Analysis Overview
SHA256
f976368908d75ad474cb16762742852803ae91d1727197a80e9c55ec9e910b89
Threat Level: Known bad
The file PhantomSolutions.exe was found to be: Known bad.
Malicious Activity Summary
Cerber
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Stops running service(s)
Themida packer
Executes dropped EXE
Checks BIOS information in registry
Checks whether UAC is enabled
Suspicious use of NtSetInformationThreadHideFromDebugger
Drops file in System32 directory
Launches sc.exe
Program crash
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Kills process with taskkill
Suspicious behavior: LoadsDriver
Suspicious use of WriteProcessMemory
Modifies system certificate store
Runs net.exe
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-20 04:01
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-20 04:01
Reported
2024-06-20 04:03
Platform
win7-20240419-en
Max time kernel
120s
Max time network
120s
Command Line
Signatures
Stops running service(s)
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\PhantomSolutions.exe |
Kills process with taskkill
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Users\Admin\AppData\Local\Temp\PhantomSolutions.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\Temp\PhantomSolutions.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 | C:\Users\Admin\AppData\Local\Temp\PhantomSolutions.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\PhantomSolutions.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\PhantomSolutions.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 | C:\Users\Admin\AppData\Local\Temp\PhantomSolutions.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\PhantomSolutions.exe
"C:\Users\Admin\AppData\Local\Temp\PhantomSolutions.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerUI.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im Ida64.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im Ida64.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im OllyDbg.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im OllyDbg.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im Dbg64.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im Dbg64.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im Dbg32.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im Dbg32.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerPro >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerUI.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerPro >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerPro >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerProSdk >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerProSdk
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop KProcessHacker3 >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop KProcessHacker3
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop KProcessHacker2 >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop KProcessHacker2
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop KProcessHacker1 >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop KProcessHacker1
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop wireshark >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop wireshark
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerUI.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerPro >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq die*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq die*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebugger.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebugger.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im FolderChangesView.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im FolderChangesView.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HttpDebuggerSdk >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HttpDebuggerSdk
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop npf >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop npf
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerUI.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 1616
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im Ida64.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im Ida64.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im OllyDbg.exe >nul 2>&1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | keyauth.win | udp |
| US | 104.26.0.5:443 | keyauth.win | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.171:80 | apps.identrust.com | tcp |
Files
memory/2372-0-0x0000000073FBE000-0x0000000073FBF000-memory.dmp
memory/2372-1-0x0000000000820000-0x0000000000C52000-memory.dmp
memory/2372-2-0x0000000073FB0000-0x000000007469E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Cab6B7.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar75A.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7349065d221e74385374e4883862d9e0 |
| SHA1 | dbbaa297341f67f649e2d46271524aaeac21602a |
| SHA256 | 429738f82fd6755da283ab9f445a7043b03ec572198dd9641de3b0af4fc93a47 |
| SHA512 | 71b68ba94f88e214862c5bf49c7ed9e4a9a315f8fc606af0525dc2323efec3c977cac0992dbc14a37b9f3c65044feb3fff9b51663fc6bbc1d67d7f53cc22a09e |
memory/2372-69-0x0000000073FB0000-0x000000007469E000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-20 04:01
Reported
2024-06-20 04:07
Platform
win10v2004-20240611-en
Max time kernel
385s
Max time network
278s
Command Line
Signatures
Cerber
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | N/A | N/A |
Stops running service(s)
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | N/A | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Themida packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\wbem\repository\MAPPING1.MAP | N/A | N/A |
| File opened for modification | C:\Windows\system32\wbem\repository\MAPPING2.MAP | N/A | N/A |
| File opened for modification | C:\Windows\system32\wbem\repository\MAPPING3.MAP | N/A | N/A |
| File opened for modification | C:\Windows\system32\wbem\repository\OBJECTS.DATA | N/A | N/A |
| File opened for modification | C:\Windows\system32\wbem\repository\INDEX.BTR | N/A | N/A |
| File opened for modification | C:\Windows\system32\wbem\repository | N/A | N/A |
| File opened for modification | C:\Windows\system32\wbem\repository\WRITABLE.TST | N/A | N/A |
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | N/A | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Runs net.exe
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\PhantomSolutions.exe
"C:\Users\Admin\AppData\Local\Temp\PhantomSolutions.exe"
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerUI.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im Ida64.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im Ida64.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im OllyDbg.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im OllyDbg.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im Dbg64.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im Dbg64.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im Dbg32.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im Dbg32.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerPro >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerUI.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerPro >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerPro >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerProSdk >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerProSdk
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop KProcessHacker3 >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop KProcessHacker3
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop KProcessHacker2 >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop KProcessHacker2
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop KProcessHacker1 >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop KProcessHacker1
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop wireshark >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop wireshark
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerUI.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerPro >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq die*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq die*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebugger.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebugger.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im FolderChangesView.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im FolderChangesView.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HttpDebuggerSdk >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HttpDebuggerSdk
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop npf >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop npf
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerUI.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im Ida64.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im Ida64.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im OllyDbg.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im OllyDbg.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im Dbg64.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im Dbg64.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im Dbg32.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im Dbg32.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerPro >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerUI.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerPro >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerPro >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerProSdk >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerProSdk
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop KProcessHacker3 >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\sc.exe
sc stop KProcessHacker3
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop KProcessHacker2 >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop KProcessHacker2
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop KProcessHacker1 >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop KProcessHacker1
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop wireshark >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop wireshark
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerUI.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerPro >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:ShellFeedsUI.AppXnj65k2d1a1rnztt2t2nng5ctmk3e76pn.mca
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq die*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq die*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebugger.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebugger.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im FolderChangesView.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im FolderChangesView.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HttpDebuggerSdk >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HttpDebuggerSdk
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop npf >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop npf
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerUI.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im Ida64.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im Ida64.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im OllyDbg.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im OllyDbg.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im Dbg64.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im Dbg64.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im Dbg32.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im Dbg32.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerPro >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerUI.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerPro >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerPro >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerProSdk >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerProSdk
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop KProcessHacker3 >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop KProcessHacker3
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop KProcessHacker2 >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop KProcessHacker2
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop KProcessHacker1 >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop KProcessHacker1
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop wireshark >nul 2>&1
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\SysWOW64\sc.exe
sc stop wireshark
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerUI.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerPro >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq die*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq die*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebugger.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebugger.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im FolderChangesView.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im FolderChangesView.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HttpDebuggerSdk >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\sc.exe
sc stop HttpDebuggerSdk
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop npf >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\sc.exe
sc stop npf
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerUI.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im Ida64.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im Ida64.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im OllyDbg.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im OllyDbg.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im Dbg64.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im Dbg64.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im Dbg32.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im Dbg32.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerPro >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerUI.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerPro >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerPro >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerProSdk >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerProSdk
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop KProcessHacker3 >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop KProcessHacker3
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop KProcessHacker2 >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop KProcessHacker2
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop KProcessHacker1 >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop KProcessHacker1
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop wireshark >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\sc.exe
sc stop wireshark
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerUI.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerPro >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
C:\Windows\System32\mousocoreworker.exe
C:\Windows\System32\mousocoreworker.exe -Embedding
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq die*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq die*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebugger.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebugger.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im FolderChangesView.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im FolderChangesView.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HttpDebuggerSdk >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HttpDebuggerSdk
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop npf >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\sc.exe
sc stop npf
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerUI.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im Ida64.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im Ida64.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im OllyDbg.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im OllyDbg.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im Dbg64.exe >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im Dbg64.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im Dbg32.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im Dbg32.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerPro >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerUI.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerPro >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\System32\sihclient.exe
C:\Windows\System32\sihclient.exe /cv pj8SAT2SCUicCRR6TV5inw.0.2
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerPro >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerProSdk >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerProSdk
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop KProcessHacker3 >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop KProcessHacker3
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop KProcessHacker2 >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop KProcessHacker2
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop KProcessHacker1 >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop KProcessHacker1
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop wireshark >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop wireshark
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerUI.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe -Embedding
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerPro >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq die*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq die*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebugger.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebugger.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im FolderChangesView.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im FolderChangesView.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HttpDebuggerSdk >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\sc.exe
sc stop HttpDebuggerSdk
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop npf >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop npf
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerUI.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im Ida64.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im Ida64.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im OllyDbg.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im OllyDbg.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im Dbg64.exe >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im Dbg64.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im Dbg32.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im Dbg32.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerPro >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerUI.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerPro >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerPro >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerProSdk >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerProSdk
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop KProcessHacker3 >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop KProcessHacker3
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop KProcessHacker2 >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop KProcessHacker2
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop KProcessHacker1 >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop KProcessHacker1
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop wireshark >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\sc.exe
sc stop wireshark
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerUI.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerPro >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq die*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq die*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebugger.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebugger.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im FolderChangesView.exe >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im FolderChangesView.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HttpDebuggerSdk >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HttpDebuggerSdk
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop npf >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop npf
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerUI.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im Ida64.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im Ida64.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im OllyDbg.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im OllyDbg.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im Dbg64.exe >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im Dbg64.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im Dbg32.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im Dbg32.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerPro >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerUI.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerPro >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerPro >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerProSdk >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerProSdk
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop KProcessHacker3 >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop KProcessHacker3
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop KProcessHacker2 >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop KProcessHacker2
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop KProcessHacker1 >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop KProcessHacker1
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop wireshark >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop wireshark
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerUI.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerPro >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq die*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq die*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebugger.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebugger.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im FolderChangesView.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im FolderChangesView.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HttpDebuggerSdk >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HttpDebuggerSdk
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop npf >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop npf
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerUI.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im Ida64.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im Ida64.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im OllyDbg.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im OllyDbg.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im Dbg64.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im Dbg64.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im Dbg32.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im Dbg32.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerPro >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerUI.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerPro >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerPro >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerProSdk >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerProSdk
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop KProcessHacker3 >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop KProcessHacker3
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop KProcessHacker2 >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop KProcessHacker2
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop KProcessHacker1 >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop KProcessHacker1
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop wireshark >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop wireshark
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerUI.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerPro >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq die*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq die*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebugger.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebugger.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im FolderChangesView.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im FolderChangesView.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HttpDebuggerSdk >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\sc.exe
sc stop HttpDebuggerSdk
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop npf >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\sc.exe
sc stop npf
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerUI.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im Ida64.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im Ida64.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im OllyDbg.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im OllyDbg.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im Dbg64.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im Dbg64.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im Dbg32.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im Dbg32.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerPro >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerUI.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerPro >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerPro >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerProSdk >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerProSdk
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop KProcessHacker3 >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop KProcessHacker3
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop KProcessHacker2 >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop KProcessHacker2
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop KProcessHacker1 >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop KProcessHacker1
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop wireshark >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop wireshark
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerUI.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerPro >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq die*" /IM * /F /T >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq die*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebugger.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebugger.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im FolderChangesView.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im FolderChangesView.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HttpDebuggerSdk >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HttpDebuggerSdk
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop npf >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop npf
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerUI.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im Ida64.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im Ida64.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im OllyDbg.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im OllyDbg.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im Dbg64.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im Dbg64.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im Dbg32.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im Dbg32.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerPro >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerUI.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerPro >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerPro >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerProSdk >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerProSdk
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop KProcessHacker3 >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop KProcessHacker3
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop KProcessHacker2 >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop KProcessHacker2
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop KProcessHacker1 >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop KProcessHacker1
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop wireshark >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop wireshark
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerUI.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c sc stop HTTPDebuggerPro >nul 2>&1
C:\Windows\SysWOW64\sc.exe
sc stop HTTPDebuggerPro
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /FI "IMAGENAME eq die*" /IM * /F /T >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /FI "IMAGENAME eq die*" /IM * /F /T
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im HTTPDebugger.exe >nul 2>&1
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im HTTPDebugger.exe
C:\Windows\SysWOW64\cmd.exe
"cmd.exe" /c taskkill /f /im FolderChangesView.exe >nul 2>&1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | keyauth.win | udp |
| US | 172.67.72.57:443 | keyauth.win | tcp |
| US | 8.8.8.8:53 | 57.72.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.117.168.52.in-addr.arpa | udp |
Files
memory/2588-0-0x0000000074DAE000-0x0000000074DAF000-memory.dmp
memory/2588-1-0x0000000000D90000-0x00000000011C2000-memory.dmp
memory/2588-2-0x0000000005A90000-0x0000000005AA2000-memory.dmp
memory/2588-3-0x0000000074DA0000-0x0000000075550000-memory.dmp
memory/2588-4-0x0000000006550000-0x000000000658C000-memory.dmp
memory/2588-5-0x0000000074DAE000-0x0000000074DAF000-memory.dmp
memory/2588-6-0x0000000074DA0000-0x0000000075550000-memory.dmp
memory/2588-7-0x0000000006C00000-0x0000000006C66000-memory.dmp
C:\PhantomSolutions\AppleCleaner.exe
| MD5 | f96eb2236970fb3ea97101b923af4228 |
| SHA1 | e0eed80f1054acbf5389a7b8860a4503dd3e184a |
| SHA256 | 46fe5192387d3f897a134d29c069ebf39c72094c892134d2f0e77b12b11a6172 |
| SHA512 | 2fd2d28c5f571d40b43a4dd7a22d367ba42420c29627f21ca0a2052070ffb9f689d80dad638238189eed26ed19af626f47e70f1207e10007041c620dac323cc7 |
memory/2476-11-0x00007FF70E230000-0x00007FF70EBD2000-memory.dmp
memory/2476-13-0x00007FF70E230000-0x00007FF70EBD2000-memory.dmp
memory/2476-14-0x00007FF70E230000-0x00007FF70EBD2000-memory.dmp
memory/2476-15-0x00007FF70E230000-0x00007FF70EBD2000-memory.dmp
memory/2476-16-0x00007FF70E230000-0x00007FF70EBD2000-memory.dmp
memory/2476-18-0x00007FF70E230000-0x00007FF70EBD2000-memory.dmp
C:\PhantomSolutions\zhjers.exe
| MD5 | f17ecf761e70feb98c7f628857eedfe7 |
| SHA1 | b2c1263c641bdaee8266a05a0afbb455e29e240d |
| SHA256 | 311f5c844746d4270b5b971ccef8d74ddedca873eb45f34a1a55f1ea4a3bafcf |
| SHA512 | e5a5f56a85ee0a372990914314b750d5f970b5f91e9084621d63378a3a16a6e64904786883cd026d8aa313606c32667d2a83703f8a22fa800230a6467684d084 |
C:\PhantomSolutions\amifldrv64.sys
| MD5 | f22740ba54a400fd2be7690bb204aa08 |
| SHA1 | 5812387783d61c6ab5702213bb968590a18065e3 |
| SHA256 | 65c26276cadda7a36f8977d1d01120edb5c3418be2317d501761092d5f9916c9 |
| SHA512 | ac1f89736cf348f634b526569b5783118a1a35324f9ce2f2804001e5a04751f8cc21d09bfa1c4803cd14a64152beba868f5ecf119f10fa3ccbe680d2fb481500 |
memory/2588-54-0x0000000074DA0000-0x0000000075550000-memory.dmp