Overview
overview
10Static
static
3main.exe
windows7-x64
1main.exe
windows10-2004-x64
1ransom.exe
windows7-x64
10ransom.exe
windows10-2004-x64
10key_gen/main.exe
windows7-x64
1key_gen/main.exe
windows10-2004-x64
1key_gen/ransom.exe
windows7-x64
9key_gen/ransom.exe
windows10-2004-x64
9ransom/Rel...om.exe
windows7-x64
6ransom/Rel...om.exe
windows10-2004-x64
6ransom/ran...ts.vbs
windows7-x64
1ransom/ran...ts.vbs
windows10-2004-x64
1ransom/ran...hic.js
windows7-x64
3ransom/ran...hic.js
windows10-2004-x64
3ransom/ran...som.js
windows7-x64
3ransom/ran...som.js
windows10-2004-x64
3Analysis
-
max time kernel
150s -
max time network
20s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
05/11/2024, 16:00
Static task
static1
Behavioral task
behavioral1
Sample
main.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
main.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
ransom.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
ransom.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
key_gen/main.exe
Resource
win7-20240729-en
Behavioral task
behavioral6
Sample
key_gen/main.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
key_gen/ransom.exe
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
key_gen/ransom.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
ransom/Release/ransom.exe
Resource
win7-20240729-en
Behavioral task
behavioral10
Sample
ransom/Release/ransom.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
ransom/ransom/Crypto/RSA/bigdigits.vbs
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
ransom/ransom/Crypto/RSA/bigdigits.vbs
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
ransom/ransom/Cryptographic.js
Resource
win7-20241010-en
Behavioral task
behavioral14
Sample
ransom/ransom/Cryptographic.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
ransom/ransom/ransom.js
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
ransom/ransom/ransom.js
Resource
win10v2004-20241007-en
General
-
Target
ransom/Release/ransom.exe
-
Size
6.4MB
-
MD5
626fab8275d8d8e841bc9a08b208201e
-
SHA1
197d5c9c5cbf53ed3e78d53a008b6ad665fa3e4c
-
SHA256
e26db13a9660555448acb7591f382b480b0252d19e3ad6c6678ba5e1f03d6458
-
SHA512
e106cf78731d9a8e75b5e76ecf881bb12262f13b05b805e89f3bede061a4a1ebb738d7a7631fb51801d95717ca34dabb12f7ed4826e6812ceadb0bad98fcb0d0
-
SSDEEP
6144:o3j7hJkMepmEfZsVOM7pNbDMuoKJ+QtDeQYizHMTlaw81FRx3JmfBcOmg:o3nkMS2R6RdQtzH8lhwFbZgaOm
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\i: ransom.exe File opened (read-only) \??\s: ransom.exe File opened (read-only) \??\x: ransom.exe File opened (read-only) \??\g: ransom.exe File opened (read-only) \??\j: ransom.exe File opened (read-only) \??\k: ransom.exe File opened (read-only) \??\o: ransom.exe File opened (read-only) \??\p: ransom.exe File opened (read-only) \??\r: ransom.exe File opened (read-only) \??\u: ransom.exe File opened (read-only) \??\v: ransom.exe File opened (read-only) \??\a: ransom.exe File opened (read-only) \??\b: ransom.exe File opened (read-only) \??\e: ransom.exe File opened (read-only) \??\l: ransom.exe File opened (read-only) \??\m: ransom.exe File opened (read-only) \??\q: ransom.exe File opened (read-only) \??\w: ransom.exe File opened (read-only) \??\z: ransom.exe File opened (read-only) \??\h: ransom.exe File opened (read-only) \??\n: ransom.exe File opened (read-only) \??\t: ransom.exe File opened (read-only) \??\y: ransom.exe -
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\\\tmp.bmp" ransom.exe -
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe -
Kills process with taskkill 64 IoCs
pid Process 2836 taskkill.exe 1700 taskkill.exe 2004 taskkill.exe 616 taskkill.exe 2424 taskkill.exe 1960 taskkill.exe 1880 taskkill.exe 2252 taskkill.exe 2468 taskkill.exe 1948 taskkill.exe 2724 taskkill.exe 1088 taskkill.exe 2972 taskkill.exe 2072 taskkill.exe 304 taskkill.exe 2092 taskkill.exe 1264 taskkill.exe 2992 taskkill.exe 976 taskkill.exe 2516 taskkill.exe 1932 taskkill.exe 1732 taskkill.exe 1804 taskkill.exe 2332 taskkill.exe 2816 taskkill.exe 2320 taskkill.exe 1752 taskkill.exe 2164 taskkill.exe 2000 taskkill.exe 1724 taskkill.exe 3044 taskkill.exe 2800 taskkill.exe 1148 taskkill.exe 3068 taskkill.exe 2684 taskkill.exe 1376 taskkill.exe 2312 taskkill.exe 2624 taskkill.exe 616 taskkill.exe 2660 taskkill.exe 652 taskkill.exe 2564 taskkill.exe 3016 taskkill.exe 2084 taskkill.exe 2516 taskkill.exe 1136 taskkill.exe 2156 taskkill.exe 3052 taskkill.exe 3032 taskkill.exe 1112 taskkill.exe 1312 taskkill.exe 3056 taskkill.exe 280 taskkill.exe 3056 taskkill.exe 1696 taskkill.exe 2516 taskkill.exe 1312 taskkill.exe 264 taskkill.exe 2880 taskkill.exe 2216 taskkill.exe 2348 taskkill.exe 536 taskkill.exe 2108 taskkill.exe 2004 taskkill.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeDebugPrivilege 2224 taskkill.exe Token: SeDebugPrivilege 2816 taskkill.exe Token: SeDebugPrivilege 2820 taskkill.exe Token: SeDebugPrivilege 2444 taskkill.exe Token: SeDebugPrivilege 2660 taskkill.exe Token: SeDebugPrivilege 2732 taskkill.exe Token: SeDebugPrivilege 3056 taskkill.exe Token: SeDebugPrivilege 3032 taskkill.exe Token: SeDebugPrivilege 2516 taskkill.exe Token: SeDebugPrivilege 1932 taskkill.exe Token: SeDebugPrivilege 288 taskkill.exe Token: SeDebugPrivilege 1112 taskkill.exe Token: SeDebugPrivilege 1724 taskkill.exe Token: SeDebugPrivilege 1264 taskkill.exe Token: SeDebugPrivilege 1792 taskkill.exe Token: SeDebugPrivilege 1752 taskkill.exe Token: SeDebugPrivilege 2600 taskkill.exe Token: SeDebugPrivilege 2060 taskkill.exe Token: SeDebugPrivilege 2360 taskkill.exe Token: SeDebugPrivilege 2064 taskkill.exe Token: SeDebugPrivilege 2624 taskkill.exe Token: SeDebugPrivilege 2968 taskkill.exe Token: SeDebugPrivilege 1784 taskkill.exe Token: SeDebugPrivilege 1880 taskkill.exe Token: SeDebugPrivilege 1720 taskkill.exe Token: SeDebugPrivilege 2132 taskkill.exe Token: SeDebugPrivilege 2400 taskkill.exe Token: SeDebugPrivilege 1888 taskkill.exe Token: SeDebugPrivilege 1968 taskkill.exe Token: SeDebugPrivilege 2320 taskkill.exe Token: SeDebugPrivilege 2108 taskkill.exe Token: SeDebugPrivilege 2812 taskkill.exe Token: SeDebugPrivilege 2920 taskkill.exe Token: SeDebugPrivilege 304 taskkill.exe Token: SeDebugPrivilege 2680 taskkill.exe Token: SeDebugPrivilege 3052 taskkill.exe Token: SeDebugPrivilege 1700 taskkill.exe Token: SeDebugPrivilege 2468 taskkill.exe Token: SeDebugPrivilege 2516 taskkill.exe Token: SeDebugPrivilege 1932 taskkill.exe Token: SeDebugPrivilege 2000 taskkill.exe Token: SeDebugPrivilege 1112 taskkill.exe Token: SeDebugPrivilege 1724 taskkill.exe Token: SeDebugPrivilege 1264 taskkill.exe Token: SeDebugPrivilege 1792 taskkill.exe Token: SeDebugPrivilege 1752 taskkill.exe Token: SeDebugPrivilege 2152 taskkill.exe Token: SeDebugPrivilege 2252 taskkill.exe Token: SeDebugPrivilege 2164 taskkill.exe Token: SeDebugPrivilege 2216 taskkill.exe Token: SeDebugPrivilege 2004 taskkill.exe Token: SeDebugPrivilege 2528 taskkill.exe Token: SeDebugPrivilege 1312 taskkill.exe Token: SeDebugPrivilege 616 taskkill.exe Token: SeDebugPrivilege 1696 taskkill.exe Token: SeDebugPrivilege 2092 taskkill.exe Token: SeDebugPrivilege 2400 taskkill.exe Token: SeDebugPrivilege 1172 taskkill.exe Token: SeDebugPrivilege 1936 taskkill.exe Token: SeDebugPrivilege 2312 taskkill.exe Token: SeDebugPrivilege 2544 taskkill.exe Token: SeDebugPrivilege 2932 taskkill.exe Token: SeDebugPrivilege 2836 taskkill.exe Token: SeDebugPrivilege 2832 taskkill.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2268 wrote to memory of 2952 2268 ransom.exe 30 PID 2268 wrote to memory of 2952 2268 ransom.exe 30 PID 2268 wrote to memory of 2952 2268 ransom.exe 30 PID 2268 wrote to memory of 2952 2268 ransom.exe 30 PID 2952 wrote to memory of 2224 2952 cmd.exe 31 PID 2952 wrote to memory of 2224 2952 cmd.exe 31 PID 2952 wrote to memory of 2224 2952 cmd.exe 31 PID 2952 wrote to memory of 2224 2952 cmd.exe 31 PID 2268 wrote to memory of 2984 2268 ransom.exe 33 PID 2268 wrote to memory of 2984 2268 ransom.exe 33 PID 2268 wrote to memory of 2984 2268 ransom.exe 33 PID 2268 wrote to memory of 2984 2268 ransom.exe 33 PID 2984 wrote to memory of 2816 2984 cmd.exe 34 PID 2984 wrote to memory of 2816 2984 cmd.exe 34 PID 2984 wrote to memory of 2816 2984 cmd.exe 34 PID 2984 wrote to memory of 2816 2984 cmd.exe 34 PID 2268 wrote to memory of 2972 2268 ransom.exe 35 PID 2268 wrote to memory of 2972 2268 ransom.exe 35 PID 2268 wrote to memory of 2972 2268 ransom.exe 35 PID 2268 wrote to memory of 2972 2268 ransom.exe 35 PID 2972 wrote to memory of 2820 2972 cmd.exe 36 PID 2972 wrote to memory of 2820 2972 cmd.exe 36 PID 2972 wrote to memory of 2820 2972 cmd.exe 36 PID 2972 wrote to memory of 2820 2972 cmd.exe 36 PID 2268 wrote to memory of 2684 2268 ransom.exe 37 PID 2268 wrote to memory of 2684 2268 ransom.exe 37 PID 2268 wrote to memory of 2684 2268 ransom.exe 37 PID 2268 wrote to memory of 2684 2268 ransom.exe 37 PID 2684 wrote to memory of 2444 2684 cmd.exe 38 PID 2684 wrote to memory of 2444 2684 cmd.exe 38 PID 2684 wrote to memory of 2444 2684 cmd.exe 38 PID 2684 wrote to memory of 2444 2684 cmd.exe 38 PID 2268 wrote to memory of 2716 2268 ransom.exe 39 PID 2268 wrote to memory of 2716 2268 ransom.exe 39 PID 2268 wrote to memory of 2716 2268 ransom.exe 39 PID 2268 wrote to memory of 2716 2268 ransom.exe 39 PID 2716 wrote to memory of 2660 2716 cmd.exe 40 PID 2716 wrote to memory of 2660 2716 cmd.exe 40 PID 2716 wrote to memory of 2660 2716 cmd.exe 40 PID 2716 wrote to memory of 2660 2716 cmd.exe 40 PID 2268 wrote to memory of 2724 2268 ransom.exe 41 PID 2268 wrote to memory of 2724 2268 ransom.exe 41 PID 2268 wrote to memory of 2724 2268 ransom.exe 41 PID 2268 wrote to memory of 2724 2268 ransom.exe 41 PID 2724 wrote to memory of 2732 2724 cmd.exe 42 PID 2724 wrote to memory of 2732 2724 cmd.exe 42 PID 2724 wrote to memory of 2732 2724 cmd.exe 42 PID 2724 wrote to memory of 2732 2724 cmd.exe 42 PID 2268 wrote to memory of 2200 2268 ransom.exe 43 PID 2268 wrote to memory of 2200 2268 ransom.exe 43 PID 2268 wrote to memory of 2200 2268 ransom.exe 43 PID 2268 wrote to memory of 2200 2268 ransom.exe 43 PID 2200 wrote to memory of 3056 2200 cmd.exe 44 PID 2200 wrote to memory of 3056 2200 cmd.exe 44 PID 2200 wrote to memory of 3056 2200 cmd.exe 44 PID 2200 wrote to memory of 3056 2200 cmd.exe 44 PID 2268 wrote to memory of 2944 2268 ransom.exe 45 PID 2268 wrote to memory of 2944 2268 ransom.exe 45 PID 2268 wrote to memory of 2944 2268 ransom.exe 45 PID 2268 wrote to memory of 2944 2268 ransom.exe 45 PID 2944 wrote to memory of 3032 2944 cmd.exe 46 PID 2944 wrote to memory of 3032 2944 cmd.exe 46 PID 2944 wrote to memory of 3032 2944 cmd.exe 46 PID 2944 wrote to memory of 3032 2944 cmd.exe 46
Processes
-
C:\Users\Admin\AppData\Local\Temp\ransom\Release\ransom.exe"C:\Users\Admin\AppData\Local\Temp\ransom\Release\ransom.exe"1⤵
- Enumerates connected drives
- Sets desktop wallpaper using registry
- Suspicious use of WriteProcessMemory
PID:2268 -
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- Suspicious use of WriteProcessMemory
PID:2952 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2224
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- Suspicious use of WriteProcessMemory
PID:2984 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2816
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- Suspicious use of WriteProcessMemory
PID:2972 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2820
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- Suspicious use of WriteProcessMemory
PID:2684 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2444
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2716 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2660
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- Suspicious use of WriteProcessMemory
PID:2724 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2732
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- Suspicious use of WriteProcessMemory
PID:2200 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3056
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- Suspicious use of WriteProcessMemory
PID:2944 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3032
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2080
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2516
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1876
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1932
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1404
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:288
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:268
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1112
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2564
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:1724
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:1924 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:1264
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1296
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1792
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:892
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1752
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:2088 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2600
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1940
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2060
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:1484 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2360
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1976
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2064
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:664 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2624
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:3036
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2968
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:3020 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1784
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1540
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:1880
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2084
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:1720
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2044
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2132
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:388
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2400
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:264
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1888
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2576
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:1968
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2956
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2320
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:2596 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2108
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2952
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2812
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2792
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2920
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:2884 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:304
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2772
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2680
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:2712 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3052
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:2160 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:1700
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2220
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2468
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2408
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2516
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:980
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:1932
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1992
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2000
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2096
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:1112
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:900
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:1724
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:768 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1264
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:292
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1792
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1256
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:1752
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2208
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2152
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:2292 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2252
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1604
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2164
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1084
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2216
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2548
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2004
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1960
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2528
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:872
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:1312
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1772
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:616
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1668
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:1696
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:936
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2092
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1336
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2400
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:1624 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1172
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1948
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1936
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:3012
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2312
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:2028 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2544
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:2768 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2932
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:2696 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2836
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2828
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2832
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:2672 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:2656
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2780
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
PID:3044
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:3056
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
PID:1700
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:3032
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:2468
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:780
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:2516
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1692
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:1932
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:652
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
PID:2000
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2376
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:1112
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2564
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:576
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1148
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:1264
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1748
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:1792
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:3068 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:1752
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:2088 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:2152
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1940
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:2252
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1548
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:2164
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:1976 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:2216
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2552
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
PID:2004
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:3036
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:2528
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:1784 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:1312
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1444
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:616
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:2084 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:1696
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2044
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:2092
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1980
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:2400
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:264 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:700
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:1936 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:1948
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2320
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:2740
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2028
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:2800
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2768
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:2936
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2696
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
PID:2296
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2828
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:2660
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2672
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:2724
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:3044
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
PID:1860
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2728
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:2900
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2700
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:2424
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2188
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:2476
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:2520 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:2156
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1932
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:1692
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:288
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:652
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:408
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:2376
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:576
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:2564
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1264
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
PID:1148
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:1792 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:1748
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1752
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:3068
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2088
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:2232
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1940
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:2492
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2360
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:536
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1952
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:3016
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2552
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:2008
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2180
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:2648
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:956
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:1732
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1532
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:836
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:1696 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:2084
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2132
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
PID:1088
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2400
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:2428
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:700
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:264
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:1948 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:1936
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2456
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:2348
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2952
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:2880
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:2852 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
PID:2972
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:304
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:2684
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2796
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:2716
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:2656 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
PID:2928
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2780
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
PID:824
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:2388 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
PID:3056
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:3060 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:636
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2300
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:1500
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:3032
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
PID:1376
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2520
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:1992
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1404
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:764
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:756
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:2148
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:900
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:1136
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1248
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:2840
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1196
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:2072
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2100
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:2992
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2292
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:2396
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2252
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:280
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2164
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:1804
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2240
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:996
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2004
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:1960
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵
- System Location Discovery: System Language Discovery
PID:2324 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
PID:2332
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:692
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:1920
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:352
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵PID:920
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:1740
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- System Location Discovery: System Language Discovery
PID:936
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im mmc.exe /t2⤵PID:2340
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im mmc.exe /t3⤵
- Kills process with taskkill
PID:976
-
-