Windows Analysis Report
sos.exe

AV Detection

Source: sos.exe

Avira: detected

Source: Submited Sample

Integrated Neural Analysis Model: Matched 91.0% probability

Compliance

Source: sos.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Software Vulnerabilities

Source: C:\Users\user\Desktop\sos.exe	Code function: 4x nop then mov rdi, 0000800000000000h		0_2_00EC9C80
Source: C:\Users\user\Desktop\sos.exe	Code function: 4x nop then sub rbx, qword ptr [rax+18h]		0_2_00EBFC20
Source: C:\Users\user\Desktop\sos.exe	Code function: 4x nop then mov rsi, r9		0_2_00ECB100

Networking

Source: global traffic

TCP traffic: 192.168.2.6:49710 -> 77.90.38.170:1445

Source: unknown	TCP traffic detected without corresponding DNS query: 77.90.38.170
Source: unknown	TCP traffic detected without corresponding DNS query: 77.90.38.170
Source: unknown	TCP traffic detected without corresponding DNS query: 77.90.38.170
Source: unknown	TCP traffic detected without corresponding DNS query: 77.90.38.170
Source: unknown	TCP traffic detected without corresponding DNS query: 77.90.38.170

System Summary

Source: C:\Users\user\Desktop\sos.exe	Code function: 0_2_00ECC4A0		0_2_00ECC4A0
Source: C:\Users\user\Desktop\sos.exe	Code function: 0_2_00EDB0A0		0_2_00EDB0A0
Source: C:\Users\user\Desktop\sos.exe	Code function: 0_2_00EC9C80		0_2_00EC9C80
Source: C:\Users\user\Desktop\sos.exe	Code function: 0_2_00EB5485		0_2_00EB5485
Source: C:\Users\user\Desktop\sos.exe	Code function: 0_2_00EA6060		0_2_00EA6060
Source: C:\Users\user\Desktop\sos.exe	Code function: 0_2_00EB9C08		0_2_00EB9C08
Source: C:\Users\user\Desktop\sos.exe	Code function: 0_2_00EB6000		0_2_00EB6000
Source: C:\Users\user\Desktop\sos.exe	Code function: 0_2_00EAC5C0		0_2_00EAC5C0
Source: C:\Users\user\Desktop\sos.exe	Code function: 0_2_00EED5C0		0_2_00EED5C0
Source: C:\Users\user\Desktop\sos.exe	Code function: 0_2_00EAD180		0_2_00EAD180
Source: C:\Users\user\Desktop\sos.exe	Code function: 0_2_00EC6560		0_2_00EC6560
Source: C:\Users\user\Desktop\sos.exe	Code function: 0_2_00EEF140		0_2_00EEF140
Source: C:\Users\user\Desktop\sos.exe	Code function: 0_2_00ECA100		0_2_00ECA100
Source: C:\Users\user\Desktop\sos.exe	Code function: 0_2_00ECB100		0_2_00ECB100
Source: C:\Users\user\Desktop\sos.exe	Code function: 0_2_00EA52E0		0_2_00EA52E0
Source: C:\Users\user\Desktop\sos.exe	Code function: 0_2_00EBD2A0		0_2_00EBD2A0
Source: C:\Users\user\Desktop\sos.exe	Code function: 0_2_00EBEEA0		0_2_00EBEEA0
Source: C:\Users\user\Desktop\sos.exe	Code function: 0_2_00EB9680		0_2_00EB9680
Source: C:\Users\user\Desktop\sos.exe	Code function: 0_2_00ED4280		0_2_00ED4280
Source: C:\Users\user\Desktop\sos.exe	Code function: 0_2_00EEA680		0_2_00EEA680
Source: C:\Users\user\Desktop\sos.exe	Code function: 0_2_00EC7240		0_2_00EC7240
Source: C:\Users\user\Desktop\sos.exe	Code function: 0_2_00EA5BE0		0_2_00EA5BE0
Source: C:\Users\user\Desktop\sos.exe	Code function: 0_2_00EA97E0		0_2_00EA97E0
Source: C:\Users\user\Desktop\sos.exe	Code function: 0_2_00EB3760		0_2_00EB3760
Source: C:\Users\user\Desktop\sos.exe	Code function: 0_2_00ED7720		0_2_00ED7720
Source: C:\Users\user\Desktop\sos.exe	Code function: 0_2_00EBFF00		0_2_00EBFF00
Source: C:\Users\user\Desktop\sos.exe	Code function: 0_2_00EEDF00		0_2_00EEDF00

Source: C:\Users\user\Desktop\sos.exe	Code function: String function: 00ED8DC0 appears 348 times
Source: C:\Users\user\Desktop\sos.exe	Code function: String function: 00ED6C00 appears 255 times
Source: C:\Users\user\Desktop\sos.exe	Code function: String function: 00ED8540 appears 41 times

Source: classification engine

Classification label: mal60.evad.winEXE@3392/0@0/1

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3416:120:WilError_03

Source: C:\Users\user\Desktop\sos.exe

File opened: C:\Windows\system32\f4e7babac34c7568a12c321ae46a477852dd3a0bd46b9f8ad02561aef5edee99AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

Jump to behavior

Source: sos.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\sos.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: sos.exe

String found in binary or memory: net/addrselect.go

Source: unknown	Process created: C:\Users\user\Desktop\sos.exe "C:\Users\user\Desktop\sos.exe"
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c

Source: C:\Users\user\Desktop\sos.exe	Section loaded: apphelp.dll			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Section loaded: cryptbase.dll			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Section loaded: winmm.dll			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Section loaded: powrprof.dll			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Section loaded: umpdc.dll			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Section loaded: mswsock.dll			Jump to behavior

Source: sos.exe

Static file information: File size 2015232 > 1048576

Source: sos.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Data Obfuscation

Source: sos.exe

Static PE information: section name: .symtab

Hooking and other Techniques for Hiding and Protection

Source: C:\Users\user\Desktop\sos.exe	Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX			Jump to behavior

Malware Analysis System Evasion

Source: C:\Users\user\Desktop\sos.exe

Code function: 0_2_00F02E20 rdtscp

0_2_00F02E20

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Windows\System32\cmd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\System32\cmd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\System32\cmd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\System32\cmd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\System32\cmd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\System32\cmd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\System32\cmd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\System32\cmd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\System32\cmd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\System32\cmd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\System32\cmd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\System32\cmd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\System32\cmd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\System32\cmd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\System32\cmd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\System32\cmd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS

Source: C:\Windows\System32\cmd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Windows\System32\cmd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Windows\System32\cmd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Windows\System32\cmd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Windows\System32\cmd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Windows\System32\cmd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Windows\System32\cmd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Windows\System32\cmd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Windows\System32\cmd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Windows\System32\cmd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Windows\System32\cmd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Windows\System32\cmd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Windows\System32\cmd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Windows\System32\cmd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Windows\System32\cmd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Windows\System32\cmd.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: sos.exe, 00000000.00000002.3370634259.000001A15D5AC000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Anti Debugging

Source: C:\Users\user\Desktop\sos.exe

Code function: 0_2_00F02E20 Start: 00F02E29 End: 00F02E3F

0_2_00F02E20

Source: C:\Users\user\Desktop\sos.exe

Code function: 0_2_00F02E20 rdtscp

0_2_00F02E20

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

HIPS / PFW / Operating System Protection Evasion

Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior
Source: C:\Users\user\Desktop\sos.exe	Process created: C:\Windows\System32\cmd.exe cmd /c			Jump to behavior