:03
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:163
Start time:04:03:03
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:164
Start time:04:03:03
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:165
Start time:04:03:03
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:166
Start time:04:03:03
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:167
Start time:04:03:03
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:168
Start time:04:03:04
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:169
Start time:04:03:04
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:170
Start time:04:03:04
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:171
Start time:04:03:04
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:172
Start time:04:03:04
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:173
Start time:04:03:04
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:174
Start time:04:03:04
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:175
Start time:04:03:04
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:176
Start time:04:03:04
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:177
Start time:04:03:05
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:178
Start time:04:03:05
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:179
Start time:04:03:05
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:180
Start time:04:03:05
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:181
Start time:04:03:05
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:182
Start time:04:03:05
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:183
Start time:04:03:05
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:184
Start time:04:03:05
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:185
Start time:04:03:05
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:186
Start time:04:03:05
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:187
Start time:04:03:05
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:188
Start time:04:03:05
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:189
Start time:04:03:06
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:190
Start time:04:03:06
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:191
Start time:04:03:06
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:192
Start time:04:03:06
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:193
Start time:04:03:06
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:194
Start time:04:03:06
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:195
Start time:04:03:06
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:196
Start time:04:03:06
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:197
Start time:04:03:06
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:198
Start time:04:03:06
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:199
Start time:04:03:06
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:200
Start time:04:03:06
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:201
Start time:04:03:06
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:202
Start time:04:03:06
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:203
Start time:04:03:07
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:204
Start time:04:03:07
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:205
Start time:04:03:07
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:206
Start time:04:03:07
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:207
Start time:04:03:07
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:208
Start time:04:03:07
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:209
Start time:04:03:07
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:210
Start time:04:03:07
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:211
Start time:04:03:07
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:212
Start time:04:03:07
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:213
Start time:04:03:07
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:214
Start time:04:03:07
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:215
Start time:04:03:07
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:216
Start time:04:03:07
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:217
Start time:04:03:07
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:218
Start time:04:03:07
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:219
Start time:04:03:07
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:220
Start time:04:03:08
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:221
Start time:04:03:08
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:222
Start time:04:03:08
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:223
Start time:04:03:08
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:224
Start time:04:03:08
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:225
Start time:04:03:08
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:226
Start time:04:03:08
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:227
Start time:04:03:08
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:228
Start time:04:03:08
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:229
Start time:04:03:08
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:230
Start time:04:03:08
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:231
Start time:04:03:08
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:232
Start time:04:03:08
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:233
Start time:04:03:08
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:234
Start time:04:03:08
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:235
Start time:04:03:08
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:236
Start time:04:03:08
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:237
Start time:04:03:08
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:238
Start time:04:03:08
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:true

General

Target ID:239
Start time:04:03:09
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:240
Start time:04:03:09
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:241
Start time:04:03:09
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:242
Start time:04:03:09
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:243
Start time:04:03:09
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:244
Start time:04:03:09
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:245
Start time:04:03:09
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:246
Start time:04:03:09
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:247
Start time:04:03:09
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:248
Start time:04:03:09
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:249
Start time:04:03:09
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:250
Start time:04:03:09
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:251
Start time:04:03:09
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:252
Start time:04:03:09
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:253
Start time:04:03:09
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:254
Start time:04:03:09
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:255
Start time:04:03:09
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:256
Start time:04:03:09
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:257
Start time:04:03:09
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:258
Start time:04:03:09
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:259
Start time:04:03:09
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:260
Start time:04:03:09
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:261
Start time:04:03:09
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:262
Start time:04:03:09
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:263
Start time:04:03:10
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:264
Start time:04:03:10
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:265
Start time:04:03:10
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:266
Start time:04:03:10
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:267
Start time:04:03:10
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:268
Start time:04:03:10
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:269
Start time:04:03:10
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:270
Start time:04:03:10
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:271
Start time:04:03:10
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:272
Start time:04:03:10
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:273
Start time:04:03:10
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:274
Start time:04:03:10
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:275
Start time:04:03:10
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:276
Start time:04:03:10
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:277
Start time:04:03:10
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:278
Start time:04:03:10
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:279
Start time:04:03:10
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:280
Start time:04:03:10
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:281
Start time:04:03:11
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:282
Start time:04:03:11
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:283
Start time:04:03:11
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:284
Start time:04:03:11
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:285
Start time:04:03:11
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:286
Start time:04:03:11
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:287
Start time:04:03:11
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:288
Start time:04:03:11
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:289
Start time:04:03:11
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:290
Start time:04:03:11
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:291
Start time:04:03:11
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:292
Start time:04:03:11
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:293
Start time:04:03:11
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:294
Start time:04:03:11
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:295
Start time:04:03:11
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:296
Start time:04:03:11
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:297
Start time:04:03:11
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:298
Start time:04:03:11
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:299
Start time:04:03:11
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:300
Start time:04:03:11
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:301
Start time:04:03:12
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff71e800000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:302
Start time:04:03:12
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:303
Start time:04:03:12
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:304
Start time:04:03:12
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:305
Start time:04:03:12
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:306
Start time:04:03:12
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:307
Start time:04:03:12
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:308
Start time:04:03:12
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:309
Start time:04:03:12
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:310
Start time:04:03:12
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:311
Start time:04:03:12
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:312
Start time:04:03:12
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:313
Start time:04:03:12
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:314
Start time:04:03:12
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:315
Start time:04:03:12
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:316
Start time:04:03:12
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:317
Start time:04:03:12
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:318
Start time:04:03:12
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:319
Start time:04:03:12
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:320
Start time:04:03:12
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:321
Start time:04:03:12
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:322
Start time:04:03:12
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:323
Start time:04:03:12
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:324
Start time:04:03:12
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7714f0000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:325
Start time:04:03:12
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:326
Start time:04:03:12
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:327
Start time:04:03:12
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:328
Start time:04:03:12
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:329
Start time:04:03:12
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:330
Start time:04:03:12
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:331
Start time:04:03:12
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:332
Start time:04:03:12
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:333
Start time:04:03:12
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:334
Start time:04:03:13
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:335
Start time:04:03:13
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:336
Start time:04:03:13
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:337
Start time:04:03:13
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:338
Start time:04:03:13
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:339
Start time:04:03:13
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:340
Start time:04:03:13
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:341
Start time:04:03:13
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:342
Start time:04:03:13
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:343
Start time:04:03:13
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:344
Start time:04:03:13
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):true
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0xe50000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:345
Start time:04:03:13
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:346
Start time:04:03:13
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:347
Start time:04:03:13
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:348
Start time:04:03:13
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:349
Start time:04:03:13
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:350
Start time:04:03:13
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:351
Start time:04:03:13
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:352
Start time:04:03:13
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:353
Start time:04:03:13
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:354
Start time:04:03:13
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:355
Start time:04:03:13
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:356
Start time:04:03:13
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff6eef20000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:357
Start time:04:03:13
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:358
Start time:04:03:13
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:359
Start time:04:03:13
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:360
Start time:04:03:13
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:361
Start time:04:03:13
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:362
Start time:04:03:13
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:363
Start time:04:03:13
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:364
Start time:04:03:13
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff6eef20000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:365
Start time:04:03:13
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:366
Start time:04:03:13
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:367
Start time:04:03:13
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:368
Start time:04:03:13
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:369
Start time:04:03:13
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:370
Start time:04:03:13
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:371
Start time:04:03:13
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:372
Start time:04:03:13
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:373
Start time:04:03:13
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:374
Start time:04:03:13
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:375
Start time:04:03:13
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:376
Start time:04:03:13
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:377
Start time:04:03:14
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:378
Start time:04:03:14
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:379
Start time:04:03:14
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:380
Start time:04:03:14
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:381
Start time:04:03:14
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:382
Start time:04:03:14
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:383
Start time:04:03:14
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:384
Start time:04:03:14
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:385
Start time:04:03:14
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:386
Start time:04:03:14
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:387
Start time:04:03:14
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:388
Start time:04:03:14
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:389
Start time:04:03:14
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:390
Start time:04:03:14
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:391
Start time:04:03:14
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:392
Start time:04:03:14
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:393
Start time:04:03:14
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:394
Start time:04:03:14
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:395
Start time:04:03:14
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:396
Start time:04:03:14
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:397
Start time:04:03:14
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:398
Start time:04:03:14
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:399
Start time:04:03:14
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:400
Start time:04:03:14
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:401
Start time:04:03:14
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:402
Start time:04:03:14
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:403
Start time:04:03:14
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:404
Start time:04:03:14
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:405
Start time:04:03:14
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:406
Start time:04:03:14
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:407
Start time:04:03:14
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:408
Start time:04:03:14
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff68cef0000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:409
Start time:04:03:14
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:410
Start time:04:03:14
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:411
Start time:04:03:14
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:412
Start time:04:03:14
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:413
Start time:04:03:14
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:414
Start time:04:03:14
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:415
Start time:04:03:14
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:416
Start time:04:03:14
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:417
Start time:04:03:14
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:418
Start time:04:03:14
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:419
Start time:04:03:14
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:420
Start time:04:03:14
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:421
Start time:04:03:14
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:422
Start time:04:03:14
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:423
Start time:04:03:15
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:424
Start time:04:03:15
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:425
Start time:04:03:15
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:426
Start time:04:03:15
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:427
Start time:04:03:15
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:428
Start time:04:03:15
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:429
Start time:04:03:15
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:430
Start time:04:03:15
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:431
Start time:04:03:15
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:432
Start time:04:03:15
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:433
Start time:04:03:15
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:434
Start time:04:03:15
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:435
Start time:04:03:15
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:436
Start time:04:03:15
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:437
Start time:04:03:15
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:438
Start time:04:03:15
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:439
Start time:04:03:15
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:440
Start time:04:03:15
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:441
Start time:04:03:15
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:442
Start time:04:03:15
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:443
Start time:04:03:15
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:444
Start time:04:03:15
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:445
Start time:04:03:16
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:446
Start time:04:03:16
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:447
Start time:04:03:16
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:448
Start time:04:03:16
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:449
Start time:04:03:16
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:450
Start time:04:03:16
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:451
Start time:04:03:16
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:452
Start time:04:03:16
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:453
Start time:04:03:16
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:454
Start time:04:03:16
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:455
Start time:04:03:16
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:456
Start time:04:03:16
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:457
Start time:04:03:16
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:458
Start time:04:03:16
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:459
Start time:04:03:16
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:460
Start time:04:03:16
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:461
Start time:04:03:16
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:462
Start time:04:03:16
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:463
Start time:04:03:16
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:464
Start time:04:03:16
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:465
Start time:04:03:16
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:466
Start time:04:03:16
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:467
Start time:04:03:16
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:468
Start time:04:03:16
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:469
Start time:04:03:16
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:470
Start time:04:03:16
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:471
Start time:04:03:16
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:472
Start time:04:03:16
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:473
Start time:04:03:16
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:474
Start time:04:03:17
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:475
Start time:04:03:17
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:476
Start time:04:03:17
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:477
Start time:04:03:17
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:478
Start time:04:03:17
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:479
Start time:04:03:17
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:480
Start time:04:03:17
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:481
Start time:04:03:17
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:482
Start time:04:03:17
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:483
Start time:04:03:17
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:484
Start time:04:03:17
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f74b0000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:485
Start time:04:03:17
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:486
Start time:04:03:17
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:487
Start time:04:03:17
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:488
Start time:04:03:17
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:489
Start time:04:03:17
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:490
Start time:04:03:17
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:491
Start time:04:03:17
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:492
Start time:04:03:17
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff68cef0000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:493
Start time:04:03:17
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:494
Start time:04:03:17
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:495
Start time:04:03:17
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:496
Start time:04:03:17
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:497
Start time:04:03:17
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:498
Start time:04:03:17
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:499
Start time:04:03:17
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:500
Start time:04:03:17
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:501
Start time:04:03:17
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:502
Start time:04:03:17
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:503
Start time:04:03:17
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:504
Start time:04:03:17
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:505
Start time:04:03:17
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:506
Start time:04:03:17
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:507
Start time:04:03:17
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:508
Start time:04:03:17
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:509
Start time:04:03:17
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:510
Start time:04:03:17
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:511
Start time:04:03:17
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:512
Start time:04:03:17
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:513
Start time:04:03:17
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:514
Start time:04:03:17
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:515
Start time:04:03:17
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:516
Start time:04:03:17
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:517
Start time:04:03:17
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:518
Start time:04:03:17
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:519
Start time:04:03:17
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:520
Start time:04:03:17
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:521
Start time:04:03:18
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:522
Start time:04:03:18
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:523
Start time:04:03:18
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:524
Start time:04:03:18
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:525
Start time:04:03:18
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:526
Start time:04:03:18
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:527
Start time:04:03:18
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:528
Start time:04:03:18
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:529
Start time:04:03:18
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:530
Start time:04:03:18
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:531
Start time:04:03:18
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:532
Start time:04:03:18
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:533
Start time:04:03:18
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:534
Start time:04:03:18
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:535
Start time:04:03:18
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:536
Start time:04:03:18
Start date:06/10/2024
Path:C:\Windows\System32\taskkill.exe
Wow64 process (32bit):false
Commandline:taskkill /f /im mmc.exe /t
Imagebase:0x7ff7f4910000
File size:101'376 bytes
MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

General

Target ID:537
Start time:04:03:18
Start date:06/10/2024
Path:C:\Windows\System32\cmd.exe
Wow64 process (32bit):false
Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
Imagebase:0x7ff7fd420000
File size:289'792 bytes
MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Has exited:false

Disassembly

No disassembly