Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
2Nxwe78suT.exe

Overview

General Information

Sample name:2Nxwe78suT.exe
renamed because original name is a hash value
Original sample name:e26db13a9660555448acb7591f382b480b0252d19e3ad6c6678ba5e1f03d6458.exe
Analysis ID:1526560
MD5:626fab8275d8d8e841bc9a08b208201e
SHA1:197d5c9c5cbf53ed3e78d53a008b6ad665fa3e4c
SHA256:e26db13a9660555448acb7591f382b480b0252d19e3ad6c6678ba5e1f03d6458
Tags:DoubleFaceTeamexeuser-JAMESWT_MHT
Infos:

Detection

Score:42
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Excessive usage of taskkill to terminate processes
Checks for available system drives (often done to infect USB drives)
Creates a process in suspended mode (likely to inject code)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Sleep loop found (likely to delay execution)
Too many similar processes found
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Uses 32bit PE files
Uses taskkill to terminate processes

Classification

Process Tree

  • System is w10x64
  • 2Nxwe78suT.exe (PID: 5836 cmdline: "C:\Users\user\Desktop\2Nxwe78suT.exe" MD5: 626FAB8275D8D8E841BC9A08B208201E)
    • conhost.exe (PID: 4448 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 5688 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • taskkill.exe (PID: 1532 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 7120 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • taskkill.exe (PID: 6976 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 3872 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • taskkill.exe (PID: 6404 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 3176 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • taskkill.exe (PID: 5532 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 5636 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • taskkill.exe (PID: 5260 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 2132 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • taskkill.exe (PID: 6768 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 5560 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • taskkill.exe (PID: 1476 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 5688 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • taskkill.exe (PID: 3424 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 6596 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • taskkill.exe (PID: 6548 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 7064 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • taskkill.exe (PID: 3292 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 744 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • taskkill.exe (PID: 3116 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 5260 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • taskkill.exe (PID: 5636 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 1276 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • taskkill.exe (PID: 2132 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 4768 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • taskkill.exe (PID: 3424 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 2752 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • taskkill.exe (PID: 5532 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 3116 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • taskkill.exe (PID: 744 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 3652 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • taskkill.exe (PID: 3680 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 6472 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • taskkill.exe (PID: 5768 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 2200 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • taskkill.exe (PID: 6020 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 7156 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • taskkill.exe (PID: 5632 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 5240 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • taskkill.exe (PID: 1576 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 3996 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • taskkill.exe (PID: 5456 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 3528 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • taskkill.exe (PID: 2300 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 2968 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • taskkill.exe (PID: 1644 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 3652 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • taskkill.exe (PID: 5248 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 6472 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • taskkill.exe (PID: 5276 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 4072 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • taskkill.exe (PID: 4476 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 6976 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • taskkill.exe (PID: 1524 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 7064 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • taskkill.exe (PID: 5380 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 5456 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • taskkill.exe (PID: 3996 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 2284 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • taskkill.exe (PID: 3680 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 3176 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • taskkill.exe (PID: 1276 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 3652 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • taskkill.exe (PID: 4292 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 4396 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • taskkill.exe (PID: 4512 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 5776 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • taskkill.exe (PID: 6164 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 6348 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • taskkill.exe (PID: 4424 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 3504 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • taskkill.exe (PID: 3596 cmdline: taskkill /f /im mmc.exe /t MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
    • cmd.exe (PID: 3560 cmdline: cmd.exe /c taskkill /f /im mmc.exe /t MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: 2Nxwe78suT.exeReversingLabs: Detection: 63%
Source: 2Nxwe78suT.exeVirustotal: Detection: 68%Perma Link
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Source: 2Nxwe78suT.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: C:\Users\user\Desktop\2Nxwe78suT.exeFile opened: z:Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeFile opened: x:Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeFile opened: v:Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeFile opened: t:Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeFile opened: r:Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeFile opened: p:Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeFile opened: n:Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeFile opened: l:Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeFile opened: j:Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeFile opened: h:Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeFile opened: f:Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeFile opened: b:Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeFile opened: y:Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeFile opened: w:Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeFile opened: u:Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeFile opened: s:Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeFile opened: q:Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeFile opened: o:Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeFile opened: m:Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeFile opened: k:Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeFile opened: i:Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeFile opened: g:Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeFile opened: e:Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeFile opened: a:Jump to behavior
Source: unknownDNS traffic detected: query: 206.23.85.13.in-addr.arpa replaycode: Name error (3)
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: 206.23.85.13.in-addr.arpa
Source: 2Nxwe78suT.exeString found in binary or memory: https://t.me/Britannique)
Source: 2Nxwe78suT.exeString found in binary or memory: https://t.me/WalterBishop42)
Source: 2Nxwe78suT.exeString found in binary or memory: https://t.me/doubleface_group
Source: 2Nxwe78suT.exeString found in binary or memory: https://t.me/madoneputain)
Source: 2Nxwe78suT.exeString found in binary or memory: https://t.me/masturbateur)
Source: 2Nxwe78suT.exeString found in binary or memory: https://t.me/moonnight_god)
Source: 2Nxwe78suT.exeString found in binary or memory: https://t.me/shiro_SATA)
Source: 2Nxwe78suT.exeString found in binary or memory: https://t.me/tcpsnow)
Source: 2Nxwe78suT.exeString found in binary or memory: https://t.me/te1egram_usr)
Source: 2Nxwe78suT.exeString found in binary or memory: https://t.me/tombezyy)
Source: 2Nxwe78suT.exeString found in binary or memory: https://t.me/xpolarized)
Source: cmd.exeProcess created: 75
Source: 2Nxwe78suT.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engineClassification label: mal42.evad.winEXE@361/2@1/0
Source: C:\Users\user\Desktop\2Nxwe78suT.exeFile created: C:\Users\user\AppData\Roaming\time.datJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4448:120:WilError_03
Source: C:\Users\user\Desktop\2Nxwe78suT.exeFile created: C:\Users\user\AppData\Local\Temp\tmp.bmpJump to behavior
Source: 2Nxwe78suT.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\cmd.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Users\user\Desktop\2Nxwe78suT.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: 2Nxwe78suT.exeReversingLabs: Detection: 63%
Source: 2Nxwe78suT.exeVirustotal: Detection: 68%
Source: unknownProcess created: C:\Users\user\Desktop\2Nxwe78suT.exe "C:\Users\user\Desktop\2Nxwe78suT.exe"
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /t
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknown
Source: C:\Users\user\Desktop\2Nxwe78suT.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dll
Source: C:\Users\user\Desktop\2Nxwe78suT.exeAutomated click: OK
Source: C:\Users\user\Desktop\2Nxwe78suT.exeAutomated click: OK
Source: C:\Users\user\Desktop\2Nxwe78suT.exeAutomated click: OK
Source: C:\Users\user\Desktop\2Nxwe78suT.exeAutomated click: OK
Source: C:\Users\user\Desktop\2Nxwe78suT.exeAutomated click: OK
Source: C:\Users\user\Desktop\2Nxwe78suT.exeAutomated click: OK
Source: C:\Users\user\Desktop\2Nxwe78suT.exeAutomated click: OK
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: 2Nxwe78suT.exeStatic file information: File size 6663168 > 1048576
Source: 2Nxwe78suT.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x631000
Source: 2Nxwe78suT.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\2Nxwe78suT.exeWindow / User API: threadDelayed 391Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeWindow / User API: threadDelayed 1144Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeWindow / User API: threadDelayed 392Jump to behavior
Source: C:\Windows\System32\conhost.exeWindow / User API: threadDelayed 962Jump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exe TID: 6416Thread sleep time: -98000s >= -30000sJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\2Nxwe78suT.exeThread sleep count: Count: 1144 delay: -10Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: Debug

HIPS / PFW / Operating System Protection Evasion

barindex
Excessive usage of taskkill to terminate processes
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknown
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Users\user\Desktop\2Nxwe78suT.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /tJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im mmc.exe /t

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Replication Through Removable Media		1
Windows Management Instrumentation		1
DLL Side-Loading		11
Process Injection		1
Masquerading		OS Credential Dumping2
Virtualization/Sandbox Evasion		Remote ServicesData from Local System1
Non-Application Layer Protocol		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		11
Disable or Modify Tools		LSASS Memory1
Application Window Discovery		Remote Desktop ProtocolData from Removable Media1
Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
Virtualization/Sandbox Evasion		Security Account Manager11
Peripheral Device Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
Process Injection		NTDS2
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1526560 Sample: 2Nxwe78suT.exe Startdate: 06/10/2024 Architecture: WINDOWS Score: 42 34 206.23.85.13.in-addr.arpa 2->34 36 Multi AV Scanner detection for submitted file 2->36 38 AI detected suspicious sample 2->38 8 2Nxwe78suT.exe 3 2->8         started        signatures3 process4 signatures5 40 Excessive usage of taskkill to terminate processes 8->40 11 cmd.exe 1 8->11         started        14 cmd.exe 1 8->14         started        16 cmd.exe 1 8->16         started        18 36 other processes 8->18 process6 signatures7 42 Excessive usage of taskkill to terminate processes 11->42 20 taskkill.exe 1 11->20         started        22 taskkill.exe 1 14->22         started        24 taskkill.exe 1 16->24         started        26 taskkill.exe 1 18->26         started        28 taskkill.exe 1 18->28         started        30 taskkill.exe 1 18->30         started        32 31 other processes 18->32 process8

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
2Nxwe78suT.exe63%ReversingLabsWin32.Ransomware.Doubleface
2Nxwe78suT.exe68%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
206.23.85.13.in-addr.arpa1%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
https://t.me/doubleface_group0%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
206.23.85.13.in-addr.arpa
unknown
unknownfalseunknown

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://t.me/shiro_SATA)2Nxwe78suT.exefalse
    		unknown
    https://t.me/WalterBishop42)2Nxwe78suT.exefalse
      		unknown
      https://t.me/madoneputain)2Nxwe78suT.exefalse
        		unknown
        https://t.me/moonnight_god)2Nxwe78suT.exefalse
          		unknown
          https://t.me/Britannique)2Nxwe78suT.exefalse
            		unknown
            https://t.me/te1egram_usr)2Nxwe78suT.exefalse
              		unknown
              https://t.me/doubleface_group2Nxwe78suT.exefalseunknown
              https://t.me/masturbateur)2Nxwe78suT.exefalse
                		unknown
                https://t.me/tcpsnow)2Nxwe78suT.exefalse
                  		unknown
                  https://t.me/tombezyy)2Nxwe78suT.exefalse
                    		unknown

                    World Map of Contacted IPs

                    No contacted IP infos

                    General Information

                    Joe Sandbox version:41.0.0 Charoite
                    Analysis ID:1526560
                    Start date and time:2024-10-06 10:08:08 +02:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 6m 7s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:79
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Sample name:2Nxwe78suT.exe
                    renamed because original name is a hash value
                    Original Sample Name:e26db13a9660555448acb7591f382b480b0252d19e3ad6c6678ba5e1f03d6458.exe
                    Detection:MAL
                    Classification:mal42.evad.winEXE@361/2@1/0
                    EGA Information:Failed
                    HCA Information:
                    • Successful, ratio: 100%
                    • Number of executed functions: 0
                    • Number of non-executed functions: 0
                    Cookbook Comments:
                    • Found application associated with file extension: .exe

                    Warnings

                    • Connection to analysis system has been lost, crash info: Unknown
                    • Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe
                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size exceeded maximum capacity and may have missing behavior information.
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.
                    • Report size getting too big, too many NtWriteVirtualMemory calls found.

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    04:09:33API Interceptor222x Sleep call for process: 2Nxwe78suT.exe modified

                    Joe Sandbox View / Context

                    IPs

                    No context

                    Domains

                    No context

                    ASNs

                    No context

                    JA3 Fingerprints

                    No context

                    Dropped Files

                    No context

                    Created / dropped Files

                    C:\Users\user\AppData\Local\Temp\tmp.bmp

                    Download File
                    Process:C:\Users\user\Desktop\2Nxwe78suT.exe
                    File Type:PC bitmap, Windows 3.x format, 1920 x 1080 x 24, image size 6220800, cbSize 6220854, bits offset 54
                    Category:dropped
                    Size (bytes):6220854
                    Entropy (8bit):0.023659002560192918
                    Encrypted:false
                    SSDEEP:768:1MJWWWWW19999999999999TsDFo99999999999990:1MJWWWWWUDFt
                    MD5:C09F3B2A45D2AFAF362AB1B4B488EC29
                    SHA1:C20661F43F785B8AEAB34BFE01D89774CC04B1F9
                    SHA-256:154D1781B19070885989F92C1F77086E2E06DB413EA95E1884BE39570B80343C
                    SHA-512:052F198462CFBDDBA68CAEC31AC7A4372AFD8808E97A4D22D6C8C9D80B80E14CAAB43E81307036842B80CCBB16B3B8881164BC0F4D9FEC5A5442CBC832E94383
                    Malicious:false
                    Preview:BM6.^.....6...(.......8.............^...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Roaming\time.dat

                    Download File
                    Process:C:\Users\user\Desktop\2Nxwe78suT.exe
                    File Type:ASCII text, with no line terminators
                    Category:modified
                    Size (bytes):5
                    Entropy (8bit):1.9219280948873623
                    Encrypted:false
                    SSDEEP:3:LW:i
                    MD5:7D98BE1C09B996520B55639DBB338345
                    SHA1:490E84D62598EAC54B03233BF6C102866729566F
                    SHA-256:FA02750BF6F9EB536FBBEADE8FE7BBC22648F59DABE562A4E32B8A58C4D3D1FF
                    SHA-512:B4CEB88DAA004100C2AA0A431B407DAD334233623668D7D766EE352C34EC2EAB86524458CD7BCAC1835FB1FBAC73B15CD9471CB4612EA7BE5C023E241BF7A9FD
                    Malicious:false
                    Preview:17933

                    Static File Info

                    General

                    File type:PE32 executable (console) Intel 80386, for MS Windows
                    Entropy (8bit):0.7157675044601124
                    TrID:
                    • Win32 Executable (generic) a (10002005/4) 99.96%
                    • Generic Win/DOS Executable (2004/3) 0.02%
                    • DOS Executable Generic (2002/1) 0.02%
                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                    File name:2Nxwe78suT.exe
                    File size:6'663'168 bytes
                    MD5:626fab8275d8d8e841bc9a08b208201e
                    SHA1:197d5c9c5cbf53ed3e78d53a008b6ad665fa3e4c
                    SHA256:e26db13a9660555448acb7591f382b480b0252d19e3ad6c6678ba5e1f03d6458
                    SHA512:e106cf78731d9a8e75b5e76ecf881bb12262f13b05b805e89f3bede061a4a1ebb738d7a7631fb51801d95717ca34dabb12f7ed4826e6812ceadb0bad98fcb0d0
                    SSDEEP:6144:o3j7hJkMepmEfZsVOM7pNbDMuoKJ+QtDeQYizHMTlaw81FRx3JmfBcOmg:o3nkMS2R6RdQtzH8lhwFbZgaOm
                    TLSH:9266C44162E07B61D16B5135CECCA6FC5C9B2C901E73FDDB29893A394AF8390E738919
                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...................................?...........................]r......]r......]r......mq......mqq.....mq......Rich...................

                    File Icon

                    Icon Hash:00928e8e8686b000

                    Static PE Info

                    General

                    Entrypoint:0x401367
                    Entrypoint Section:.text
                    Digitally signed:false
                    Imagebase:0x400000
                    Subsystem:windows cui
                    Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                    DLL Characteristics:TERMINAL_SERVER_AWARE
                    Time Stamp:0x66B0FAC2 [Mon Aug 5 16:16:02 2024 UTC]
                    TLS Callbacks:
                    CLR (.Net) Version:
                    OS Version Major:6
                    OS Version Minor:0
                    File Version Major:6
                    File Version Minor:0
                    Subsystem Version Major:6
                    Subsystem Version Minor:0
                    Import Hash:51ff6eea1c2dfc853310904ce154f487

                    Entrypoint Preview

                    Instruction
                    call 00007F940CDBED6Dh
                    jmp 00007F940CDBE909h
                    jmp 00007F940CDC8B91h
                    push ebp
                    mov ebp, esp
                    jmp 00007F940CDBEA9Fh
                    push dword ptr [ebp+08h]
                    call 00007F940CDCA6B6h
                    pop ecx
                    test eax, eax
                    je 00007F940CDBEAA1h
                    push dword ptr [ebp+08h]
                    call 00007F940CDC8B61h
                    pop ecx
                    test eax, eax
                    je 00007F940CDBEA78h
                    pop ebp
                    ret
                    cmp dword ptr [ebp+08h], FFFFFFFFh
                    je 00007F940CDBF157h
                    jmp 00007F940CDBF134h
                    push ebp
                    mov ebp, esp
                    mov eax, dword ptr [ebp+08h]
                    push esi
                    mov ecx, dword ptr [eax+3Ch]
                    add ecx, eax
                    movzx eax, word ptr [ecx+14h]
                    lea edx, dword ptr [ecx+18h]
                    add edx, eax
                    movzx eax, word ptr [ecx+06h]
                    imul esi, eax, 28h
                    add esi, edx
                    cmp edx, esi
                    je 00007F940CDBEAABh
                    mov ecx, dword ptr [ebp+0Ch]
                    cmp ecx, dword ptr [edx+0Ch]
                    jc 00007F940CDBEA9Ch
                    mov eax, dword ptr [edx+08h]
                    add eax, dword ptr [edx+0Ch]
                    cmp ecx, eax
                    jc 00007F940CDBEA9Eh
                    add edx, 28h
                    cmp edx, esi
                    jne 00007F940CDBEA7Ch
                    xor eax, eax
                    pop esi
                    pop ebp
                    ret
                    mov eax, edx
                    jmp 00007F940CDBEA8Bh
                    push esi
                    call 00007F940CDBF305h
                    test eax, eax
                    je 00007F940CDBEAB2h
                    mov eax, dword ptr fs:[00000018h]
                    mov esi, 0042AB84h
                    mov edx, dword ptr [eax+04h]
                    jmp 00007F940CDBEA96h
                    cmp edx, eax
                    je 00007F940CDBEAA2h
                    xor eax, eax
                    mov ecx, edx
                    lock cmpxchg dword ptr [esi], ecx
                    test eax, eax
                    jne 00007F940CDBEA82h
                    xor al, al
                    pop esi
                    ret
                    mov al, 01h
                    pop esi
                    ret
                    push ebp
                    mov ebp, esp
                    cmp dword ptr [ebp+08h], 00000000h
                    jne 00007F940CDBEA99h
                    mov byte ptr [0042AB88h], 00000001h
                    call 00007F940CDBF0F0h

                    Data Directories

                    NameVirtual AddressVirtual Size Is in Section
                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IMPORT0x2810c0x64.rdata
                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x300000x630e40.rsrc
                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                    IMAGE_DIRECTORY_ENTRY_DEBUG0x271600x38.rdata
                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x270a00x40.rdata
                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IAT0x210000x22c.rdata
                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                    Sections

                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                    .text0x10000x1fcdc0x1fe0091e8d114dde2a1fa5dd992232fd413d8False0.5609145220588235COM executable for DOS6.641181465762842IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    .rdata0x210000x7cf80x7e002822e17149dba8b6e68d2a2ab8fa88a6False0.470734126984127data5.1988050149092455IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                    .data0x290000x609c0x1c00b961ca0002e8b48cbc78a78d693121bbFalse0.4478236607142857DOS executable (block device driver)4.5779258901269095IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                    .rsrc0x300000x630e400x63100066aa824f35f1f113de18d93d3d9c75e3unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                    Resources

                    NameRVASizeTypeLanguageCountryZLIB Complexity
                    AFX_DIALOG_LAYOUT0x303380x2dataEnglishUnited States5.0
                    RT_BITMAP0x303400x5eec28Device independent bitmap graphic, 1920 x 1080 x 24, image size 6220800EnglishUnited States0.001010894775390625
                    RT_BITMAP0x61ef680x41ed8Device independent bitmap graphic, 300 x 300 x 24, image size 270000EnglishUnited States0.3934972596652348
                    RT_DIALOG0x301400x1f4dataEnglishUnited States0.58

                    Imports

                    DLLImport
                    USER32.dllEndPaint, GetWindowLongW, PostMessageW, SetWindowPos, FillRect, GetSystemMetrics, ShowWindow, OpenClipboard, GetDlgItemTextA, SetTimer, DrawTextA, CloseClipboard, EmptyClipboard, MessageBoxA, LoadBitmapW, SetLayeredWindowAttributes, SetClipboardData, wsprintfW, SetWindowLongW, GetClientRect, GetDlgItem, SetRect, KillTimer, SystemParametersInfoW, DialogBoxParamW, FindWindowA, LoadImageW, InvalidateRect, BeginPaint, MessageBoxW
                    GDI32.dllBitBlt, CreateCompatibleBitmap, CreateFontA, SelectObject, CreateCompatibleDC, StretchBlt, GetStockObject, DeleteDC, SetTextColor, TextOutA, SetBkMode, GetObjectW, DeleteObject, CreateSolidBrush
                    SHELL32.dllSHGetFolderPathA
                    KERNEL32.dllFindFirstFileExW, GetFileSizeEx, WideCharToMultiByte, MultiByteToWideChar, IsValidCodePage, LCMapStringW, CompareStringW, HeapFree, HeapAlloc, GetACP, GetOEMCP, GetCPInfo, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, GetStringTypeW, GetProcessHeap, FlushFileBuffers, WriteConsoleW, HeapSize, HeapReAlloc, GetCurrentProcessId, SetStdHandle, GetCommandLineW, GetFileAttributesW, DeleteFileW, SizeofResource, FindFirstFileW, FindNextFileW, WriteFile, WaitForMultipleObjects, GetTempPathW, FindClose, CreateFileW, GetSystemDirectoryW, FreeResource, Sleep, LockResource, GlobalAlloc, CloseHandle, CreateThread, LoadResource, FindResourceW, GlobalLock, GetModuleHandleW, GetConsoleWindow, WinExec, GlobalUnlock, GetDriveTypeW, QueryPerformanceCounter, DecodePointer, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, IsProcessorFeaturePresent, GetCurrentProcess, TerminateProcess, GetCommandLineA, RaiseException, RtlUnwind, GetLastError, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, EncodePointer, SetEndOfFile, SetFilePointerEx, ReadFile, GetConsoleMode, ReadConsoleW, GetFileType, GetConsoleOutputCP, ExitProcess, GetModuleHandleExW, QueryPerformanceFrequency, GetStdHandle, GetModuleFileNameW

                    Possible Origin

                    Language of compilation systemCountry where language is spokenMap
                    EnglishUnited States

                    Network Behavior

                    Network Port Distribution

                    UDP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Oct 6, 2024 10:09:30.390465975 CEST5351582162.159.36.2192.168.2.5
                    Oct 6, 2024 10:09:30.853179932 CEST5623853192.168.2.51.1.1.1
                    Oct 6, 2024 10:09:30.862533092 CEST53562381.1.1.1192.168.2.5

                    DNS Queries

                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                    Oct 6, 2024 10:09:30.853179932 CEST192.168.2.51.1.1.10x8d09Standard query (0)206.23.85.13.in-addr.arpaPTR (Pointer record)IN (0x0001)false

                    DNS Answers

                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                    Oct 6, 2024 10:09:30.862533092 CEST1.1.1.1192.168.2.50x8d09Name error (3)206.23.85.13.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false

                    Statistics

                    CPU Usage

                    Click to jump to process

                    Memory Usage

                    Click to jump to process

                    Behavior

                    Click to jump to process

                    System Behavior

                    General

                    Target ID:0
                    Start time:04:08:59
                    Start date:06/10/2024
                    Path:C:\Users\user\Desktop\2Nxwe78suT.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Users\user\Desktop\2Nxwe78suT.exe"
                    Imagebase:0x400000
                    File size:6'663'168 bytes
                    MD5 hash:626FAB8275D8D8E841BC9A08B208201E
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:low
                    Has exited:false

                    General

                    Target ID:1
                    Start time:04:08:59
                    Start date:06/10/2024
                    Path:C:\Windows\System32\conhost.exe
                    Wow64 process (32bit):false
                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Imagebase:0x7ff6d64d0000
                    File size:862'208 bytes
                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:false

                    General

                    Target ID:3
                    Start time:04:09:00
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\cmd.exe
                    Wow64 process (32bit):true
                    Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
                    Imagebase:0x790000
                    File size:236'544 bytes
                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    General

                    Target ID:4
                    Start time:04:09:00
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\taskkill.exe
                    Wow64 process (32bit):true
                    Commandline:taskkill /f /im mmc.exe /t
                    Imagebase:0x8c0000
                    File size:74'240 bytes
                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    General

                    Target ID:5
                    Start time:04:09:01
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\cmd.exe
                    Wow64 process (32bit):true
                    Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
                    Imagebase:0x790000
                    File size:236'544 bytes
                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    General

                    Target ID:6
                    Start time:04:09:01
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\taskkill.exe
                    Wow64 process (32bit):true
                    Commandline:taskkill /f /im mmc.exe /t
                    Imagebase:0x8c0000
                    File size:74'240 bytes
                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    General

                    Target ID:7
                    Start time:04:09:02
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\cmd.exe
                    Wow64 process (32bit):true
                    Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
                    Imagebase:0x790000
                    File size:236'544 bytes
                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    General

                    Target ID:8
                    Start time:04:09:02
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\taskkill.exe
                    Wow64 process (32bit):true
                    Commandline:taskkill /f /im mmc.exe /t
                    Imagebase:0x8c0000
                    File size:74'240 bytes
                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    General

                    Target ID:9
                    Start time:04:09:03
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\cmd.exe
                    Wow64 process (32bit):true
                    Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
                    Imagebase:0x790000
                    File size:236'544 bytes
                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    General

                    Target ID:10
                    Start time:04:09:03
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\taskkill.exe
                    Wow64 process (32bit):true
                    Commandline:taskkill /f /im mmc.exe /t
                    Imagebase:0x8c0000
                    File size:74'240 bytes
                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    General

                    Target ID:11
                    Start time:04:09:04
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\cmd.exe
                    Wow64 process (32bit):true
                    Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
                    Imagebase:0x790000
                    File size:236'544 bytes
                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    General

                    Target ID:12
                    Start time:04:09:04
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\taskkill.exe
                    Wow64 process (32bit):true
                    Commandline:taskkill /f /im mmc.exe /t
                    Imagebase:0x8c0000
                    File size:74'240 bytes
                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    General

                    Target ID:13
                    Start time:04:09:05
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\cmd.exe
                    Wow64 process (32bit):true
                    Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
                    Imagebase:0x790000
                    File size:236'544 bytes
                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:14
                    Start time:04:09:05
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\taskkill.exe
                    Wow64 process (32bit):true
                    Commandline:taskkill /f /im mmc.exe /t
                    Imagebase:0x8c0000
                    File size:74'240 bytes
                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:15
                    Start time:04:09:06
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\cmd.exe
                    Wow64 process (32bit):true
                    Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
                    Imagebase:0x790000
                    File size:236'544 bytes
                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:16
                    Start time:04:09:06
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\taskkill.exe
                    Wow64 process (32bit):true
                    Commandline:taskkill /f /im mmc.exe /t
                    Imagebase:0x8c0000
                    File size:74'240 bytes
                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:17
                    Start time:04:09:07
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\cmd.exe
                    Wow64 process (32bit):true
                    Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
                    Imagebase:0x790000
                    File size:236'544 bytes
                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:18
                    Start time:04:09:07
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\taskkill.exe
                    Wow64 process (32bit):true
                    Commandline:taskkill /f /im mmc.exe /t
                    Imagebase:0x8c0000
                    File size:74'240 bytes
                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:19
                    Start time:04:09:08
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\cmd.exe
                    Wow64 process (32bit):true
                    Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
                    Imagebase:0x790000
                    File size:236'544 bytes
                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:20
                    Start time:04:09:08
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\taskkill.exe
                    Wow64 process (32bit):true
                    Commandline:taskkill /f /im mmc.exe /t
                    Imagebase:0x8c0000
                    File size:74'240 bytes
                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:21
                    Start time:04:09:09
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\cmd.exe
                    Wow64 process (32bit):true
                    Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
                    Imagebase:0x790000
                    File size:236'544 bytes
                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:22
                    Start time:04:09:09
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\taskkill.exe
                    Wow64 process (32bit):true
                    Commandline:taskkill /f /im mmc.exe /t
                    Imagebase:0x8c0000
                    File size:74'240 bytes
                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:23
                    Start time:04:09:10
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\cmd.exe
                    Wow64 process (32bit):true
                    Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
                    Imagebase:0x7ff6d64d0000
                    File size:236'544 bytes
                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:24
                    Start time:04:09:10
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\taskkill.exe
                    Wow64 process (32bit):true
                    Commandline:taskkill /f /im mmc.exe /t
                    Imagebase:0x8c0000
                    File size:74'240 bytes
                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:25
                    Start time:04:09:11
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\cmd.exe
                    Wow64 process (32bit):true
                    Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
                    Imagebase:0x790000
                    File size:236'544 bytes
                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:26
                    Start time:04:09:11
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\taskkill.exe
                    Wow64 process (32bit):true
                    Commandline:taskkill /f /im mmc.exe /t
                    Imagebase:0x8c0000
                    File size:74'240 bytes
                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:28
                    Start time:04:09:12
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\cmd.exe
                    Wow64 process (32bit):true
                    Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
                    Imagebase:0x790000
                    File size:236'544 bytes
                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:29
                    Start time:04:09:12
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\taskkill.exe
                    Wow64 process (32bit):true
                    Commandline:taskkill /f /im mmc.exe /t
                    Imagebase:0x8c0000
                    File size:74'240 bytes
                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:30
                    Start time:04:09:13
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\cmd.exe
                    Wow64 process (32bit):true
                    Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
                    Imagebase:0x790000
                    File size:236'544 bytes
                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:31
                    Start time:04:09:13
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\taskkill.exe
                    Wow64 process (32bit):true
                    Commandline:taskkill /f /im mmc.exe /t
                    Imagebase:0x8c0000
                    File size:74'240 bytes
                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:32
                    Start time:04:09:14
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\cmd.exe
                    Wow64 process (32bit):true
                    Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
                    Imagebase:0x790000
                    File size:236'544 bytes
                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:33
                    Start time:04:09:14
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\taskkill.exe
                    Wow64 process (32bit):true
                    Commandline:taskkill /f /im mmc.exe /t
                    Imagebase:0x8c0000
                    File size:74'240 bytes
                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:34
                    Start time:04:09:15
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\cmd.exe
                    Wow64 process (32bit):true
                    Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
                    Imagebase:0x790000
                    File size:236'544 bytes
                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:35
                    Start time:04:09:15
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\taskkill.exe
                    Wow64 process (32bit):true
                    Commandline:taskkill /f /im mmc.exe /t
                    Imagebase:0x8c0000
                    File size:74'240 bytes
                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:36
                    Start time:04:09:16
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\cmd.exe
                    Wow64 process (32bit):true
                    Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
                    Imagebase:0x790000
                    File size:236'544 bytes
                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:37
                    Start time:04:09:16
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\taskkill.exe
                    Wow64 process (32bit):true
                    Commandline:taskkill /f /im mmc.exe /t
                    Imagebase:0x8c0000
                    File size:74'240 bytes
                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:38
                    Start time:04:09:17
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\cmd.exe
                    Wow64 process (32bit):true
                    Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
                    Imagebase:0x790000
                    File size:236'544 bytes
                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:39
                    Start time:04:09:17
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\taskkill.exe
                    Wow64 process (32bit):true
                    Commandline:taskkill /f /im mmc.exe /t
                    Imagebase:0x8c0000
                    File size:74'240 bytes
                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:40
                    Start time:04:09:18
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\cmd.exe
                    Wow64 process (32bit):true
                    Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
                    Imagebase:0x790000
                    File size:236'544 bytes
                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:41
                    Start time:04:09:18
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\taskkill.exe
                    Wow64 process (32bit):true
                    Commandline:taskkill /f /im mmc.exe /t
                    Imagebase:0x8c0000
                    File size:74'240 bytes
                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:42
                    Start time:04:09:19
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\cmd.exe
                    Wow64 process (32bit):true
                    Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
                    Imagebase:0x790000
                    File size:236'544 bytes
                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:43
                    Start time:04:09:19
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\taskkill.exe
                    Wow64 process (32bit):true
                    Commandline:taskkill /f /im mmc.exe /t
                    Imagebase:0x8c0000
                    File size:74'240 bytes
                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:44
                    Start time:04:09:20
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\cmd.exe
                    Wow64 process (32bit):true
                    Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
                    Imagebase:0x790000
                    File size:236'544 bytes
                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:45
                    Start time:04:09:20
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\taskkill.exe
                    Wow64 process (32bit):true
                    Commandline:taskkill /f /im mmc.exe /t
                    Imagebase:0x8c0000
                    File size:74'240 bytes
                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:46
                    Start time:04:09:21
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\cmd.exe
                    Wow64 process (32bit):true
                    Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
                    Imagebase:0x790000
                    File size:236'544 bytes
                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:47
                    Start time:04:09:21
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\taskkill.exe
                    Wow64 process (32bit):true
                    Commandline:taskkill /f /im mmc.exe /t
                    Imagebase:0x8c0000
                    File size:74'240 bytes
                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:48
                    Start time:04:09:22
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\cmd.exe
                    Wow64 process (32bit):true
                    Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
                    Imagebase:0x790000
                    File size:236'544 bytes
                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:49
                    Start time:04:09:23
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\taskkill.exe
                    Wow64 process (32bit):true
                    Commandline:taskkill /f /im mmc.exe /t
                    Imagebase:0x8c0000
                    File size:74'240 bytes
                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:50
                    Start time:04:09:23
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\cmd.exe
                    Wow64 process (32bit):true
                    Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
                    Imagebase:0x790000
                    File size:236'544 bytes
                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:51
                    Start time:04:09:23
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\taskkill.exe
                    Wow64 process (32bit):true
                    Commandline:taskkill /f /im mmc.exe /t
                    Imagebase:0x8c0000
                    File size:74'240 bytes
                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:52
                    Start time:04:09:24
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\cmd.exe
                    Wow64 process (32bit):true
                    Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
                    Imagebase:0x790000
                    File size:236'544 bytes
                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:53
                    Start time:04:09:24
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\taskkill.exe
                    Wow64 process (32bit):true
                    Commandline:taskkill /f /im mmc.exe /t
                    Imagebase:0x8c0000
                    File size:74'240 bytes
                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:54
                    Start time:04:09:25
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\cmd.exe
                    Wow64 process (32bit):true
                    Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
                    Imagebase:0x790000
                    File size:236'544 bytes
                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:55
                    Start time:04:09:26
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\taskkill.exe
                    Wow64 process (32bit):true
                    Commandline:taskkill /f /im mmc.exe /t
                    Imagebase:0x8c0000
                    File size:74'240 bytes
                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:56
                    Start time:04:09:26
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\cmd.exe
                    Wow64 process (32bit):true
                    Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
                    Imagebase:0x790000
                    File size:236'544 bytes
                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:57
                    Start time:04:09:26
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\taskkill.exe
                    Wow64 process (32bit):true
                    Commandline:taskkill /f /im mmc.exe /t
                    Imagebase:0x8c0000
                    File size:74'240 bytes
                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:58
                    Start time:04:09:27
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\cmd.exe
                    Wow64 process (32bit):true
                    Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
                    Imagebase:0x790000
                    File size:236'544 bytes
                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:59
                    Start time:04:09:27
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\taskkill.exe
                    Wow64 process (32bit):true
                    Commandline:taskkill /f /im mmc.exe /t
                    Imagebase:0x8c0000
                    File size:74'240 bytes
                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:60
                    Start time:04:09:28
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\cmd.exe
                    Wow64 process (32bit):true
                    Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
                    Imagebase:0x790000
                    File size:236'544 bytes
                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:61
                    Start time:04:09:29
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\taskkill.exe
                    Wow64 process (32bit):true
                    Commandline:taskkill /f /im mmc.exe /t
                    Imagebase:0x8c0000
                    File size:74'240 bytes
                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:62
                    Start time:04:09:30
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\cmd.exe
                    Wow64 process (32bit):true
                    Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
                    Imagebase:0x790000
                    File size:236'544 bytes
                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:63
                    Start time:04:09:30
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\taskkill.exe
                    Wow64 process (32bit):true
                    Commandline:taskkill /f /im mmc.exe /t
                    Imagebase:0x8c0000
                    File size:74'240 bytes
                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:64
                    Start time:04:09:31
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\cmd.exe
                    Wow64 process (32bit):true
                    Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
                    Imagebase:0x790000
                    File size:236'544 bytes
                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:65
                    Start time:04:09:31
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\taskkill.exe
                    Wow64 process (32bit):true
                    Commandline:taskkill /f /im mmc.exe /t
                    Imagebase:0x8c0000
                    File size:74'240 bytes
                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:66
                    Start time:04:09:32
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\cmd.exe
                    Wow64 process (32bit):true
                    Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
                    Imagebase:0x790000
                    File size:236'544 bytes
                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:67
                    Start time:04:09:32
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\taskkill.exe
                    Wow64 process (32bit):true
                    Commandline:taskkill /f /im mmc.exe /t
                    Imagebase:0x8c0000
                    File size:74'240 bytes
                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:68
                    Start time:04:09:33
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\cmd.exe
                    Wow64 process (32bit):true
                    Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
                    Imagebase:0x790000
                    File size:236'544 bytes
                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:69
                    Start time:04:09:33
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\taskkill.exe
                    Wow64 process (32bit):true
                    Commandline:taskkill /f /im mmc.exe /t
                    Imagebase:0x8c0000
                    File size:74'240 bytes
                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:70
                    Start time:04:09:34
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\cmd.exe
                    Wow64 process (32bit):true
                    Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
                    Imagebase:0x790000
                    File size:236'544 bytes
                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:71
                    Start time:04:09:34
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\taskkill.exe
                    Wow64 process (32bit):true
                    Commandline:taskkill /f /im mmc.exe /t
                    Imagebase:0x8c0000
                    File size:74'240 bytes
                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:72
                    Start time:04:09:35
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\cmd.exe
                    Wow64 process (32bit):true
                    Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
                    Imagebase:0x790000
                    File size:236'544 bytes
                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:73
                    Start time:04:09:35
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\taskkill.exe
                    Wow64 process (32bit):true
                    Commandline:taskkill /f /im mmc.exe /t
                    Imagebase:0x8c0000
                    File size:74'240 bytes
                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:74
                    Start time:04:09:35
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\cmd.exe
                    Wow64 process (32bit):true
                    Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
                    Imagebase:0x790000
                    File size:236'544 bytes
                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:75
                    Start time:04:09:35
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\taskkill.exe
                    Wow64 process (32bit):true
                    Commandline:taskkill /f /im mmc.exe /t
                    Imagebase:0x8c0000
                    File size:74'240 bytes
                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:76
                    Start time:04:09:36
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\cmd.exe
                    Wow64 process (32bit):true
                    Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
                    Imagebase:0x790000
                    File size:236'544 bytes
                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:77
                    Start time:04:09:37
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\taskkill.exe
                    Wow64 process (32bit):true
                    Commandline:taskkill /f /im mmc.exe /t
                    Imagebase:0x8c0000
                    File size:74'240 bytes
                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    General

                    Target ID:78
                    Start time:04:09:37
                    Start date:06/10/2024
                    Path:C:\Windows\SysWOW64\cmd.exe
                    Wow64 process (32bit):true
                    Commandline:cmd.exe /c taskkill /f /im mmc.exe /t
                    Imagebase:0x790000
                    File size:236'544 bytes
                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Has exited:true

                    Disassembly

                    No disassembly