Overview
overview
10Static
static
3main.exe
windows7-x64
1main.exe
windows10-2004-x64
1ransom.exe
windows7-x64
10ransom.exe
windows10-2004-x64
10key_gen/main.exe
windows7-x64
1key_gen/main.exe
windows10-2004-x64
1key_gen/ransom.exe
windows7-x64
9key_gen/ransom.exe
windows10-2004-x64
9ransom/Rel...om.exe
windows7-x64
6ransom/Rel...om.exe
windows10-2004-x64
6ransom/ran...ts.vbs
windows7-x64
1ransom/ran...ts.vbs
windows10-2004-x64
1ransom/ran...hic.js
windows7-x64
3ransom/ran...hic.js
windows10-2004-x64
3ransom/ran...som.js
windows7-x64
3ransom/ran...som.js
windows10-2004-x64
3Analysis
-
max time kernel
150s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
05/11/2024, 16:00
Static task
static1
Behavioral task
behavioral1
Sample
main.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
main.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
ransom.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
ransom.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
key_gen/main.exe
Resource
win7-20240729-en
Behavioral task
behavioral6
Sample
key_gen/main.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
key_gen/ransom.exe
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
key_gen/ransom.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
ransom/Release/ransom.exe
Resource
win7-20240729-en
Behavioral task
behavioral10
Sample
ransom/Release/ransom.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
ransom/ransom/Crypto/RSA/bigdigits.vbs
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
ransom/ransom/Crypto/RSA/bigdigits.vbs
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
ransom/ransom/Cryptographic.js
Resource
win7-20241010-en
Behavioral task
behavioral14
Sample
ransom/ransom/Cryptographic.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
ransom/ransom/ransom.js
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
ransom/ransom/ransom.js
Resource
win10v2004-20241007-en
General
-
Target
ransom/Release/ransom.exe
-
Size
6.4MB
-
MD5
626fab8275d8d8e841bc9a08b208201e
-
SHA1
197d5c9c5cbf53ed3e78d53a008b6ad665fa3e4c
-
SHA256
e26db13a9660555448acb7591f382b480b0252d19e3ad6c6678ba5e1f03d6458
-
SHA512
e106cf78731d9a8e75b5e76ecf881bb12262f13b05b805e89f3bede061a4a1ebb738d7a7631fb51801d95717ca34dabb12f7ed4826e6812ceadb0bad98fcb0d0
-
SSDEEP
6144:o3j7hJkMepmEfZsVOM7pNbDMuoKJ+QtDeQYizHMTlaw81FRx3JmfBcOmg:o3nkMS2R6RdQtzH8lhwFbZgaOm
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\j: ransom.exe File opened (read-only) \??\o: ransom.exe File opened (read-only) \??\p: ransom.exe File opened (read-only) \??\t: ransom.exe File opened (read-only) \??\x: ransom.exe File opened (read-only) \??\g: ransom.exe File opened (read-only) \??\i: ransom.exe File opened (read-only) \??\m: ransom.exe File opened (read-only) \??\n: ransom.exe File opened (read-only) \??\y: ransom.exe File opened (read-only) \??\w: ransom.exe File opened (read-only) \??\z: ransom.exe File opened (read-only) \??\q: ransom.exe File opened (read-only) \??\r: ransom.exe File opened (read-only) \??\a: ransom.exe File opened (read-only) \??\b: ransom.exe File opened (read-only) \??\e: ransom.exe File opened (read-only) \??\h: ransom.exe File opened (read-only) \??\k: ransom.exe File opened (read-only) \??\l: ransom.exe File opened (read-only) \??\s: ransom.exe File opened (read-only) \??\u: ransom.exe File opened (read-only) \??\v: ransom.exe -
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\\\tmp.bmp" ransom.exe -
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ransom.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe -
Kills process with taskkill 64 IoCs
pid Process 4932 taskkill.exe 364 taskkill.exe 3804 taskkill.exe 3628 taskkill.exe 4680 taskkill.exe 3772 taskkill.exe 3884 taskkill.exe 2472 taskkill.exe 3344 taskkill.exe 1048 taskkill.exe 724 taskkill.exe 3636 taskkill.exe 2560 taskkill.exe 2840 taskkill.exe 2872 taskkill.exe 4716 taskkill.exe 3672 taskkill.exe 464 taskkill.exe 4084 taskkill.exe 3772 taskkill.exe 964 taskkill.exe 4268 taskkill.exe 2852 taskkill.exe 4804 taskkill.exe 4652 taskkill.exe 2216 taskkill.exe 3020 taskkill.exe 116 taskkill.exe 3176 taskkill.exe 372 taskkill.exe 4812 taskkill.exe 4452 taskkill.exe 3124 taskkill.exe 2444 taskkill.exe 4144 taskkill.exe 4708 taskkill.exe 2644 taskkill.exe 5024 taskkill.exe 4480 taskkill.exe 1304 taskkill.exe 3648 taskkill.exe 3296 taskkill.exe 2408 taskkill.exe 4080 taskkill.exe 4576 taskkill.exe 4892 taskkill.exe 3664 taskkill.exe 3140 taskkill.exe 4876 taskkill.exe 3448 taskkill.exe 3172 taskkill.exe 4264 taskkill.exe 4248 taskkill.exe 2600 taskkill.exe 3652 taskkill.exe 3956 taskkill.exe 232 taskkill.exe 3784 taskkill.exe 2056 taskkill.exe 1104 taskkill.exe 5096 taskkill.exe 2872 taskkill.exe 3392 taskkill.exe 2964 taskkill.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeDebugPrivilege 4576 taskkill.exe Token: SeDebugPrivilege 1048 taskkill.exe Token: SeDebugPrivilege 3628 taskkill.exe Token: SeDebugPrivilege 4312 taskkill.exe Token: SeDebugPrivilege 1344 taskkill.exe Token: SeDebugPrivilege 4892 taskkill.exe Token: SeDebugPrivilege 932 taskkill.exe Token: SeDebugPrivilege 3788 taskkill.exe Token: SeDebugPrivilege 2056 taskkill.exe Token: SeDebugPrivilege 2836 taskkill.exe Token: SeDebugPrivilege 2964 taskkill.exe Token: SeDebugPrivilege 4216 taskkill.exe Token: SeDebugPrivilege 4480 taskkill.exe Token: SeDebugPrivilege 1144 taskkill.exe Token: SeDebugPrivilege 4576 taskkill.exe Token: SeDebugPrivilege 3448 taskkill.exe Token: SeDebugPrivilege 724 taskkill.exe Token: SeDebugPrivilege 4680 taskkill.exe Token: SeDebugPrivilege 4472 taskkill.exe Token: SeDebugPrivilege 1304 taskkill.exe Token: SeDebugPrivilege 4812 taskkill.exe Token: SeDebugPrivilege 3636 taskkill.exe Token: SeDebugPrivilege 3732 taskkill.exe Token: SeDebugPrivilege 2472 taskkill.exe Token: SeDebugPrivilege 3772 taskkill.exe Token: SeDebugPrivilege 1104 taskkill.exe Token: SeDebugPrivilege 3344 taskkill.exe Token: SeDebugPrivilege 5092 taskkill.exe Token: SeDebugPrivilege 3884 taskkill.exe Token: SeDebugPrivilege 4564 taskkill.exe Token: SeDebugPrivilege 2600 taskkill.exe Token: SeDebugPrivilege 540 taskkill.exe Token: SeDebugPrivilege 372 taskkill.exe Token: SeDebugPrivilege 2352 taskkill.exe Token: SeDebugPrivilege 3648 taskkill.exe Token: SeDebugPrivilege 3132 taskkill.exe Token: SeDebugPrivilege 4660 taskkill.exe Token: SeDebugPrivilege 3652 taskkill.exe Token: SeDebugPrivilege 3172 taskkill.exe Token: SeDebugPrivilege 4500 taskkill.exe Token: SeDebugPrivilege 3748 taskkill.exe Token: SeDebugPrivilege 1400 taskkill.exe Token: SeDebugPrivilege 4628 taskkill.exe Token: SeDebugPrivilege 3664 taskkill.exe Token: SeDebugPrivilege 1788 taskkill.exe Token: SeDebugPrivilege 5096 taskkill.exe Token: SeDebugPrivilege 2712 taskkill.exe Token: SeDebugPrivilege 540 taskkill.exe Token: SeDebugPrivilege 4160 taskkill.exe Token: SeDebugPrivilege 464 taskkill.exe Token: SeDebugPrivilege 2660 taskkill.exe Token: SeDebugPrivilege 4084 taskkill.exe Token: SeDebugPrivilege 3876 taskkill.exe Token: SeDebugPrivilege 4812 taskkill.exe Token: SeDebugPrivilege 3340 taskkill.exe Token: SeDebugPrivilege 2852 taskkill.exe Token: SeDebugPrivilege 3636 taskkill.exe Token: SeDebugPrivilege 3652 taskkill.exe Token: SeDebugPrivilege 2472 taskkill.exe Token: SeDebugPrivilege 3772 taskkill.exe Token: SeDebugPrivilege 2836 taskkill.exe Token: SeDebugPrivilege 2964 taskkill.exe Token: SeDebugPrivilege 3532 taskkill.exe Token: SeDebugPrivilege 1788 taskkill.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3012 wrote to memory of 5072 3012 ransom.exe 87 PID 3012 wrote to memory of 5072 3012 ransom.exe 87 PID 3012 wrote to memory of 5072 3012 ransom.exe 87 PID 5072 wrote to memory of 4576 5072 cmd.exe 88 PID 5072 wrote to memory of 4576 5072 cmd.exe 88 PID 5072 wrote to memory of 4576 5072 cmd.exe 88 PID 3012 wrote to memory of 444 3012 ransom.exe 91 PID 3012 wrote to memory of 444 3012 ransom.exe 91 PID 3012 wrote to memory of 444 3012 ransom.exe 91 PID 444 wrote to memory of 1048 444 cmd.exe 92 PID 444 wrote to memory of 1048 444 cmd.exe 92 PID 444 wrote to memory of 1048 444 cmd.exe 92 PID 3012 wrote to memory of 452 3012 ransom.exe 94 PID 3012 wrote to memory of 452 3012 ransom.exe 94 PID 3012 wrote to memory of 452 3012 ransom.exe 94 PID 452 wrote to memory of 3628 452 cmd.exe 95 PID 452 wrote to memory of 3628 452 cmd.exe 95 PID 452 wrote to memory of 3628 452 cmd.exe 95 PID 3012 wrote to memory of 872 3012 ransom.exe 98 PID 3012 wrote to memory of 872 3012 ransom.exe 98 PID 3012 wrote to memory of 872 3012 ransom.exe 98 PID 872 wrote to memory of 4312 872 cmd.exe 99 PID 872 wrote to memory of 4312 872 cmd.exe 99 PID 872 wrote to memory of 4312 872 cmd.exe 99 PID 3012 wrote to memory of 4720 3012 ransom.exe 101 PID 3012 wrote to memory of 4720 3012 ransom.exe 101 PID 3012 wrote to memory of 4720 3012 ransom.exe 101 PID 4720 wrote to memory of 1344 4720 cmd.exe 102 PID 4720 wrote to memory of 1344 4720 cmd.exe 102 PID 4720 wrote to memory of 1344 4720 cmd.exe 102 PID 3012 wrote to memory of 3512 3012 ransom.exe 103 PID 3012 wrote to memory of 3512 3012 ransom.exe 103 PID 3012 wrote to memory of 3512 3012 ransom.exe 103 PID 3512 wrote to memory of 4892 3512 cmd.exe 104 PID 3512 wrote to memory of 4892 3512 cmd.exe 104 PID 3512 wrote to memory of 4892 3512 cmd.exe 104 PID 3012 wrote to memory of 4356 3012 ransom.exe 105 PID 3012 wrote to memory of 4356 3012 ransom.exe 105 PID 3012 wrote to memory of 4356 3012 ransom.exe 105 PID 4356 wrote to memory of 932 4356 cmd.exe 106 PID 4356 wrote to memory of 932 4356 cmd.exe 106 PID 4356 wrote to memory of 932 4356 cmd.exe 106 PID 3012 wrote to memory of 2560 3012 ransom.exe 108 PID 3012 wrote to memory of 2560 3012 ransom.exe 108 PID 3012 wrote to memory of 2560 3012 ransom.exe 108 PID 2560 wrote to memory of 3788 2560 cmd.exe 109 PID 2560 wrote to memory of 3788 2560 cmd.exe 109 PID 2560 wrote to memory of 3788 2560 cmd.exe 109 PID 3012 wrote to memory of 2248 3012 ransom.exe 110 PID 3012 wrote to memory of 2248 3012 ransom.exe 110 PID 3012 wrote to memory of 2248 3012 ransom.exe 110 PID 2248 wrote to memory of 2056 2248 cmd.exe 111 PID 2248 wrote to memory of 2056 2248 cmd.exe 111 PID 2248 wrote to memory of 2056 2248 cmd.exe 111 PID 3012 wrote to memory of 5060 3012 ransom.exe 112 PID 3012 wrote to memory of 5060 3012 ransom.exe 112 PID 3012 wrote to memory of 5060 3012 ransom.exe 112 PID 5060 wrote to memory of 2836 5060 cmd.exe 113 PID 5060 wrote to memory of 2836 5060 cmd.exe 113 PID 5060 wrote to memory of 2836 5060 cmd.exe 113 PID 3012 wrote to memory of 3532 3012 ransom.exe 116 PID 3012 wrote to memory of 3532 3012 ransom.exe 116 PID 3012 wrote to memory of 3532 3012 ransom.exe 116 PID 3532 wrote to memory of 2964 3532 cmd.exe 117
Processes
-
C:\Users\Admin\AppData\Local\Temp\ransom\Release\ransom.exe"C:\Users\Admin\AppData\Local\Temp\ransom\Release\ransom.exe"1⤵
- Enumerates connected drives
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3012 -
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:5072 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4576
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- Suspicious use of WriteProcessMemory
PID:444 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:1048
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- Suspicious use of WriteProcessMemory
PID:452 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3628
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- Suspicious use of WriteProcessMemory
PID:872 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:4312
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- Suspicious use of WriteProcessMemory
PID:4720 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1344
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- Suspicious use of WriteProcessMemory
PID:3512 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4892
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- Suspicious use of WriteProcessMemory
PID:4356 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:932
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- Suspicious use of WriteProcessMemory
PID:2560 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:3788
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- Suspicious use of WriteProcessMemory
PID:2248 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2056
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- Suspicious use of WriteProcessMemory
PID:5060 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2836
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- Suspicious use of WriteProcessMemory
PID:3532 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2964
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2288
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:4216
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:60
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4480
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:540
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1144
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:3984 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:4576
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:3988
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3448
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:4092
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:724
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:5028
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4680
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1192
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:4472
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:4200
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:1304
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:852 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:4812
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:3952
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:3636
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1504
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:3732
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1604
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2472
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1528
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3772
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2560
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:1104
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:392 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:3344
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1732
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:5092
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:4928
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3884
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:4748
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:4564
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:4396
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2600
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1144
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:540
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:4824
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:372
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:1048 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2352
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2324
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3648
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1812
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:3132
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:4120
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:4660
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:4504
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3652
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:1992 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3172
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1868
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:4500
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:2540 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:3748
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:4696
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:1400
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:4856
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:4628
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1016
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3664
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1832
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1788
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2872
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:5096
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2376
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2712
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:3460
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:540
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:3464
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:4160
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2972
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:464
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1356
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2660
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1652
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4084
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:4876
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:3876
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2516
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:4812
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1812
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:3340
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1304
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2852
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:4920 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3636
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1504
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:3652
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2900
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2472
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:3656
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3772
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:5032
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2836
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:4696
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2964
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:4800
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:3532
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:4480
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1788
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:700
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:116
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:5096
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:2872
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:3200
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:4144
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:1096 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
PID:1080
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:444
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
PID:2664
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:3804 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:1048
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:3628 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:4680
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2704
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
PID:4812
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:3672
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:3340
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:452 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
PID:4592
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:2976 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:4820
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:3732 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:1816
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1768
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:4900
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:2900 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:964
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1912
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:4932
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:4640 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
PID:5104
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1396
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
PID:2560
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:3020
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:2540
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:5060 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:2964
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:4724
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:364
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:3120
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
PID:3936
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1788
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:3160
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:3076
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:3296
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1240
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
PID:1412
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:5096
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
PID:4652
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1144
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:4264
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1172
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
PID:3464
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:760 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
PID:2352
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:444 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:4452
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:3236
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:432
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2876
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
PID:3124
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:3512
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:5084
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1512
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:4460
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:5116 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:2840
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:452
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:2408
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:4740
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:3392
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1868
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:4268
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1324
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:4228
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1568
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:3140
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:3356
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
PID:2872
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2200
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:3928
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2992
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:3956
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:3988
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:1356
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2160
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:2444
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2324
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:4876
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1048
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
PID:2516
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:4892
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:2216
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:3360
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:4716
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:372 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:3672
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2768
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:2852
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1428
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:4356
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:864
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:4500
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:2892 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
PID:4268
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:4868
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:3344
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:3636
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
PID:4080
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:4660
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:2580
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1324
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:3020
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:3476
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
PID:5048
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:4484
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
PID:852
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:4564
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
PID:5052
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:2712 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:4800
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:3924
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:4240
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:4264
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
PID:4832
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:2992 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:1096
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:5072
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:636
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2160
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:3804
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:4084
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:3176
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:3132
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:232
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:2040 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
PID:4460
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:3360
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
PID:4708
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:4644
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:2840
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2020
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:2540
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2472
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:4804
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2976
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:4820
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:4856
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:1572
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:4212
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:5024
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:5048
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:2644
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:3884
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:116
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:4440 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
PID:3784
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:428
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:1896
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2600
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:4248
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2076
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
PID:1200
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:3356
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:2872
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:5076
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:1508
-
-