Malware Analysis Report

2025-01-06 09:19

Sample ID 240601-gbd37acc83
Target WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe
SHA256 9fb32a17637b8291d56b2dfad58469416f146235a37a750587eb1a993063c19d
Tags
evasion execution
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

9fb32a17637b8291d56b2dfad58469416f146235a37a750587eb1a993063c19d

Threat Level: Likely malicious

The file WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe was found to be: Likely malicious.

Malicious Activity Summary

evasion execution

Stops running service(s)

Suspicious use of NtSetInformationThreadHideFromDebugger

Launches sc.exe

Unsigned PE

Kills process with taskkill

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-01 05:37

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-01 05:37

Reported

2024-06-01 05:40

Platform

win10v2004-20240426-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe"

Signatures

Stops running service(s)

evasion execution

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1888 wrote to memory of 5100 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 1888 wrote to memory of 5100 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 5100 wrote to memory of 2328 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\SystemSettingsAdminFlows.exe
PID 5100 wrote to memory of 2328 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\SystemSettingsAdminFlows.exe
PID 1888 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 1888 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 2108 wrote to memory of 2152 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 2108 wrote to memory of 2152 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 1888 wrote to memory of 3160 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 1888 wrote to memory of 3160 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 3160 wrote to memory of 3620 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 3160 wrote to memory of 3620 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 1888 wrote to memory of 3284 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 1888 wrote to memory of 3284 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 3284 wrote to memory of 4684 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 3284 wrote to memory of 4684 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 1888 wrote to memory of 4956 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 1888 wrote to memory of 4956 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 4956 wrote to memory of 3932 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 4956 wrote to memory of 3932 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 1888 wrote to memory of 2324 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 1888 wrote to memory of 2324 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 2324 wrote to memory of 4596 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 2324 wrote to memory of 4596 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 1888 wrote to memory of 4268 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 1888 wrote to memory of 4268 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 4268 wrote to memory of 2396 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 4268 wrote to memory of 2396 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 1888 wrote to memory of 1452 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 1888 wrote to memory of 1452 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 1452 wrote to memory of 3952 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 1452 wrote to memory of 3952 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 1888 wrote to memory of 4152 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 1888 wrote to memory of 4152 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 4152 wrote to memory of 4968 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 4152 wrote to memory of 4968 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 1888 wrote to memory of 3944 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 1888 wrote to memory of 3944 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 1888 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 1888 wrote to memory of 2644 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 2644 wrote to memory of 1004 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\sc.exe
PID 2644 wrote to memory of 1004 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\sc.exe
PID 1888 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 1888 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 2252 wrote to memory of 4948 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\sc.exe
PID 2252 wrote to memory of 4948 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\sc.exe
PID 1888 wrote to memory of 1324 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 1888 wrote to memory of 1324 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 1324 wrote to memory of 1040 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\sc.exe
PID 1324 wrote to memory of 1040 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\sc.exe
PID 1888 wrote to memory of 668 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 1888 wrote to memory of 668 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 668 wrote to memory of 2772 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\sc.exe
PID 668 wrote to memory of 2772 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\sc.exe
PID 1888 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 1888 wrote to memory of 1712 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 1712 wrote to memory of 4344 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\sc.exe
PID 1712 wrote to memory of 4344 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\sc.exe
PID 1888 wrote to memory of 4888 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 1888 wrote to memory of 4888 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 4888 wrote to memory of 5076 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\sc.exe
PID 4888 wrote to memory of 5076 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\sc.exe
PID 1888 wrote to memory of 688 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 1888 wrote to memory of 688 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe

"C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c SystemSettingsAdminFlows.exe SetInternetTime 1 >nul 2>nul

C:\Windows\system32\SystemSettingsAdminFlows.exe

SystemSettingsAdminFlows.exe SetInternetTime 1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq charles*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq ida*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>nul

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerProSdk >nul 2>nul

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerProSdk

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>nul

C:\Windows\system32\sc.exe

sc stop KProcessHacker3

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>nul

C:\Windows\system32\sc.exe

sc stop KProcessHacker2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>nul

C:\Windows\system32\sc.exe

sc stop KProcessHacker1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>nul

C:\Windows\system32\sc.exe

sc stop wireshark

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>nul

C:\Windows\system32\sc.exe

sc stop npf

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c SystemSettingsAdminFlows.exe SetInternetTime 1 >nul 2>nul

C:\Windows\system32\SystemSettingsAdminFlows.exe

SystemSettingsAdminFlows.exe SetInternetTime 1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq charles*" /IM * /F /T

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
GB 51.89.247.166:5647 tcp
US 8.8.8.8:53 166.247.89.51.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 25.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

memory/1888-0-0x00007FF602B49000-0x00007FF603338000-memory.dmp

memory/1888-2-0x00007FFAFA3A0000-0x00007FFAFA3A2000-memory.dmp

memory/1888-1-0x00007FFAFA390000-0x00007FFAFA392000-memory.dmp

memory/1888-3-0x00007FF602A50000-0x00007FF603CC1000-memory.dmp

memory/1888-5-0x00007FF602A50000-0x00007FF603CC1000-memory.dmp

memory/1888-9-0x00007FF602A50000-0x00007FF603CC1000-memory.dmp

memory/1888-10-0x0000026F679F0000-0x0000026F679F1000-memory.dmp

memory/1888-13-0x0000026F67A20000-0x0000026F67A21000-memory.dmp

memory/1888-48-0x00007FF602B49000-0x00007FF603338000-memory.dmp

memory/1888-49-0x00007FF602A50000-0x00007FF603CC1000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-01 05:37

Reported

2024-06-01 05:40

Platform

win7-20240508-en

Max time kernel

122s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe"

Signatures

Stops running service(s)

evasion execution

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1484 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 1484 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 1484 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 1484 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 1484 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 1484 wrote to memory of 2828 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 2828 wrote to memory of 2712 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 2828 wrote to memory of 2712 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 2828 wrote to memory of 2712 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 1484 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 1484 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 1484 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 2540 wrote to memory of 2640 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 2540 wrote to memory of 2640 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 2540 wrote to memory of 2640 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 1484 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 1484 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 1484 wrote to memory of 1860 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 1860 wrote to memory of 1836 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 1860 wrote to memory of 1836 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 1860 wrote to memory of 1836 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 1484 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 1484 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 1484 wrote to memory of 2764 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 2764 wrote to memory of 2656 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 2764 wrote to memory of 2656 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 2764 wrote to memory of 2656 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 1484 wrote to memory of 2020 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 1484 wrote to memory of 2020 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 1484 wrote to memory of 2020 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 2020 wrote to memory of 1440 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 2020 wrote to memory of 1440 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 2020 wrote to memory of 1440 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 1484 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 1484 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 1484 wrote to memory of 1948 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 1948 wrote to memory of 1964 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 1948 wrote to memory of 1964 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 1948 wrote to memory of 1964 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 1484 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 1484 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 1484 wrote to memory of 1312 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 1312 wrote to memory of 1956 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 1312 wrote to memory of 1956 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 1312 wrote to memory of 1956 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 1484 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 1484 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 1484 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 1624 wrote to memory of 1208 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 1624 wrote to memory of 1208 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 1624 wrote to memory of 1208 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 1484 wrote to memory of 468 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 1484 wrote to memory of 468 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 1484 wrote to memory of 468 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 468 wrote to memory of 2356 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\sc.exe
PID 468 wrote to memory of 2356 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\sc.exe
PID 468 wrote to memory of 2356 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\sc.exe
PID 1484 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 1484 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 1484 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe
PID 1060 wrote to memory of 484 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\sc.exe
PID 1060 wrote to memory of 484 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\sc.exe
PID 1060 wrote to memory of 484 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\sc.exe
PID 1484 wrote to memory of 1652 N/A C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe C:\Windows\system32\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe

"C:\Users\Admin\AppData\Local\Temp\WL1FIKZrIDoFw7XzP7SHK27KGML6JFbu.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c SystemSettingsAdminFlows.exe SetInternetTime 1 >nul 2>nul

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq charles*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq ida*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>nul

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerProSdk >nul 2>nul

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerProSdk

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>nul

C:\Windows\system32\sc.exe

sc stop KProcessHacker3

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>nul

C:\Windows\system32\sc.exe

sc stop KProcessHacker2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>nul

C:\Windows\system32\sc.exe

sc stop KProcessHacker1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>nul

C:\Windows\system32\sc.exe

sc stop wireshark

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>nul

C:\Windows\system32\sc.exe

sc stop npf

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c SystemSettingsAdminFlows.exe SetInternetTime 1 >nul 2>nul

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq charles*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq ida*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>nul

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerProSdk >nul 2>nul

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerProSdk

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>nul

C:\Windows\system32\sc.exe

sc stop KProcessHacker3

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>nul

C:\Windows\system32\sc.exe

sc stop KProcessHacker2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>nul

C:\Windows\system32\sc.exe

sc stop KProcessHacker1

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 1484 -s 1100

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>nul

C:\Windows\system32\sc.exe

sc stop wireshark

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>nul

C:\Windows\system32\sc.exe

sc stop npf

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c SystemSettingsAdminFlows.exe SetInternetTime 1 >nul 2>nul

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq charles*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq ida*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>nul

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerProSdk >nul 2>nul

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerProSdk

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>nul

C:\Windows\system32\sc.exe

sc stop KProcessHacker3

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>nul

C:\Windows\system32\sc.exe

sc stop KProcessHacker2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>nul

C:\Windows\system32\sc.exe

sc stop KProcessHacker1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>nul

C:\Windows\system32\sc.exe

sc stop wireshark

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>nul

C:\Windows\system32\sc.exe

sc stop npf

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c SystemSettingsAdminFlows.exe SetInternetTime 1 >nul 2>nul

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq charles*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq ida*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>nul

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerProSdk >nul 2>nul

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerProSdk

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>nul

C:\Windows\system32\sc.exe

sc stop KProcessHacker3

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>nul

C:\Windows\system32\sc.exe

sc stop KProcessHacker2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>nul

C:\Windows\system32\sc.exe

sc stop KProcessHacker1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>nul

C:\Windows\system32\sc.exe

sc stop wireshark

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>nul

C:\Windows\system32\sc.exe

sc stop npf

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c SystemSettingsAdminFlows.exe SetInternetTime 1 >nul 2>nul

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq charles*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq ida*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>nul

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerProSdk >nul 2>nul

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerProSdk

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>nul

C:\Windows\system32\sc.exe

sc stop KProcessHacker3

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>nul

C:\Windows\system32\sc.exe

sc stop KProcessHacker2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>nul

C:\Windows\system32\sc.exe

sc stop KProcessHacker1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>nul

C:\Windows\system32\sc.exe

sc stop wireshark

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>nul

C:\Windows\system32\sc.exe

sc stop npf

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c SystemSettingsAdminFlows.exe SetInternetTime 1 >nul 2>nul

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq charles*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq ida*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>nul

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerProSdk >nul 2>nul

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerProSdk

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>nul

C:\Windows\system32\sc.exe

sc stop KProcessHacker3

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>nul

C:\Windows\system32\sc.exe

sc stop KProcessHacker2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>nul

C:\Windows\system32\sc.exe

sc stop KProcessHacker1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>nul

C:\Windows\system32\sc.exe

sc stop wireshark

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>nul

C:\Windows\system32\sc.exe

sc stop npf

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c SystemSettingsAdminFlows.exe SetInternetTime 1 >nul 2>nul

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq charles*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq ida*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>nul

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerProSdk >nul 2>nul

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerProSdk

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>nul

C:\Windows\system32\sc.exe

sc stop KProcessHacker3

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>nul

C:\Windows\system32\sc.exe

sc stop KProcessHacker2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>nul

C:\Windows\system32\sc.exe

sc stop KProcessHacker1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>nul

C:\Windows\system32\sc.exe

sc stop wireshark

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>nul

C:\Windows\system32\sc.exe

sc stop npf

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c SystemSettingsAdminFlows.exe SetInternetTime 1 >nul 2>nul

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq charles*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq ida*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>nul

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerProSdk >nul 2>nul

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerProSdk

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>nul

C:\Windows\system32\sc.exe

sc stop KProcessHacker3

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>nul

C:\Windows\system32\sc.exe

sc stop KProcessHacker2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>nul

C:\Windows\system32\sc.exe

sc stop KProcessHacker1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>nul

C:\Windows\system32\sc.exe

sc stop wireshark

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>nul

C:\Windows\system32\sc.exe

sc stop npf

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c SystemSettingsAdminFlows.exe SetInternetTime 1 >nul 2>nul

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq charles*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq ida*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>nul

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerProSdk >nul 2>nul

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerProSdk

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>nul

C:\Windows\system32\sc.exe

sc stop KProcessHacker3

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>nul

C:\Windows\system32\sc.exe

sc stop KProcessHacker2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>nul

C:\Windows\system32\sc.exe

sc stop KProcessHacker1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>nul

C:\Windows\system32\sc.exe

sc stop wireshark

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>nul

C:\Windows\system32\sc.exe

sc stop npf

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c SystemSettingsAdminFlows.exe SetInternetTime 1 >nul 2>nul

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq charles*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq ida*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>nul

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>nul

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerProSdk >nul 2>nul

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerProSdk

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>nul

C:\Windows\system32\sc.exe

sc stop KProcessHacker3

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>nul

C:\Windows\system32\sc.exe

sc stop KProcessHacker2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>nul

C:\Windows\system32\sc.exe

sc stop KProcessHacker1

Network

Country Destination Domain Proto
GB 51.89.247.166:5647 tcp

Files

memory/1484-0-0x000000013F289000-0x000000013FA78000-memory.dmp

memory/1484-18-0x000000013F190000-0x0000000140401000-memory.dmp

memory/1484-16-0x000000013F190000-0x0000000140401000-memory.dmp

memory/1484-11-0x000000013F190000-0x0000000140401000-memory.dmp

memory/1484-10-0x0000000077610000-0x0000000077612000-memory.dmp

memory/1484-8-0x0000000077610000-0x0000000077612000-memory.dmp

memory/1484-6-0x0000000077610000-0x0000000077612000-memory.dmp

memory/1484-5-0x00000000775F0000-0x00000000775F2000-memory.dmp

memory/1484-3-0x00000000775F0000-0x00000000775F2000-memory.dmp

memory/1484-1-0x00000000775F0000-0x00000000775F2000-memory.dmp

memory/1484-35-0x0000000000150000-0x0000000000151000-memory.dmp

memory/1484-42-0x0000000000150000-0x0000000000151000-memory.dmp

memory/1484-57-0x0000000000150000-0x0000000000151000-memory.dmp

memory/1484-121-0x000000013F190000-0x0000000140401000-memory.dmp

memory/1484-120-0x000000013F289000-0x000000013FA78000-memory.dmp