Windows Analysis Report
O0dZdy12ak.exe

Overview

General Information

Sample name: O0dZdy12ak.exe
renamed because original name is a hash value
Original sample name: 1363c8871061ff83ed3dd0fe025b274442d5c30898c02bdfd4981717f4f33b44.exe
Analysis ID: 1526559
MD5: 38fb9ac2e51d04182faf81afbef08ab8
SHA1: 1f325950a7a8e1a2050e954f33d2c3774510bd6e
SHA256: 1363c8871061ff83ed3dd0fe025b274442d5c30898c02bdfd4981717f4f33b44
Tags: DoubleFaceTeamexeuser-JAMESWT_MHT
Infos:

Detection

Score: 45
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Excessive usage of taskkill to terminate processes
Modifies existing user documents (likely ransomware behavior)
Checks for available system drives (often done to infect USB drives)
Creates a process in suspended mode (likely to inject code)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Sleep loop found (likely to delay execution)
Too many similar processes found
Uses 32bit PE files
Uses taskkill to terminate processes

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: O0dZdy12ak.exe ReversingLabs: Detection: 57%
Source: O0dZdy12ak.exe Virustotal: Detection: 35% Perma Link
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 99.9% probability
Uses 32bit PE files
Source: O0dZdy12ak.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Checks for available system drives (often done to infect USB drives)
Source: C:\Users\user\Desktop\O0dZdy12ak.exe File opened: z: Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe File opened: x: Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe File opened: v: Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe File opened: t: Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe File opened: r: Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe File opened: p: Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe File opened: n: Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe File opened: l: Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe File opened: j: Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe File opened: h: Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe File opened: f: Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe File opened: b: Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe File opened: y: Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe File opened: w: Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe File opened: u: Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe File opened: s: Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe File opened: q: Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe File opened: o: Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe File opened: m: Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe File opened: k: Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe File opened: i: Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe File opened: g: Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe File opened: e: Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe File opened: a: Jump to behavior
Source: O0dZdy12ak.exe, O0dZdy12ak.exe.invisible.0.dr String found in binary or memory: https://t.me/Britannique)
Source: O0dZdy12ak.exe, O0dZdy12ak.exe.invisible.0.dr String found in binary or memory: https://t.me/WalterBishop42)
Source: O0dZdy12ak.exe, O0dZdy12ak.exe.invisible.0.dr String found in binary or memory: https://t.me/doubleface_group
Source: O0dZdy12ak.exe, O0dZdy12ak.exe.invisible.0.dr String found in binary or memory: https://t.me/hackerk7)
Source: O0dZdy12ak.exe, O0dZdy12ak.exe.invisible.0.dr String found in binary or memory: https://t.me/madoneputain)
Source: O0dZdy12ak.exe, O0dZdy12ak.exe.invisible.0.dr String found in binary or memory: https://t.me/masturbateur)
Source: O0dZdy12ak.exe, O0dZdy12ak.exe.invisible.0.dr String found in binary or memory: https://t.me/moonnight_god)
Source: O0dZdy12ak.exe, O0dZdy12ak.exe.invisible.0.dr String found in binary or memory: https://t.me/shiro_SATA)
Source: O0dZdy12ak.exe, O0dZdy12ak.exe.invisible.0.dr String found in binary or memory: https://t.me/tcpsnow)
Source: O0dZdy12ak.exe, O0dZdy12ak.exe.invisible.0.dr String found in binary or memory: https://t.me/te1egram_usr)
Source: O0dZdy12ak.exe, O0dZdy12ak.exe.invisible.0.dr String found in binary or memory: https://t.me/tombezyy)
Source: O0dZdy12ak.exe, O0dZdy12ak.exe.invisible.0.dr String found in binary or memory: https://t.me/xpolarized)

Spam, unwanted Advertisements and Ransom Demands
barindex
Modifies existing user documents (likely ransomware behavior)
Source: C:\Users\user\Desktop\O0dZdy12ak.exe File deleted: C:\Users\user\Desktop\UMMBDNEQBN.xlsx Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe File deleted: C:\Users\user\Desktop\VLZDGUKUTZ\DVWHKMNFNN.png Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe File deleted: C:\Users\user\Desktop\VLZDGUKUTZ.docx Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe File deleted: C:\Users\user\Desktop\UMMBDNEQBN\ZBEDCJPBEY.mp3 Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe File deleted: C:\Users\user\Desktop\VLZDGUKUTZ\HTAGVDFUIE.jpg Jump to behavior
Too many similar processes found
Source: cmd.exe Process created: 86
Uses 32bit PE files
Source: O0dZdy12ak.exe Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TM.blf.invisible.0.dr Binary string: \Device\HarddiskVolume3\Users\user\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TM.blf
Source: classification engine Classification label: mal45.rans.evad.winEXE@332/108@0/0
Source: C:\Users\user\Desktop\O0dZdy12ak.exe File created: C:\Users\desktop.ini.invisible Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7512:120:WilError_03
Source: C:\Users\user\Desktop\O0dZdy12ak.exe File created: C:\Users\user\AppData\Local\Temp\tmp.bmp Jump to behavior
Source: O0dZdy12ak.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\SysWOW64\cmd.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\cmd.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\cmd.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\cmd.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\cmd.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\cmd.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\cmd.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\cmd.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\cmd.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Users\user\Desktop\O0dZdy12ak.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: O0dZdy12ak.exe ReversingLabs: Detection: 57%
Source: O0dZdy12ak.exe Virustotal: Detection: 35%
Source: C:\Users\user\Desktop\O0dZdy12ak.exe File read: C:\Users\user\Desktop\O0dZdy12ak.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\O0dZdy12ak.exe "C:\Users\user\Desktop\O0dZdy12ak.exe"
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: unknown unknown
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Automated click: OK
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Automated click: OK
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Automated click: OK
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Automated click: OK
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Automated click: OK
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Automated click: OK
Source: Window Recorder Window detected: More than 3 window changes detected
Source: O0dZdy12ak.exe Static file information: File size 6670336 > 1048576
Source: O0dZdy12ak.exe Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x631000
Source: O0dZdy12ak.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Window / User API: threadDelayed 560 Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Window / User API: threadDelayed 1024 Jump to behavior
Source: C:\Windows\System32\conhost.exe Window / User API: threadDelayed 406 Jump to behavior
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\O0dZdy12ak.exe TID: 7564 Thread sleep time: -66000s >= -30000s Jump to behavior
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Sleep loop found (likely to delay execution)
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Thread sleep count: Count: 1024 delay: -10 Jump to behavior
Enables debug privileges
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe Process token adjusted: Debug

HIPS / PFW / Operating System Protection Evasion
barindex
Excessive usage of taskkill to terminate processes
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Creates a process in suspended mode (likely to inject code)
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: unknown unknown
Uses taskkill to terminate processes
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Users\user\Desktop\O0dZdy12ak.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1526559 Sample: O0dZdy12ak.exe Startdate: 06/10/2024 Architecture: WINDOWS Score: 45 36 Multi AV Scanner detection for submitted file 2->36 38 AI detected suspicious sample 2->38 7 O0dZdy12ak.exe 109 2->7         started        process3 file4 34 C:\Users\user\...\O0dZdy12ak.exe.invisible, data 7->34 dropped 40 Excessive usage of taskkill to terminate processes 7->40 42 Modifies existing user documents (likely ransomware behavior) 7->42 11 cmd.exe 1 7->11         started        14 cmd.exe 7->14         started        16 cmd.exe 7->16         started        18 36 other processes 7->18 signatures5 process6 signatures7 44 Excessive usage of taskkill to terminate processes 11->44 20 taskkill.exe 1 11->20         started        22 taskkill.exe 1 14->22         started        24 taskkill.exe 1 16->24         started        26 taskkill.exe 1 18->26         started        28 taskkill.exe 1 18->28         started        30 taskkill.exe 1 18->30         started        32 31 other processes 18->32 process8
No contacted IP infos