Analysis Overview
SHA256
9fb32a17637b8291d56b2dfad58469416f146235a37a750587eb1a993063c19d
Threat Level: Likely malicious
The file WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe was found to be: Likely malicious.
Malicious Activity Summary
Stops running service(s)
Suspicious use of NtSetInformationThreadHideFromDebugger
Launches sc.exe
Unsigned PE
Kills process with taskkill
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-01 05:37
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-01 05:37
Reported
2024-06-01 05:40
Platform
win10v2004-20240426-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Stops running service(s)
Suspicious use of NtSetInformationThreadHideFromDebugger
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
| N/A | N/A | C:\Windows\system32\sc.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe
"C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c SystemSettingsAdminFlows.exe SetInternetTime 1 >nul 2>nul
C:\Windows\system32\SystemSettingsAdminFlows.exe
SystemSettingsAdminFlows.exe SetInternetTime 1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>nul
C:\Windows\system32\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerProSdk >nul 2>nul
C:\Windows\system32\sc.exe
sc stop HTTPDebuggerProSdk
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>nul
C:\Windows\system32\sc.exe
sc stop KProcessHacker3
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>nul
C:\Windows\system32\sc.exe
sc stop KProcessHacker2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>nul
C:\Windows\system32\sc.exe
sc stop KProcessHacker1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>nul
C:\Windows\system32\sc.exe
sc stop wireshark
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>nul
C:\Windows\system32\sc.exe
sc stop npf
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c SystemSettingsAdminFlows.exe SetInternetTime 1 >nul 2>nul
C:\Windows\system32\SystemSettingsAdminFlows.exe
SystemSettingsAdminFlows.exe SetInternetTime 1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| GB | 51.89.247.166:5647 | tcp | |
| US | 8.8.8.8:53 | 166.247.89.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.24.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
memory/1888-0-0x00007FF602B49000-0x00007FF603338000-memory.dmp
memory/1888-2-0x00007FFAFA3A0000-0x00007FFAFA3A2000-memory.dmp
memory/1888-1-0x00007FFAFA390000-0x00007FFAFA392000-memory.dmp
memory/1888-3-0x00007FF602A50000-0x00007FF603CC1000-memory.dmp
memory/1888-5-0x00007FF602A50000-0x00007FF603CC1000-memory.dmp
memory/1888-9-0x00007FF602A50000-0x00007FF603CC1000-memory.dmp
memory/1888-10-0x0000026F679F0000-0x0000026F679F1000-memory.dmp
memory/1888-13-0x0000026F67A20000-0x0000026F67A21000-memory.dmp
memory/1888-48-0x00007FF602B49000-0x00007FF603338000-memory.dmp
memory/1888-49-0x00007FF602A50000-0x00007FF603CC1000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-01 05:37
Reported
2024-06-01 05:40
Platform
win7-20240508-en
Max time kernel
122s
Max time network
123s
Command Line
Signatures
Stops running service(s)
Suspicious use of NtSetInformationThreadHideFromDebugger
Launches sc.exe
Kills process with taskkill
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe
"C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c SystemSettingsAdminFlows.exe SetInternetTime 1 >nul 2>nul
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>nul
C:\Windows\system32\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerProSdk >nul 2>nul
C:\Windows\system32\sc.exe
sc stop HTTPDebuggerProSdk
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>nul
C:\Windows\system32\sc.exe
sc stop KProcessHacker3
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>nul
C:\Windows\system32\sc.exe
sc stop KProcessHacker2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>nul
C:\Windows\system32\sc.exe
sc stop KProcessHacker1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>nul
C:\Windows\system32\sc.exe
sc stop wireshark
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>nul
C:\Windows\system32\sc.exe
sc stop npf
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c SystemSettingsAdminFlows.exe SetInternetTime 1 >nul 2>nul
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>nul
C:\Windows\system32\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerProSdk >nul 2>nul
C:\Windows\system32\sc.exe
sc stop HTTPDebuggerProSdk
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>nul
C:\Windows\system32\sc.exe
sc stop KProcessHacker3
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>nul
C:\Windows\system32\sc.exe
sc stop KProcessHacker2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>nul
C:\Windows\system32\sc.exe
sc stop KProcessHacker1
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1484 -s 1100
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>nul
C:\Windows\system32\sc.exe
sc stop wireshark
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>nul
C:\Windows\system32\sc.exe
sc stop npf
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c SystemSettingsAdminFlows.exe SetInternetTime 1 >nul 2>nul
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>nul
C:\Windows\system32\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerProSdk >nul 2>nul
C:\Windows\system32\sc.exe
sc stop HTTPDebuggerProSdk
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>nul
C:\Windows\system32\sc.exe
sc stop KProcessHacker3
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>nul
C:\Windows\system32\sc.exe
sc stop KProcessHacker2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>nul
C:\Windows\system32\sc.exe
sc stop KProcessHacker1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>nul
C:\Windows\system32\sc.exe
sc stop wireshark
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>nul
C:\Windows\system32\sc.exe
sc stop npf
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c SystemSettingsAdminFlows.exe SetInternetTime 1 >nul 2>nul
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>nul
C:\Windows\system32\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerProSdk >nul 2>nul
C:\Windows\system32\sc.exe
sc stop HTTPDebuggerProSdk
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>nul
C:\Windows\system32\sc.exe
sc stop KProcessHacker3
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>nul
C:\Windows\system32\sc.exe
sc stop KProcessHacker2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>nul
C:\Windows\system32\sc.exe
sc stop KProcessHacker1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>nul
C:\Windows\system32\sc.exe
sc stop wireshark
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>nul
C:\Windows\system32\sc.exe
sc stop npf
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c SystemSettingsAdminFlows.exe SetInternetTime 1 >nul 2>nul
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>nul
C:\Windows\system32\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerProSdk >nul 2>nul
C:\Windows\system32\sc.exe
sc stop HTTPDebuggerProSdk
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>nul
C:\Windows\system32\sc.exe
sc stop KProcessHacker3
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>nul
C:\Windows\system32\sc.exe
sc stop KProcessHacker2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>nul
C:\Windows\system32\sc.exe
sc stop KProcessHacker1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>nul
C:\Windows\system32\sc.exe
sc stop wireshark
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>nul
C:\Windows\system32\sc.exe
sc stop npf
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c SystemSettingsAdminFlows.exe SetInternetTime 1 >nul 2>nul
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>nul
C:\Windows\system32\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerProSdk >nul 2>nul
C:\Windows\system32\sc.exe
sc stop HTTPDebuggerProSdk
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>nul
C:\Windows\system32\sc.exe
sc stop KProcessHacker3
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>nul
C:\Windows\system32\sc.exe
sc stop KProcessHacker2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>nul
C:\Windows\system32\sc.exe
sc stop KProcessHacker1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>nul
C:\Windows\system32\sc.exe
sc stop wireshark
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>nul
C:\Windows\system32\sc.exe
sc stop npf
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c SystemSettingsAdminFlows.exe SetInternetTime 1 >nul 2>nul
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>nul
C:\Windows\system32\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerProSdk >nul 2>nul
C:\Windows\system32\sc.exe
sc stop HTTPDebuggerProSdk
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>nul
C:\Windows\system32\sc.exe
sc stop KProcessHacker3
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>nul
C:\Windows\system32\sc.exe
sc stop KProcessHacker2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>nul
C:\Windows\system32\sc.exe
sc stop KProcessHacker1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>nul
C:\Windows\system32\sc.exe
sc stop wireshark
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>nul
C:\Windows\system32\sc.exe
sc stop npf
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c SystemSettingsAdminFlows.exe SetInternetTime 1 >nul 2>nul
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>nul
C:\Windows\system32\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerProSdk >nul 2>nul
C:\Windows\system32\sc.exe
sc stop HTTPDebuggerProSdk
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>nul
C:\Windows\system32\sc.exe
sc stop KProcessHacker3
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>nul
C:\Windows\system32\sc.exe
sc stop KProcessHacker2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>nul
C:\Windows\system32\sc.exe
sc stop KProcessHacker1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>nul
C:\Windows\system32\sc.exe
sc stop wireshark
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>nul
C:\Windows\system32\sc.exe
sc stop npf
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c SystemSettingsAdminFlows.exe SetInternetTime 1 >nul 2>nul
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>nul
C:\Windows\system32\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerProSdk >nul 2>nul
C:\Windows\system32\sc.exe
sc stop HTTPDebuggerProSdk
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>nul
C:\Windows\system32\sc.exe
sc stop KProcessHacker3
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>nul
C:\Windows\system32\sc.exe
sc stop KProcessHacker2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>nul
C:\Windows\system32\sc.exe
sc stop KProcessHacker1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>nul
C:\Windows\system32\sc.exe
sc stop wireshark
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>nul
C:\Windows\system32\sc.exe
sc stop npf
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c SystemSettingsAdminFlows.exe SetInternetTime 1 >nul 2>nul
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>nul
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>nul
C:\Windows\system32\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerProSdk >nul 2>nul
C:\Windows\system32\sc.exe
sc stop HTTPDebuggerProSdk
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>nul
C:\Windows\system32\sc.exe
sc stop KProcessHacker3
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>nul
C:\Windows\system32\sc.exe
sc stop KProcessHacker2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>nul
C:\Windows\system32\sc.exe
sc stop KProcessHacker1
Network
| Country | Destination | Domain | Proto |
| GB | 51.89.247.166:5647 | tcp |
Files
memory/1484-0-0x000000013F289000-0x000000013FA78000-memory.dmp
memory/1484-18-0x000000013F190000-0x0000000140401000-memory.dmp
memory/1484-16-0x000000013F190000-0x0000000140401000-memory.dmp
memory/1484-11-0x000000013F190000-0x0000000140401000-memory.dmp
memory/1484-10-0x0000000077610000-0x0000000077612000-memory.dmp
memory/1484-8-0x0000000077610000-0x0000000077612000-memory.dmp
memory/1484-6-0x0000000077610000-0x0000000077612000-memory.dmp
memory/1484-5-0x00000000775F0000-0x00000000775F2000-memory.dmp
memory/1484-3-0x00000000775F0000-0x00000000775F2000-memory.dmp
memory/1484-1-0x00000000775F0000-0x00000000775F2000-memory.dmp
memory/1484-35-0x0000000000150000-0x0000000000151000-memory.dmp
memory/1484-42-0x0000000000150000-0x0000000000151000-memory.dmp
memory/1484-57-0x0000000000150000-0x0000000000151000-memory.dmp
memory/1484-121-0x000000013F190000-0x0000000140401000-memory.dmp
memory/1484-120-0x000000013F289000-0x000000013FA78000-memory.dmp