Analysis
-
max time kernel
58s -
max time network
78s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
23-12-2022 02:53
General
-
Target
c13a77c04a9e6d13275c98f60b63cd2415c622b96bdd31ddfb600d2e6c798d45.exe
-
Size
588KB
-
MD5
e2cf99bafbaf97caeb1e168f08d5b9a7
-
SHA1
93e3f7a0a438ed62058fafecce927960959e64cc
-
SHA256
c13a77c04a9e6d13275c98f60b63cd2415c622b96bdd31ddfb600d2e6c798d45
-
SHA512
ea6b44e5c0381f8c5febecfc114f643871b0d765e9fff7b185d2d8b43de2845e9dcf3f490ccc28fe6b2b07d4396aeccba541fc40d11c7b0c0d979ad6ce5c591b
-
SSDEEP
12288:NeRtB1zxiB1UOab0y8msR/UWyUAMF95ofKxsS+/Oym/+L:uj1xiB1Dab0yiUW1AYSKGSgiWL
Score
8/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
-
Possible privilege escalation attempt 2 IoCs
-
UPX packed file 64 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings 2 TTPs 64 IoCs
Looks up country code configured in the registry, likely geofence.
-
Modifies file permissions 1 TTPs 2 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Kills process with taskkill 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c13a77c04a9e6d13275c98f60b63cd2415c622b96bdd31ddfb600d2e6c798d45.exe"C:\Users\Admin\AppData\Local\Temp\c13a77c04a9e6d13275c98f60b63cd2415c622b96bdd31ddfb600d2e6c798d45.exe"1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\bd.exeC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\bd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\675A.tmp\675B.tmp\675C.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\bd.exe"3⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\window.exewindow.exe4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\6DC2.tmp\6DC3.tmp\6DC4.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe"5⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f6⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\6ECC.tmp\6ECD.tmp\6ECE.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"7⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f8⤵
- Executes dropped EXE
- Checks computer location settings
- Kills process with taskkill
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\6FF5.tmp\6FF6.tmp\6FF7.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"9⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f10⤵
- Executes dropped EXE
- Kills process with taskkill
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\715C.tmp\715D.tmp\715E.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"11⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f12⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\7227.tmp\7228.tmp\7229.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"13⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f14⤵
- Executes dropped EXE
- Kills process with taskkill
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\72F2.tmp\72F3.tmp\72F4.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"15⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f16⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\738F.tmp\7390.tmp\7391.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"17⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\742B.tmp\742C.tmp\742D.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"19⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f20⤵
- Executes dropped EXE
- Kills process with taskkill
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\7506.tmp\7507.tmp\7508.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"21⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f22⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\75D1.tmp\75E1.tmp\75E2.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"23⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f24⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\76BB.tmp\76CC.tmp\76CD.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"25⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f26⤵
- Executes dropped EXE
- Checks computer location settings
- Kills process with taskkill
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\7786.tmp\7787.tmp\7788.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"27⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f28⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\7842.tmp\7843.tmp\7844.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"29⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f30⤵
- Executes dropped EXE
- Checks computer location settings
- Kills process with taskkill
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\79C8.tmp\79C9.tmp\79EA.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"31⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f32⤵
- Executes dropped EXE
- Kills process with taskkill
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\7AE2.tmp\7AE3.tmp\7AF3.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"33⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f34⤵
- Executes dropped EXE
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\7BBC.tmp\7BBD.tmp\7BBE.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"35⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f36⤵
- Executes dropped EXE
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\7CD6.tmp\7CD7.tmp\7CD8.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"37⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f38⤵
- Executes dropped EXE
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\7DEF.tmp\7E00.tmp\7E01.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"39⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f40⤵
- Executes dropped EXE
- Checks computer location settings
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\7EBA.tmp\7EBB.tmp\7EBC.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"41⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f42⤵
- Executes dropped EXE
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\7F76.tmp\7F77.tmp\7F78.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"43⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f44⤵
- Executes dropped EXE
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\8050.tmp\8051.tmp\8052.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"45⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f46⤵
- Executes dropped EXE
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\8179.tmp\81C8.tmp\81C9.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"47⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f48⤵
- Executes dropped EXE
- Checks computer location settings
- Kills process with taskkill
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\836D.tmp\84C6.tmp\84D7.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"49⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f50⤵
- Executes dropped EXE
- Kills process with taskkill
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\86C9.tmp\8708.tmp\8709.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"51⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f52⤵
- Executes dropped EXE
- Kills process with taskkill
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\885F.tmp\8860.tmp\8861.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"53⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f54⤵
- Executes dropped EXE
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\89E5.tmp\89E6.tmp\89E7.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"55⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f56⤵
- Executes dropped EXE
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\8B3D.tmp\8B3E.tmp\8B3F.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"57⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f58⤵
- Executes dropped EXE
- Checks computer location settings
- Kills process with taskkill
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\8C37.tmp\8C38.tmp\8C39.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"59⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f60⤵
- Executes dropped EXE
- Kills process with taskkill
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\8D7F.tmp\8D80.tmp\8D81.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"61⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f62⤵
- Executes dropped EXE
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\8ED7.tmp\8ED8.tmp\8ED9.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"63⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f64⤵
- Executes dropped EXE
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\8FF0.tmp\8FF1.tmp\8FF2.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"65⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f66⤵
- Executes dropped EXE
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\90DB.tmp\90DC.tmp\90DD.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"67⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f68⤵
- Executes dropped EXE
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\9187.tmp\9188.tmp\9189.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"69⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f70⤵
- Executes dropped EXE
- Checks computer location settings
- Kills process with taskkill
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\9242.tmp\9253.tmp\9254.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"71⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f72⤵
- Executes dropped EXE
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\937B.tmp\937C.tmp\937D.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"73⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f74⤵
- Executes dropped EXE
- Checks computer location settings
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\9446.tmp\9447.tmp\9448.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"75⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f76⤵
- Executes dropped EXE
- Checks computer location settings
- Kills process with taskkill
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\956F.tmp\9570.tmp\9571.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"77⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f78⤵
- Executes dropped EXE
- Kills process with taskkill
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\9669.tmp\966A.tmp\966B.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"79⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f80⤵
- Executes dropped EXE
- Checks computer location settings
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\980E.tmp\980F.tmp\9810.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"81⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f82⤵
- Executes dropped EXE
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\98F9.tmp\98FA.tmp\98FB.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"83⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f84⤵
- Executes dropped EXE
- Kills process with taskkill
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\99E3.tmp\99E4.tmp\99E5.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"85⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f86⤵
- Executes dropped EXE
- Kills process with taskkill
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\9A7F.tmp\9A90.tmp\9A91.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"87⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f88⤵
- Executes dropped EXE
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\9B89.tmp\9B8A.tmp\9B8B.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"89⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f90⤵
- Executes dropped EXE
- Checks computer location settings
- Kills process with taskkill
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\9C25.tmp\9C26.tmp\9C27.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"91⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f92⤵
- Executes dropped EXE
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\9CC2.tmp\9CC3.tmp\9CC4.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"93⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f94⤵
- Executes dropped EXE
- Checks computer location settings
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\9D7D.tmp\9D7E.tmp\9D7F.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"95⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f96⤵
- Executes dropped EXE
- Checks computer location settings
- Kills process with taskkill
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\9E29.tmp\9E2A.tmp\9E2B.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"97⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f98⤵
- Executes dropped EXE
- Checks computer location settings
- Kills process with taskkill
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\9ED5.tmp\9ED6.tmp\9ED7.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"99⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f100⤵
- Executes dropped EXE
- Checks computer location settings
- Kills process with taskkill
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\9FBF.tmp\9FDF.tmp\9FE0.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"101⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f102⤵
- Executes dropped EXE
- Checks computer location settings
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\A0E8.tmp\A0E9.tmp\A0EA.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"103⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f104⤵
- Executes dropped EXE
- Checks computer location settings
- Kills process with taskkill
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\A25F.tmp\A270.tmp\A271.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"105⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f106⤵
- Executes dropped EXE
- Checks computer location settings
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\C5F4.tmp\C5F5.tmp\C5F6.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"107⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f108⤵
- Executes dropped EXE
- Kills process with taskkill
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\C6DF.tmp\C6E0.tmp\C6E1.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"109⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f110⤵
- Executes dropped EXE
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\C76B.tmp\C76C.tmp\C76D.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"111⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f112⤵
- Executes dropped EXE
- Kills process with taskkill
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\C8D3.tmp\C8D4.tmp\C8D5.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"113⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f114⤵
- Executes dropped EXE
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\C9AE.tmp\C9AF.tmp\C9B0.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"115⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f116⤵
- Executes dropped EXE
- Checks computer location settings
- Kills process with taskkill
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\CA59.tmp\CA5A.tmp\CA5B.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"117⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f118⤵
- Executes dropped EXE
- Checks computer location settings
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\CB15.tmp\CB16.tmp\CB17.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"119⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f120⤵
- Executes dropped EXE
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\CB82.tmp\CB83.tmp\CB84.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"121⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f122⤵
- Executes dropped EXE
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\CC5D.tmp\CC5E.tmp\CC5F.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"123⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f124⤵
- Executes dropped EXE
- Checks computer location settings
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\CD38.tmp\CD39.tmp\CD3A.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"125⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f126⤵
- Executes dropped EXE
- Checks computer location settings
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\CE13.tmp\CE14.tmp\CE15.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"127⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f128⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\CEAF.tmp\CEB0.tmp\CEB1.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"129⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f130⤵
- Kills process with taskkill
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\CF3B.tmp\CF3C.tmp\CF3D.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"131⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f132⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\CFF7.tmp\D008.tmp\D009.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"133⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f134⤵
- Checks computer location settings
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\D0C2.tmp\D0C3.tmp\D0C4.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"135⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f136⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\D1AC.tmp\D1AD.tmp\D1AE.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"137⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f138⤵
- Checks computer location settings
- Kills process with taskkill
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\D258.tmp\D259.tmp\D25A.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"139⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f140⤵
- Checks computer location settings
- Kills process with taskkill
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\D304.tmp\D305.tmp\D306.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"141⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f142⤵
- Checks computer location settings
- Kills process with taskkill
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\D391.tmp\D3A1.tmp\D3A2.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"143⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f144⤵
- Checks computer location settings
- Kills process with taskkill
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\D42D.tmp\D42E.tmp\D42F.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"145⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f146⤵
- Checks computer location settings
- Kills process with taskkill
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\D508.tmp\D518.tmp\D519.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"147⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f148⤵
- Kills process with taskkill
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\D5A4.tmp\D5A5.tmp\D5A6.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"149⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f150⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\D631.tmp\D632.tmp\D633.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"151⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f152⤵
- Checks computer location settings
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\D70B.tmp\D70C.tmp\D70D.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"153⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f154⤵
- Checks computer location settings
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\D798.tmp\D799.tmp\D79A.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"155⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f156⤵
- Checks computer location settings
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\D844.tmp\D855.tmp\D856.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"157⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f158⤵
- Checks computer location settings
- Kills process with taskkill
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\D94E.tmp\D94F.tmp\D950.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"159⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f160⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\DA96.tmp\DA97.tmp\DA98.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"161⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f162⤵
- Checks computer location settings
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\DCA9.tmp\DCAA.tmp\DCAB.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"163⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f164⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\DE10.tmp\DE11.tmp\DE22.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"165⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f166⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\DF1A.tmp\DF1B.tmp\DF1C.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"167⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f168⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\E004.tmp\E005.tmp\E006.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"169⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f170⤵
- Kills process with taskkill
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\E11E.tmp\E11F.tmp\FC0A.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"171⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f172⤵
- Checks computer location settings
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\FCF3.tmp\FCF4.tmp\FCF5.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"173⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f174⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\FE1B.tmp\FE1C.tmp\FE1D.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"175⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f176⤵
- Kills process with taskkill
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\FEF6.tmp\FEF7.tmp\FEF8.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"177⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f178⤵
- Checks computer location settings
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\FF92.tmp\FF93.tmp\FF94.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"179⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f180⤵
- Checks computer location settings
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\2F.tmp\30.tmp\31.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"181⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f182⤵
- Checks computer location settings
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\AC.tmp\BC.tmp\BD.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"183⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f184⤵
- Checks computer location settings
- Kills process with taskkill
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\158.tmp\159.tmp\15A.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"185⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f186⤵
- Checks computer location settings
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\242.tmp\243.tmp\244.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"187⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f188⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\2EE.tmp\2EF.tmp\2F0.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"189⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f190⤵
- Checks computer location settings
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\36B.tmp\36C.tmp\36D.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"191⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f192⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\407.tmp\408.tmp\409.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"193⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f194⤵
- Kills process with taskkill
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\484.tmp\485.tmp\486.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"195⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f196⤵
- Checks computer location settings
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\530.tmp\531.tmp\532.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"197⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f198⤵
- Checks computer location settings
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\5BD.tmp\5BE.tmp\5BF.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"199⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f200⤵
- Checks computer location settings
- Kills process with taskkill
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\697.tmp\6A8.tmp\6A9.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"201⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f202⤵
- Checks computer location settings
- Kills process with taskkill
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\7C0.tmp\7C1.tmp\7C2.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"203⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f204⤵
- Kills process with taskkill
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\8E9.tmp\8EA.tmp\8EB.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"205⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f206⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\A31.tmp\A42.tmp\A43.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"207⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f208⤵
- Checks computer location settings
- Kills process with taskkill
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\B79.tmp\B7A.tmp\B7B.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"209⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f210⤵
- Checks computer location settings
- Kills process with taskkill
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\D1F.tmp\D20.tmp\D31.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"211⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f212⤵
- Checks computer location settings
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\E77.tmp\E78.tmp\E79.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"213⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f214⤵
- Checks computer location settings
- Kills process with taskkill
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\FFE.tmp\FFF.tmp\1000.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"215⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f216⤵
- Kills process with taskkill
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\1107.tmp\1108.tmp\1109.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"217⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f218⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\131A.tmp\131B.tmp\131C.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"219⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f220⤵
- Kills process with taskkill
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\1414.tmp\1415.tmp\1426.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"221⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f222⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\154D.tmp\154E.tmp\154F.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"223⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f224⤵
- Checks computer location settings
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\17AE.tmp\17AF.tmp\17C0.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"225⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f226⤵
- Checks computer location settings
- Kills process with taskkill
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\18D7.tmp\18D8.tmp\18D9.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"227⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f228⤵
- Checks computer location settings
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\1A1F.tmp\1A20.tmp\1A21.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"229⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f230⤵
- Checks computer location settings
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\1B29.tmp\1B2A.tmp\1B2B.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"231⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f232⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\1BC5.tmp\1BC6.tmp\1BC7.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"233⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f234⤵
- Kills process with taskkill
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\1C81.tmp\1C82.tmp\1C83.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"235⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f236⤵
- Kills process with taskkill
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\1D1D.tmp\1D1E.tmp\1D1F.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"237⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f238⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\1DB9.tmp\1DBA.tmp\1DBB.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exe /im TasKmgr.exe /f"239⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\taskkill.exetaskkill /im TasKmgr.exe /f240⤵