Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/11/2024, 16:00

General

  • Target

    key_gen/ransom.exe

  • Size

    6.4MB

  • MD5

    38fb9ac2e51d04182faf81afbef08ab8

  • SHA1

    1f325950a7a8e1a2050e954f33d2c3774510bd6e

  • SHA256

    1363c8871061ff83ed3dd0fe025b274442d5c30898c02bdfd4981717f4f33b44

  • SHA512

    8af5062d6d133379b0ad87439cdf99fc98bff266f03c0a831f84c0c41224c7a97e8e0a5583e8d4b24c04edd0bc6099646ebea3388ffe2fe7917b709604e63406

  • SSDEEP

    6144:iODh8y70MgJ+j2ZsKmj82uGBOOGHO0GL2g6VzxazESJx2sYMLoI4H4voKJ+QtDeJ:ik70MZMc0RdQtzH8lhwFbZgaOm

Score
9/10

Malware Config

Signatures

  • Renames multiple (147) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops desktop.ini file(s) 23 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Kills process with taskkill 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\key_gen\ransom.exe
    "C:\Users\Admin\AppData\Local\Temp\key_gen\ransom.exe"
    1⤵
    • Drops desktop.ini file(s)
    • Enumerates connected drives
    • Sets desktop wallpaper using registry
    • Suspicious use of WriteProcessMemory
    PID:3928
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c taskkill /f /im mmc.exe /t
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1516
      • C:\Windows\SysWOW64\taskkill.exe
        taskkill /f /im mmc.exe /t
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:3132
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c taskkill /f /im mmc.exe /t
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4544
      • C:\Windows\SysWOW64\taskkill.exe
        taskkill /f /im mmc.exe /t
        3⤵
        • Kills process with taskkill
        • Suspicious use of AdjustPrivilegeToken
        PID:1004
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c taskkill /f /im mmc.exe /t
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1604
      • C:\Windows\SysWOW64\taskkill.exe
        taskkill /f /im mmc.exe /t
        3⤵
        • Kills process with taskkill
        • Suspicious use of AdjustPrivilegeToken
        PID:1764
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c taskkill /f /im mmc.exe /t
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3780
      • C:\Windows\SysWOW64\taskkill.exe
        taskkill /f /im mmc.exe /t
        3⤵
        • System Location Discovery: System Language Discovery
        • Kills process with taskkill
        • Suspicious use of AdjustPrivilegeToken
        PID:2812
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c taskkill /f /im mmc.exe /t
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2984
      • C:\Windows\SysWOW64\taskkill.exe
        taskkill /f /im mmc.exe /t
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:4328
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c taskkill /f /im mmc.exe /t
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1172
      • C:\Windows\SysWOW64\taskkill.exe
        taskkill /f /im mmc.exe /t
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:5112
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c taskkill /f /im mmc.exe /t
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4900
      • C:\Windows\SysWOW64\taskkill.exe
        taskkill /f /im mmc.exe /t
        3⤵
        • Kills process with taskkill
        • Suspicious use of AdjustPrivilegeToken
        PID:4980
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c taskkill /f /im mmc.exe /t
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2336
      • C:\Windows\SysWOW64\taskkill.exe
        taskkill /f /im mmc.exe /t
        3⤵
        • Kills process with taskkill
        • Suspicious use of AdjustPrivilegeToken
        PID:3012
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c taskkill /f /im mmc.exe /t
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4356
      • C:\Windows\SysWOW64\taskkill.exe
        taskkill /f /im mmc.exe /t
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2980
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c taskkill /f /im mmc.exe /t
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:636
      • C:\Windows\SysWOW64\taskkill.exe
        taskkill /f /im mmc.exe /t
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:4020
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c taskkill /f /im mmc.exe /t
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2244
      • C:\Windows\SysWOW64\taskkill.exe
        taskkill /f /im mmc.exe /t
        3⤵
        • Kills process with taskkill
        • Suspicious use of AdjustPrivilegeToken
        PID:4948
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c taskkill /f /im mmc.exe /t
      2⤵
        PID:4504
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /f /im mmc.exe /t
          3⤵
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:4412
      • C:\Windows\SysWOW64\cmd.exe
        cmd.exe /c taskkill /f /im mmc.exe /t
        2⤵
          PID:3096
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill /f /im mmc.exe /t
            3⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:4796
        • C:\Windows\SysWOW64\cmd.exe
          cmd.exe /c taskkill /f /im mmc.exe /t
          2⤵
            PID:2840
            • C:\Windows\SysWOW64\taskkill.exe
              taskkill /f /im mmc.exe /t
              3⤵
              • System Location Discovery: System Language Discovery
              • Suspicious use of AdjustPrivilegeToken
              PID:656
          • C:\Windows\SysWOW64\cmd.exe
            cmd.exe /c taskkill /f /im mmc.exe /t
            2⤵
              PID:3648
              • C:\Windows\SysWOW64\taskkill.exe
                taskkill /f /im mmc.exe /t
                3⤵
                • Kills process with taskkill
                • Suspicious use of AdjustPrivilegeToken
                PID:788
            • C:\Windows\SysWOW64\cmd.exe
              cmd.exe /c taskkill /f /im mmc.exe /t
              2⤵
                PID:232
                • C:\Windows\SysWOW64\taskkill.exe
                  taskkill /f /im mmc.exe /t
                  3⤵
                  • Kills process with taskkill
                  • Suspicious use of AdjustPrivilegeToken
                  PID:4268
              • C:\Windows\SysWOW64\cmd.exe
                cmd.exe /c taskkill /f /im mmc.exe /t
                2⤵
                  PID:2320
                  • C:\Windows\SysWOW64\taskkill.exe
                    taskkill /f /im mmc.exe /t
                    3⤵
                    • Suspicious use of AdjustPrivilegeToken
                    PID:4472
                • C:\Windows\SysWOW64\cmd.exe
                  cmd.exe /c taskkill /f /im mmc.exe /t
                  2⤵
                    PID:4320
                    • C:\Windows\SysWOW64\taskkill.exe
                      taskkill /f /im mmc.exe /t
                      3⤵
                      • Kills process with taskkill
                      • Suspicious use of AdjustPrivilegeToken
                      PID:2332
                  • C:\Windows\SysWOW64\cmd.exe
                    cmd.exe /c taskkill /f /im mmc.exe /t
                    2⤵
                      PID:4404
                      • C:\Windows\SysWOW64\taskkill.exe
                        taskkill /f /im mmc.exe /t
                        3⤵
                        • Kills process with taskkill
                        • Suspicious use of AdjustPrivilegeToken
                        PID:528
                    • C:\Windows\SysWOW64\cmd.exe
                      cmd.exe /c taskkill /f /im mmc.exe /t
                      2⤵
                        PID:1820
                        • C:\Windows\SysWOW64\taskkill.exe
                          taskkill /f /im mmc.exe /t
                          3⤵
                          • Suspicious use of AdjustPrivilegeToken
                          PID:1588
                      • C:\Windows\SysWOW64\cmd.exe
                        cmd.exe /c taskkill /f /im mmc.exe /t
                        2⤵
                          PID:1860
                          • C:\Windows\SysWOW64\taskkill.exe
                            taskkill /f /im mmc.exe /t
                            3⤵
                            • Suspicious use of AdjustPrivilegeToken
                            PID:4648
                        • C:\Windows\SysWOW64\cmd.exe
                          cmd.exe /c taskkill /f /im mmc.exe /t
                          2⤵
                            PID:4088
                            • C:\Windows\SysWOW64\taskkill.exe
                              taskkill /f /im mmc.exe /t
                              3⤵
                              • System Location Discovery: System Language Discovery
                              • Suspicious use of AdjustPrivilegeToken
                              PID:4864
                          • C:\Windows\SysWOW64\cmd.exe
                            cmd.exe /c taskkill /f /im mmc.exe /t
                            2⤵
                              PID:3464
                              • C:\Windows\SysWOW64\taskkill.exe
                                taskkill /f /im mmc.exe /t
                                3⤵
                                • Kills process with taskkill
                                • Suspicious use of AdjustPrivilegeToken
                                PID:3232
                            • C:\Windows\SysWOW64\cmd.exe
                              cmd.exe /c taskkill /f /im mmc.exe /t
                              2⤵
                              • System Location Discovery: System Language Discovery
                              PID:4568
                              • C:\Windows\SysWOW64\taskkill.exe
                                taskkill /f /im mmc.exe /t
                                3⤵
                                • Suspicious use of AdjustPrivilegeToken
                                PID:2796
                            • C:\Windows\SysWOW64\cmd.exe
                              cmd.exe /c taskkill /f /im mmc.exe /t
                              2⤵
                                PID:4860
                                • C:\Windows\SysWOW64\taskkill.exe
                                  taskkill /f /im mmc.exe /t
                                  3⤵
                                  • Kills process with taskkill
                                  • Suspicious use of AdjustPrivilegeToken
                                  PID:3792
                              • C:\Windows\SysWOW64\cmd.exe
                                cmd.exe /c taskkill /f /im mmc.exe /t
                                2⤵
                                • System Location Discovery: System Language Discovery
                                PID:3500
                                • C:\Windows\SysWOW64\taskkill.exe
                                  taskkill /f /im mmc.exe /t
                                  3⤵
                                  • Kills process with taskkill
                                  • Suspicious use of AdjustPrivilegeToken
                                  PID:2492
                              • C:\Windows\SysWOW64\cmd.exe
                                cmd.exe /c taskkill /f /im mmc.exe /t
                                2⤵
                                • System Location Discovery: System Language Discovery
                                PID:4304
                                • C:\Windows\SysWOW64\taskkill.exe
                                  taskkill /f /im mmc.exe /t
                                  3⤵
                                  • Suspicious use of AdjustPrivilegeToken
                                  PID:4020
                              • C:\Windows\SysWOW64\cmd.exe
                                cmd.exe /c taskkill /f /im mmc.exe /t
                                2⤵
                                • System Location Discovery: System Language Discovery
                                PID:2532
                                • C:\Windows\SysWOW64\taskkill.exe
                                  taskkill /f /im mmc.exe /t
                                  3⤵
                                  • Kills process with taskkill
                                  • Suspicious use of AdjustPrivilegeToken
                                  PID:2200
                              • C:\Windows\SysWOW64\cmd.exe
                                cmd.exe /c taskkill /f /im mmc.exe /t
                                2⤵
                                  PID:3448
                                  • C:\Windows\SysWOW64\taskkill.exe
                                    taskkill /f /im mmc.exe /t
                                    3⤵
                                    • System Location Discovery: System Language Discovery
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:3740
                                • C:\Windows\SysWOW64\cmd.exe
                                  cmd.exe /c taskkill /f /im mmc.exe /t
                                  2⤵
                                  • System Location Discovery: System Language Discovery
                                  PID:856
                                  • C:\Windows\SysWOW64\taskkill.exe
                                    taskkill /f /im mmc.exe /t
                                    3⤵
                                    • System Location Discovery: System Language Discovery
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:2816
                                • C:\Windows\SysWOW64\cmd.exe
                                  cmd.exe /c taskkill /f /im mmc.exe /t
                                  2⤵
                                    PID:1092
                                    • C:\Windows\SysWOW64\taskkill.exe
                                      taskkill /f /im mmc.exe /t
                                      3⤵
                                      • Kills process with taskkill
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:2968
                                  • C:\Windows\SysWOW64\cmd.exe
                                    cmd.exe /c taskkill /f /im mmc.exe /t
                                    2⤵
                                      PID:4092
                                      • C:\Windows\SysWOW64\taskkill.exe
                                        taskkill /f /im mmc.exe /t
                                        3⤵
                                        • Suspicious use of AdjustPrivilegeToken
                                        PID:3136
                                    • C:\Windows\SysWOW64\cmd.exe
                                      cmd.exe /c taskkill /f /im mmc.exe /t
                                      2⤵
                                        PID:4872
                                        • C:\Windows\SysWOW64\taskkill.exe
                                          taskkill /f /im mmc.exe /t
                                          3⤵
                                          • Kills process with taskkill
                                          • Suspicious use of AdjustPrivilegeToken
                                          PID:1072
                                      • C:\Windows\SysWOW64\cmd.exe
                                        cmd.exe /c taskkill /f /im mmc.exe /t
                                        2⤵
                                          PID:2076
                                          • C:\Windows\SysWOW64\taskkill.exe
                                            taskkill /f /im mmc.exe /t
                                            3⤵
                                            • System Location Discovery: System Language Discovery
                                            • Suspicious use of AdjustPrivilegeToken
                                            PID:2396
                                        • C:\Windows\SysWOW64\cmd.exe
                                          cmd.exe /c taskkill /f /im mmc.exe /t
                                          2⤵
                                            PID:1504
                                            • C:\Windows\SysWOW64\taskkill.exe
                                              taskkill /f /im mmc.exe /t
                                              3⤵
                                              • Kills process with taskkill
                                              • Suspicious use of AdjustPrivilegeToken
                                              PID:412
                                          • C:\Windows\SysWOW64\cmd.exe
                                            cmd.exe /c taskkill /f /im mmc.exe /t
                                            2⤵
                                              PID:1268
                                              • C:\Windows\SysWOW64\taskkill.exe
                                                taskkill /f /im mmc.exe /t
                                                3⤵
                                                • Kills process with taskkill
                                                • Suspicious use of AdjustPrivilegeToken
                                                PID:808
                                            • C:\Windows\SysWOW64\cmd.exe
                                              cmd.exe /c taskkill /f /im mmc.exe /t
                                              2⤵
                                              • System Location Discovery: System Language Discovery
                                              PID:3984
                                              • C:\Windows\SysWOW64\taskkill.exe
                                                taskkill /f /im mmc.exe /t
                                                3⤵
                                                • Suspicious use of AdjustPrivilegeToken
                                                PID:3284
                                            • C:\Windows\SysWOW64\cmd.exe
                                              cmd.exe /c taskkill /f /im mmc.exe /t
                                              2⤵
                                                PID:4864
                                                • C:\Windows\SysWOW64\taskkill.exe
                                                  taskkill /f /im mmc.exe /t
                                                  3⤵
                                                  • System Location Discovery: System Language Discovery
                                                  • Kills process with taskkill
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  PID:4088
                                              • C:\Windows\SysWOW64\cmd.exe
                                                cmd.exe /c taskkill /f /im mmc.exe /t
                                                2⤵
                                                  PID:2088
                                                  • C:\Windows\SysWOW64\taskkill.exe
                                                    taskkill /f /im mmc.exe /t
                                                    3⤵
                                                    • Kills process with taskkill
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    PID:3464
                                                • C:\Windows\SysWOW64\cmd.exe
                                                  cmd.exe /c taskkill /f /im mmc.exe /t
                                                  2⤵
                                                    PID:5052
                                                    • C:\Windows\SysWOW64\taskkill.exe
                                                      taskkill /f /im mmc.exe /t
                                                      3⤵
                                                      • Suspicious use of AdjustPrivilegeToken
                                                      PID:2484
                                                  • C:\Windows\SysWOW64\cmd.exe
                                                    cmd.exe /c taskkill /f /im mmc.exe /t
                                                    2⤵
                                                      PID:3012
                                                      • C:\Windows\SysWOW64\taskkill.exe
                                                        taskkill /f /im mmc.exe /t
                                                        3⤵
                                                        • System Location Discovery: System Language Discovery
                                                        • Kills process with taskkill
                                                        • Suspicious use of AdjustPrivilegeToken
                                                        PID:1608
                                                    • C:\Windows\SysWOW64\cmd.exe
                                                      cmd.exe /c taskkill /f /im mmc.exe /t
                                                      2⤵
                                                        PID:2980
                                                        • C:\Windows\SysWOW64\taskkill.exe
                                                          taskkill /f /im mmc.exe /t
                                                          3⤵
                                                          • Suspicious use of AdjustPrivilegeToken
                                                          PID:2648
                                                      • C:\Windows\SysWOW64\cmd.exe
                                                        cmd.exe /c taskkill /f /im mmc.exe /t
                                                        2⤵
                                                          PID:4196
                                                          • C:\Windows\SysWOW64\taskkill.exe
                                                            taskkill /f /im mmc.exe /t
                                                            3⤵
                                                            • Suspicious use of AdjustPrivilegeToken
                                                            PID:1972
                                                        • C:\Windows\SysWOW64\cmd.exe
                                                          cmd.exe /c taskkill /f /im mmc.exe /t
                                                          2⤵
                                                            PID:4188
                                                            • C:\Windows\SysWOW64\taskkill.exe
                                                              taskkill /f /im mmc.exe /t
                                                              3⤵
                                                              • Kills process with taskkill
                                                              • Suspicious use of AdjustPrivilegeToken
                                                              PID:2244
                                                          • C:\Windows\SysWOW64\cmd.exe
                                                            cmd.exe /c taskkill /f /im mmc.exe /t
                                                            2⤵
                                                              PID:2064
                                                              • C:\Windows\SysWOW64\taskkill.exe
                                                                taskkill /f /im mmc.exe /t
                                                                3⤵
                                                                • System Location Discovery: System Language Discovery
                                                                • Kills process with taskkill
                                                                • Suspicious use of AdjustPrivilegeToken
                                                                PID:2288
                                                            • C:\Windows\SysWOW64\cmd.exe
                                                              cmd.exe /c taskkill /f /im mmc.exe /t
                                                              2⤵
                                                                PID:2544
                                                                • C:\Windows\SysWOW64\taskkill.exe
                                                                  taskkill /f /im mmc.exe /t
                                                                  3⤵
                                                                  • System Location Discovery: System Language Discovery
                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                  PID:4976
                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                cmd.exe /c taskkill /f /im mmc.exe /t
                                                                2⤵
                                                                • System Location Discovery: System Language Discovery
                                                                PID:2836
                                                                • C:\Windows\SysWOW64\taskkill.exe
                                                                  taskkill /f /im mmc.exe /t
                                                                  3⤵
                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                  PID:540
                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                cmd.exe /c taskkill /f /im mmc.exe /t
                                                                2⤵
                                                                • System Location Discovery: System Language Discovery
                                                                PID:2812
                                                                • C:\Windows\SysWOW64\taskkill.exe
                                                                  taskkill /f /im mmc.exe /t
                                                                  3⤵
                                                                  • Kills process with taskkill
                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                  PID:2100
                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                cmd.exe /c taskkill /f /im mmc.exe /t
                                                                2⤵
                                                                  PID:3172
                                                                  • C:\Windows\SysWOW64\taskkill.exe
                                                                    taskkill /f /im mmc.exe /t
                                                                    3⤵
                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                    PID:2760
                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                  cmd.exe /c taskkill /f /im mmc.exe /t
                                                                  2⤵
                                                                    PID:3136
                                                                    • C:\Windows\SysWOW64\taskkill.exe
                                                                      taskkill /f /im mmc.exe /t
                                                                      3⤵
                                                                      • Kills process with taskkill
                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                      PID:4092
                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                    cmd.exe /c taskkill /f /im mmc.exe /t
                                                                    2⤵
                                                                      PID:4396
                                                                      • C:\Windows\SysWOW64\taskkill.exe
                                                                        taskkill /f /im mmc.exe /t
                                                                        3⤵
                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                        PID:5080
                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                      cmd.exe /c taskkill /f /im mmc.exe /t
                                                                      2⤵
                                                                        PID:3648
                                                                        • C:\Windows\SysWOW64\taskkill.exe
                                                                          taskkill /f /im mmc.exe /t
                                                                          3⤵
                                                                          • Kills process with taskkill
                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                          PID:2464
                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                        cmd.exe /c taskkill /f /im mmc.exe /t
                                                                        2⤵
                                                                          PID:3224
                                                                          • C:\Windows\SysWOW64\taskkill.exe
                                                                            taskkill /f /im mmc.exe /t
                                                                            3⤵
                                                                            • Kills process with taskkill
                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                            PID:948
                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                          cmd.exe /c taskkill /f /im mmc.exe /t
                                                                          2⤵
                                                                            PID:4060
                                                                            • C:\Windows\SysWOW64\taskkill.exe
                                                                              taskkill /f /im mmc.exe /t
                                                                              3⤵
                                                                              • System Location Discovery: System Language Discovery
                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                              PID:2932
                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                            cmd.exe /c taskkill /f /im mmc.exe /t
                                                                            2⤵
                                                                            • System Location Discovery: System Language Discovery
                                                                            PID:4328
                                                                            • C:\Windows\SysWOW64\taskkill.exe
                                                                              taskkill /f /im mmc.exe /t
                                                                              3⤵
                                                                              • Kills process with taskkill
                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                              PID:2856
                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                            cmd.exe /c taskkill /f /im mmc.exe /t
                                                                            2⤵
                                                                              PID:5112
                                                                              • C:\Windows\SysWOW64\taskkill.exe
                                                                                taskkill /f /im mmc.exe /t
                                                                                3⤵
                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                PID:3964
                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                              cmd.exe /c taskkill /f /im mmc.exe /t
                                                                              2⤵
                                                                              • System Location Discovery: System Language Discovery
                                                                              PID:1176
                                                                              • C:\Windows\SysWOW64\taskkill.exe
                                                                                taskkill /f /im mmc.exe /t
                                                                                3⤵
                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                PID:4272
                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                              cmd.exe /c taskkill /f /im mmc.exe /t
                                                                              2⤵
                                                                                PID:3820
                                                                                • C:\Windows\SysWOW64\taskkill.exe
                                                                                  taskkill /f /im mmc.exe /t
                                                                                  3⤵
                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                  PID:4980
                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                2⤵
                                                                                  PID:4360
                                                                                  • C:\Windows\SysWOW64\taskkill.exe
                                                                                    taskkill /f /im mmc.exe /t
                                                                                    3⤵
                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                    PID:1344
                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                  cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                  2⤵
                                                                                    PID:432
                                                                                    • C:\Windows\SysWOW64\taskkill.exe
                                                                                      taskkill /f /im mmc.exe /t
                                                                                      3⤵
                                                                                      • Kills process with taskkill
                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                      PID:2336
                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                    cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                    2⤵
                                                                                      PID:3652
                                                                                      • C:\Windows\SysWOW64\taskkill.exe
                                                                                        taskkill /f /im mmc.exe /t
                                                                                        3⤵
                                                                                        • Kills process with taskkill
                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                        PID:4664
                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                      cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                      2⤵
                                                                                        PID:1844
                                                                                        • C:\Windows\SysWOW64\taskkill.exe
                                                                                          taskkill /f /im mmc.exe /t
                                                                                          3⤵
                                                                                          • Kills process with taskkill
                                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                                          PID:4020
                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                        cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                        2⤵
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        PID:2704
                                                                                        • C:\Windows\SysWOW64\taskkill.exe
                                                                                          taskkill /f /im mmc.exe /t
                                                                                          3⤵
                                                                                          • Kills process with taskkill
                                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                                          PID:3504
                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                        cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                        2⤵
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        PID:1876
                                                                                        • C:\Windows\SysWOW64\taskkill.exe
                                                                                          taskkill /f /im mmc.exe /t
                                                                                          3⤵
                                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                                          PID:3496
                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                        cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                        2⤵
                                                                                          PID:2064
                                                                                          • C:\Windows\SysWOW64\taskkill.exe
                                                                                            taskkill /f /im mmc.exe /t
                                                                                            3⤵
                                                                                              PID:4264
                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                            cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                            2⤵
                                                                                              PID:4692
                                                                                              • C:\Windows\SysWOW64\taskkill.exe
                                                                                                taskkill /f /im mmc.exe /t
                                                                                                3⤵
                                                                                                  PID:1520
                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                2⤵
                                                                                                  PID:3208
                                                                                                  • C:\Windows\SysWOW64\taskkill.exe
                                                                                                    taskkill /f /im mmc.exe /t
                                                                                                    3⤵
                                                                                                      PID:4532
                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                    cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                    2⤵
                                                                                                      PID:4684
                                                                                                      • C:\Windows\SysWOW64\taskkill.exe
                                                                                                        taskkill /f /im mmc.exe /t
                                                                                                        3⤵
                                                                                                          PID:4268
                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                        cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                        2⤵
                                                                                                          PID:1304
                                                                                                          • C:\Windows\SysWOW64\taskkill.exe
                                                                                                            taskkill /f /im mmc.exe /t
                                                                                                            3⤵
                                                                                                              PID:4916
                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                            cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                            2⤵
                                                                                                              PID:3936
                                                                                                              • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                taskkill /f /im mmc.exe /t
                                                                                                                3⤵
                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                PID:2476
                                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                                              cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                              2⤵
                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                              PID:2396
                                                                                                              • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                taskkill /f /im mmc.exe /t
                                                                                                                3⤵
                                                                                                                  PID:4056
                                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                                cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                2⤵
                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                PID:1732
                                                                                                                • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                  taskkill /f /im mmc.exe /t
                                                                                                                  3⤵
                                                                                                                    PID:1352
                                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                                  cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                  2⤵
                                                                                                                    PID:2272
                                                                                                                    • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                      taskkill /f /im mmc.exe /t
                                                                                                                      3⤵
                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                      • Kills process with taskkill
                                                                                                                      PID:4704
                                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                                    cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                    2⤵
                                                                                                                      PID:3964
                                                                                                                      • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                        taskkill /f /im mmc.exe /t
                                                                                                                        3⤵
                                                                                                                        • Kills process with taskkill
                                                                                                                        PID:5112
                                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                                      cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                      2⤵
                                                                                                                        PID:3804
                                                                                                                        • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                          taskkill /f /im mmc.exe /t
                                                                                                                          3⤵
                                                                                                                            PID:3164
                                                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                                                          cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                          2⤵
                                                                                                                            PID:3776
                                                                                                                            • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                              taskkill /f /im mmc.exe /t
                                                                                                                              3⤵
                                                                                                                              • Kills process with taskkill
                                                                                                                              PID:5036
                                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                                            cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                            2⤵
                                                                                                                              PID:4744
                                                                                                                              • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                taskkill /f /im mmc.exe /t
                                                                                                                                3⤵
                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                PID:1716
                                                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                                                              cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                              2⤵
                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                              PID:3200
                                                                                                                              • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                taskkill /f /im mmc.exe /t
                                                                                                                                3⤵
                                                                                                                                  PID:2372
                                                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                2⤵
                                                                                                                                  PID:1920
                                                                                                                                  • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                    taskkill /f /im mmc.exe /t
                                                                                                                                    3⤵
                                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                                    PID:1356
                                                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                  cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                  2⤵
                                                                                                                                    PID:3792
                                                                                                                                    • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                      taskkill /f /im mmc.exe /t
                                                                                                                                      3⤵
                                                                                                                                        PID:3012
                                                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                      cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                      2⤵
                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                      PID:1004
                                                                                                                                      • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                        taskkill /f /im mmc.exe /t
                                                                                                                                        3⤵
                                                                                                                                          PID:2828
                                                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                        cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                        2⤵
                                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                                        PID:1376
                                                                                                                                        • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                          taskkill /f /im mmc.exe /t
                                                                                                                                          3⤵
                                                                                                                                            PID:3436
                                                                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                          cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                          2⤵
                                                                                                                                            PID:2848
                                                                                                                                            • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                              taskkill /f /im mmc.exe /t
                                                                                                                                              3⤵
                                                                                                                                              • Kills process with taskkill
                                                                                                                                              PID:2736
                                                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                            cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                            2⤵
                                                                                                                                              PID:3032
                                                                                                                                              • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                taskkill /f /im mmc.exe /t
                                                                                                                                                3⤵
                                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                                PID:1032
                                                                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                              cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                              2⤵
                                                                                                                                                PID:2288
                                                                                                                                                • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                  taskkill /f /im mmc.exe /t
                                                                                                                                                  3⤵
                                                                                                                                                  • Kills process with taskkill
                                                                                                                                                  PID:2456
                                                                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                2⤵
                                                                                                                                                  PID:900
                                                                                                                                                  • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                    taskkill /f /im mmc.exe /t
                                                                                                                                                    3⤵
                                                                                                                                                      PID:4688
                                                                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                    cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                    2⤵
                                                                                                                                                      PID:3448
                                                                                                                                                      • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                        taskkill /f /im mmc.exe /t
                                                                                                                                                        3⤵
                                                                                                                                                          PID:2536
                                                                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                        cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                        2⤵
                                                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                                                        PID:4184
                                                                                                                                                        • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                          taskkill /f /im mmc.exe /t
                                                                                                                                                          3⤵
                                                                                                                                                            PID:4636
                                                                                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                          cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                          2⤵
                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                          PID:4884
                                                                                                                                                          • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                            taskkill /f /im mmc.exe /t
                                                                                                                                                            3⤵
                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                            • Kills process with taskkill
                                                                                                                                                            PID:5016
                                                                                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                          cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                          2⤵
                                                                                                                                                            PID:3708
                                                                                                                                                            • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                              taskkill /f /im mmc.exe /t
                                                                                                                                                              3⤵
                                                                                                                                                                PID:3780
                                                                                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                              cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                              2⤵
                                                                                                                                                                PID:4480
                                                                                                                                                                • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                  taskkill /f /im mmc.exe /t
                                                                                                                                                                  3⤵
                                                                                                                                                                  • Kills process with taskkill
                                                                                                                                                                  PID:4992
                                                                                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                2⤵
                                                                                                                                                                  PID:3480
                                                                                                                                                                  • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                    taskkill /f /im mmc.exe /t
                                                                                                                                                                    3⤵
                                                                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                                                                    • Kills process with taskkill
                                                                                                                                                                    PID:4396
                                                                                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                  cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                  2⤵
                                                                                                                                                                    PID:3136
                                                                                                                                                                    • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                      taskkill /f /im mmc.exe /t
                                                                                                                                                                      3⤵
                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                      PID:3428
                                                                                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                    cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                    2⤵
                                                                                                                                                                      PID:740
                                                                                                                                                                      • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                        taskkill /f /im mmc.exe /t
                                                                                                                                                                        3⤵
                                                                                                                                                                          PID:232
                                                                                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                        cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                        2⤵
                                                                                                                                                                          PID:2504
                                                                                                                                                                          • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                            taskkill /f /im mmc.exe /t
                                                                                                                                                                            3⤵
                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                            • Kills process with taskkill
                                                                                                                                                                            PID:2024
                                                                                                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                          cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                          2⤵
                                                                                                                                                                            PID:4292
                                                                                                                                                                            • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                              taskkill /f /im mmc.exe /t
                                                                                                                                                                              3⤵
                                                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                                                              PID:532
                                                                                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                            cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                            2⤵
                                                                                                                                                                              PID:4788
                                                                                                                                                                              • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                taskkill /f /im mmc.exe /t
                                                                                                                                                                                3⤵
                                                                                                                                                                                • Kills process with taskkill
                                                                                                                                                                                PID:4296
                                                                                                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                              cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                              2⤵
                                                                                                                                                                                PID:344
                                                                                                                                                                                • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                  taskkill /f /im mmc.exe /t
                                                                                                                                                                                  3⤵
                                                                                                                                                                                    PID:1268
                                                                                                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                  cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                                  2⤵
                                                                                                                                                                                    PID:3964
                                                                                                                                                                                    • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                      taskkill /f /im mmc.exe /t
                                                                                                                                                                                      3⤵
                                                                                                                                                                                        PID:1892
                                                                                                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                      cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                                      2⤵
                                                                                                                                                                                        PID:1404
                                                                                                                                                                                        • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                          taskkill /f /im mmc.exe /t
                                                                                                                                                                                          3⤵
                                                                                                                                                                                          • Kills process with taskkill
                                                                                                                                                                                          PID:4244
                                                                                                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                        cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                                        2⤵
                                                                                                                                                                                          PID:2704
                                                                                                                                                                                          • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                            taskkill /f /im mmc.exe /t
                                                                                                                                                                                            3⤵
                                                                                                                                                                                              PID:1984
                                                                                                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                            cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                                            2⤵
                                                                                                                                                                                              PID:1684
                                                                                                                                                                                              • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                taskkill /f /im mmc.exe /t
                                                                                                                                                                                                3⤵
                                                                                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                                                                                • Kills process with taskkill
                                                                                                                                                                                                PID:2004
                                                                                                                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                              cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                                              2⤵
                                                                                                                                                                                                PID:4976
                                                                                                                                                                                                • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                  taskkill /f /im mmc.exe /t
                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                    PID:456
                                                                                                                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                  cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                    PID:1848
                                                                                                                                                                                                    • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                      taskkill /f /im mmc.exe /t
                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                      • Kills process with taskkill
                                                                                                                                                                                                      PID:2804
                                                                                                                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                    cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                      PID:3708
                                                                                                                                                                                                      • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                        taskkill /f /im mmc.exe /t
                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                        • Kills process with taskkill
                                                                                                                                                                                                        PID:1336
                                                                                                                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                      cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                        PID:1948
                                                                                                                                                                                                        • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                          taskkill /f /im mmc.exe /t
                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                          • Kills process with taskkill
                                                                                                                                                                                                          PID:4684
                                                                                                                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                        cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                          PID:4340
                                                                                                                                                                                                          • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                            taskkill /f /im mmc.exe /t
                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                            • Kills process with taskkill
                                                                                                                                                                                                            PID:2464
                                                                                                                                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                          cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                            PID:4916
                                                                                                                                                                                                            • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                              taskkill /f /im mmc.exe /t
                                                                                                                                                                                                              3⤵
                                                                                                                                                                                                                PID:2476
                                                                                                                                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                              cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                PID:2020
                                                                                                                                                                                                                • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                  taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                    PID:3864
                                                                                                                                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                  cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                    PID:4040
                                                                                                                                                                                                                    • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                      taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                      • Kills process with taskkill
                                                                                                                                                                                                                      PID:4924
                                                                                                                                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                    cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                      PID:4056
                                                                                                                                                                                                                      • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                        taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                                          PID:4876
                                                                                                                                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                        cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                          PID:4296
                                                                                                                                                                                                                          • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                            taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                              PID:4788
                                                                                                                                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                            cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                            PID:1808
                                                                                                                                                                                                                            • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                              taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                              3⤵
                                                                                                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                              PID:1820
                                                                                                                                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                            cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                              PID:4864
                                                                                                                                                                                                                              • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                                  PID:4576
                                                                                                                                                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                PID:2336
                                                                                                                                                                                                                                • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                  taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                                    PID:2368
                                                                                                                                                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                  cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                  PID:3876
                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                    taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                                    • Kills process with taskkill
                                                                                                                                                                                                                                    PID:808
                                                                                                                                                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                  cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                    PID:2292
                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                      taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                                      • Kills process with taskkill
                                                                                                                                                                                                                                      PID:2028
                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                    cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                      PID:4664
                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                        taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                        PID:1964
                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                      cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                        PID:3544
                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                          taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                                            PID:3680
                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                          cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                            PID:2704
                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                              taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                              3⤵
                                                                                                                                                                                                                                              • Kills process with taskkill
                                                                                                                                                                                                                                              PID:1220
                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                            cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                              PID:3788
                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                                                • Kills process with taskkill
                                                                                                                                                                                                                                                PID:4640
                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                              cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                                                                PID:4868
                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                  taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                  PID:2544
                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                  PID:3728
                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                    taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                                                      PID:1192
                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                    cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                      PID:4020
                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                        taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                                                                        • Kills process with taskkill
                                                                                                                                                                                                                                                        PID:2808
                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                      cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                      PID:4636
                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                        taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                                                                        • Kills process with taskkill
                                                                                                                                                                                                                                                        PID:2096
                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                      cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                        PID:3448
                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                          taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                                                            PID:2000
                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                          cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                            PID:2536
                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                              taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                              3⤵
                                                                                                                                                                                                                                                              • Kills process with taskkill
                                                                                                                                                                                                                                                              PID:2100
                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                            cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                              PID:1092
                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                                                                  PID:964
                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                  PID:4396
                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                    taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                                                                      PID:3400
                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                    cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                    PID:4332
                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                      taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                                                                        PID:3940
                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                      cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                      PID:2036
                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                        taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                                                                                          PID:2932
                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                        cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                          PID:4384
                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                            taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                                                                            • Kills process with taskkill
                                                                                                                                                                                                                                                                            PID:3936
                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                          cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                          PID:3696
                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                            taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                                                                              PID:728
                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                            cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                            PID:4788
                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                              taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                                              3⤵
                                                                                                                                                                                                                                                                              • Kills process with taskkill
                                                                                                                                                                                                                                                                              PID:4296
                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                            cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                              PID:1820
                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                                                                                  PID:1268
                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                PID:1404
                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                  taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                                                                                  • Kills process with taskkill
                                                                                                                                                                                                                                                                                  PID:2828
                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                  PID:4504
                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                    taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                    • Kills process with taskkill
                                                                                                                                                                                                                                                                                    PID:3496
                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                  cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                    PID:3544
                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                      taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                                                                                        PID:4356
                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                      cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                      PID:2704
                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                        taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                        PID:4372
                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                      cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                                                      2⤵
                                                                                                                                                                                                                                                                                        PID:2200
                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                          taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                                                                                            PID:4492
                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                          cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                            PID:4392
                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                              taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                                                              3⤵
                                                                                                                                                                                                                                                                                              • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                              PID:1376
                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                            cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                                                            2⤵
                                                                                                                                                                                                                                                                                              PID:3728
                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                                                                                                  PID:1608
                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                                                                2⤵
                                                                                                                                                                                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                PID:1764
                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                  taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                                                                                                    PID:5016
                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                  cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                                                                                                                    PID:3352
                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                      taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                                                                                                      • Kills process with taskkill
                                                                                                                                                                                                                                                                                                      PID:4044
                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                    cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                                                                                                                      PID:368
                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                        taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                                                                                                                          PID:2684
                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                        cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                                                                        2⤵
                                                                                                                                                                                                                                                                                                          PID:2536
                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                            taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                            • Kills process with taskkill
                                                                                                                                                                                                                                                                                                            PID:180
                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                          cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                          PID:3912
                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                            taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                                                                                                            • Kills process with taskkill
                                                                                                                                                                                                                                                                                                            PID:4980
                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                                          cmd.exe /c taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                                                                          2⤵
                                                                                                                                                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                                                                                                          PID:5040
                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                            taskkill /f /im mmc.exe /t
                                                                                                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                                                                                                              PID:4572

                                                                                                                                                                                                                                                                                                        Network

                                                                                                                                                                                                                                                                                                              MITRE ATT&CK Enterprise v15

                                                                                                                                                                                                                                                                                                              Replay Monitor

                                                                                                                                                                                                                                                                                                              Loading Replay Monitor...

                                                                                                                                                                                                                                                                                                              Downloads