Windows Analysis Report
2Nxwe78suT.exe

Overview

General Information

Sample name:	2Nxwe78suT.exe renamed because original name is a hash value
Original sample name:	e26db13a9660555448acb7591f382b480b0252d19e3ad6c6678ba5e1f03d6458.exe
Analysis ID:	1526560
MD5:	626fab8275d8d8e841bc9a08b208201e
SHA1:	197d5c9c5cbf53ed3e78d53a008b6ad665fa3e4c
SHA256:	e26db13a9660555448acb7591f382b480b0252d19e3ad6c6678ba5e1f03d6458
Tags:	DoubleFaceTeamexeuser-JAMESWT_MHT
Infos:

Detection

Score:	42
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

AI detected suspicious sample

Excessive usage of taskkill to terminate processes

Checks for available system drives (often done to infect USB drives)

Creates a process in suspended mode (likely to inject code)

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

May sleep (evasive loops) to hinder dynamic analysis

Sample execution stops while process was sleeping (likely an evasion)

Sleep loop found (likely to delay execution)

Too many similar processes found

Tries to resolve domain names, but no domain seems valid (expired dropper behavior)

Uses 32bit PE files

Uses taskkill to terminate processes

Classification

Signatures

AV Detection

Multi AV Scanner detection for submitted file

Source: 2Nxwe78suT.exe	ReversingLabs: Detection: 63%
Source: 2Nxwe78suT.exe	Virustotal: Detection: 68%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Uses 32bit PE files

Source: 2Nxwe78suT.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Checks for available system drives (often done to infect USB drives)

Source: C:\Users\user\Desktop\2Nxwe78suT.exe	File opened: z:	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	File opened: x:	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	File opened: v:	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	File opened: t:	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	File opened: r:	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	File opened: p:	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	File opened: n:	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	File opened: l:	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	File opened: j:	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	File opened: h:	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	File opened: f:	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	File opened: b:	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	File opened: y:	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	File opened: w:	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	File opened: u:	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	File opened: s:	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	File opened: q:	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	File opened: o:	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	File opened: m:	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	File opened: k:	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	File opened: i:	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	File opened: g:	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	File opened: e:	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	File opened: a:	Jump to behavior

Tries to resolve domain names, but no domain seems valid (expired dropper behavior)

Source: unknown

DNS traffic detected: query: 206.23.85.13.in-addr.arpa replaycode: Name error (3)

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: 206.23.85.13.in-addr.arpa

Source: 2Nxwe78suT.exe	String found in binary or memory: https://t.me/Britannique)
Source: 2Nxwe78suT.exe	String found in binary or memory: https://t.me/WalterBishop42)
Source: 2Nxwe78suT.exe	String found in binary or memory: https://t.me/doubleface_group
Source: 2Nxwe78suT.exe	String found in binary or memory: https://t.me/madoneputain)
Source: 2Nxwe78suT.exe	String found in binary or memory: https://t.me/masturbateur)
Source: 2Nxwe78suT.exe	String found in binary or memory: https://t.me/moonnight_god)
Source: 2Nxwe78suT.exe	String found in binary or memory: https://t.me/shiro_SATA)
Source: 2Nxwe78suT.exe	String found in binary or memory: https://t.me/tcpsnow)
Source: 2Nxwe78suT.exe	String found in binary or memory: https://t.me/te1egram_usr)
Source: 2Nxwe78suT.exe	String found in binary or memory: https://t.me/tombezyy)
Source: 2Nxwe78suT.exe	String found in binary or memory: https://t.me/xpolarized)

Too many similar processes found

Source: cmd.exe

Process created: 75

Uses 32bit PE files

Source: 2Nxwe78suT.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: mal42.evad.winEXE@361/2@1/0

Source: C:\Users\user\Desktop\2Nxwe78suT.exe

File created: C:\Users\user\AppData\Roaming\time.dat

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4448:120:WilError_03

Source: C:\Users\user\Desktop\2Nxwe78suT.exe

File created: C:\Users\user\AppData\Local\Temp\tmp.bmp

Jump to behavior

Source: 2Nxwe78suT.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process

Source: C:\Users\user\Desktop\2Nxwe78suT.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: 2Nxwe78suT.exe	ReversingLabs: Detection: 63%
Source: 2Nxwe78suT.exe	Virustotal: Detection: 68%

Source: unknown	Process created: C:\Users\user\Desktop\2Nxwe78suT.exe "C:\Users\user\Desktop\2Nxwe78suT.exe"
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll

Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Automated click: OK
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Automated click: OK
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Automated click: OK
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Automated click: OK
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Automated click: OK
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Automated click: OK
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Automated click: OK

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: 2Nxwe78suT.exe

Static file information: File size 6663168 > 1048576

Source: 2Nxwe78suT.exe

Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x631000

Source: 2Nxwe78suT.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Window / User API: threadDelayed 391	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Window / User API: threadDelayed 1144	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Window / User API: threadDelayed 392	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Window / User API: threadDelayed 962	Jump to behavior

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\2Nxwe78suT.exe TID: 6416

Thread sleep time: -98000s >= -30000s

Jump to behavior

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Sleep loop found (likely to delay execution)

Source: C:\Users\user\Desktop\2Nxwe78suT.exe

Thread sleep count: Count: 1144 delay: -10

Jump to behavior

Enables debug privileges

Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug

HIPS / PFW / Operating System Protection Evasion

Excessive usage of taskkill to terminate processes

Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t

Creates a process in suspended mode (likely to inject code)

Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: unknown unknown

Uses taskkill to terminate processes

Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

Contacted Domains

Name	IP	Active
206.23.85.13.in-addr.arpa	unknown	unknown

AV Detection

Multi AV Scanner detection for submitted file

Source: 2Nxwe78suT.exe	ReversingLabs: Detection: 63%
Source: 2Nxwe78suT.exe	Virustotal: Detection: 68%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Uses 32bit PE files

Source: 2Nxwe78suT.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Checks for available system drives (often done to infect USB drives)

Source: C:\Users\user\Desktop\2Nxwe78suT.exe	File opened: z:	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	File opened: x:	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	File opened: v:	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	File opened: t:	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	File opened: r:	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	File opened: p:	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	File opened: n:	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	File opened: l:	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	File opened: j:	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	File opened: h:	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	File opened: f:	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	File opened: b:	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	File opened: y:	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	File opened: w:	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	File opened: u:	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	File opened: s:	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	File opened: q:	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	File opened: o:	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	File opened: m:	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	File opened: k:	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	File opened: i:	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	File opened: g:	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	File opened: e:	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	File opened: a:	Jump to behavior

Tries to resolve domain names, but no domain seems valid (expired dropper behavior)

Source: unknown

DNS traffic detected: query: 206.23.85.13.in-addr.arpa replaycode: Name error (3)

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: 206.23.85.13.in-addr.arpa

Source: 2Nxwe78suT.exe	String found in binary or memory: https://t.me/Britannique)
Source: 2Nxwe78suT.exe	String found in binary or memory: https://t.me/WalterBishop42)
Source: 2Nxwe78suT.exe	String found in binary or memory: https://t.me/doubleface_group
Source: 2Nxwe78suT.exe	String found in binary or memory: https://t.me/madoneputain)
Source: 2Nxwe78suT.exe	String found in binary or memory: https://t.me/masturbateur)
Source: 2Nxwe78suT.exe	String found in binary or memory: https://t.me/moonnight_god)
Source: 2Nxwe78suT.exe	String found in binary or memory: https://t.me/shiro_SATA)
Source: 2Nxwe78suT.exe	String found in binary or memory: https://t.me/tcpsnow)
Source: 2Nxwe78suT.exe	String found in binary or memory: https://t.me/te1egram_usr)
Source: 2Nxwe78suT.exe	String found in binary or memory: https://t.me/tombezyy)
Source: 2Nxwe78suT.exe	String found in binary or memory: https://t.me/xpolarized)

Too many similar processes found

Source: cmd.exe

Process created: 75

Uses 32bit PE files

Source: 2Nxwe78suT.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: classification engine

Classification label: mal42.evad.winEXE@361/2@1/0

Source: C:\Users\user\Desktop\2Nxwe78suT.exe

File created: C:\Users\user\AppData\Roaming\time.dat

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4448:120:WilError_03

Source: C:\Users\user\Desktop\2Nxwe78suT.exe

File created: C:\Users\user\AppData\Local\Temp\tmp.bmp

Jump to behavior

Source: 2Nxwe78suT.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\cmd.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process

Source: C:\Users\user\Desktop\2Nxwe78suT.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: 2Nxwe78suT.exe	ReversingLabs: Detection: 63%
Source: 2Nxwe78suT.exe	Virustotal: Detection: 68%

Source: unknown	Process created: C:\Users\user\Desktop\2Nxwe78suT.exe "C:\Users\user\Desktop\2Nxwe78suT.exe"
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll

Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Automated click: OK
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Automated click: OK
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Automated click: OK
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Automated click: OK
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Automated click: OK
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Automated click: OK
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Automated click: OK

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: 2Nxwe78suT.exe

Static file information: File size 6663168 > 1048576

Source: 2Nxwe78suT.exe

Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x631000

Source: 2Nxwe78suT.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Window / User API: threadDelayed 391	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Window / User API: threadDelayed 1144	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Window / User API: threadDelayed 392	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Window / User API: threadDelayed 962	Jump to behavior

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\2Nxwe78suT.exe TID: 6416

Thread sleep time: -98000s >= -30000s

Jump to behavior

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Sleep loop found (likely to delay execution)

Source: C:\Users\user\Desktop\2Nxwe78suT.exe

Thread sleep count: Count: 1144 delay: -10

Jump to behavior

Enables debug privileges

Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exe	Process token adjusted: Debug

HIPS / PFW / Operating System Protection Evasion

Excessive usage of taskkill to terminate processes

Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t

Creates a process in suspended mode (likely to inject code)

Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: unknown unknown

Uses taskkill to terminate processes

Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t

ID:	1526560
Product:	CloudBasic
Start time:	10:08:08
Start date:	06.10.2024
Sample:	2Nxwe78suT.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	626fab8275d8d8e841bc9a08b208201e
SHA1:	197d5c9c5cbf53ed3e78d53a008b6ad665fa3e4c
SHA256:	e26db13a9660555448acb7591f382b480b0252d19e3ad6c6678ba5e1f03d6458
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Temp\tmp.bmp	PC bitmap, Windows 3.x format, 1920 x 1080 x 24, image size 6220800, cbSize 6220854, bits offset 54	C09F3B2A45D2AFAF362AB1B4B488EC29	C20661F43F785B8AEAB34BFE01D89774CC04B1F9	154D1781B19070885989F92C1F77086E2E06DB413EA95E1884BE39570B80343C
C:\Users\user\AppData\Roaming\time.dat	ASCII text, with no line terminators	7D98BE1C09B996520B55639DBB338345	490E84D62598EAC54B03233BF6C102866729566F	FA02750BF6F9EB536FBBEADE8FE7BBC22648F59DABE562A4E32B8A58C4D3D1FF

Windows Analysis Report
2Nxwe78suT.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Spreading

Networking

DDoS

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Screenshots

Behavior Graph

Network Map

Contacted Domains

Windows Analysis Report 2Nxwe78suT.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Spreading

Networking

DDoS

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Screenshots

Behavior Graph

Network Map

Contacted Domains

Windows Analysis Report
2Nxwe78suT.exe