Analysis
-
max time kernel
140s -
max time network
227s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
26-06-2024 12:26
Static task
static1
Behavioral task
behavioral1
Sample
AnyDesk.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
AnyDesk.exe
Resource
win10v2004-20240508-en
General
-
Target
AnyDesk.exe
-
Size
5.1MB
-
MD5
aee6801792d67607f228be8cec8291f9
-
SHA1
bf6ba727ff14ca2fddf619f292d56db9d9088066
-
SHA256
1cdafbe519f60aaadb4a92e266fff709129f86f0c9ee595c45499c66092e0499
-
SHA512
09d9fc8702ab6fa4fc9323c37bc970b8a7dd180293b0dbf337de726476b0b9515a4f383fa294ba084eccf0698d1e3cb5a39d0ff9ea3ba40c8a56acafce3add4f
-
SSDEEP
98304:G5WW6KEdJxfpDVOMdq2668yIv1//nvkYCRThGXBJdicotUgwoAo5beyjF:y3vEbxfjf4Y8yofvktkLdurH5iyR
Malware Config
Signatures
-
Looks for VirtualBox Guest Additions in registry 2 TTPs 1 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions Blueberry Free Swoofer.exe -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion Blueberry Free Swoofer.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion Blueberry Free Swoofer.exe -
resource yara_rule behavioral1/files/0x000e00000001ac2c-451.dat vmprotect behavioral1/files/0x000e00000001ac2c-475.dat vmprotect behavioral1/memory/5004-478-0x00007FF79E010000-0x00007FF79E8F7000-memory.dmp vmprotect -
Downloads MZ/PE file
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 53 raw.githubusercontent.com 52 raw.githubusercontent.com -
Drops file in System32 directory 15 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_256.db AnyDesk.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.db AnyDesk.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1920.db AnyDesk.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_sr.db AnyDesk.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db AnyDesk.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.db AnyDesk.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db AnyDesk.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide_alternate.db AnyDesk.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1280.db AnyDesk.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_2560.db AnyDesk.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.db AnyDesk.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db AnyDesk.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db AnyDesk.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_exif.db AnyDesk.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_custom_stream.db AnyDesk.exe -
Checks for VirtualBox DLLs, possible anti-VM trick 1 TTPs 1 IoCs
Certain files are specific to VirtualBox VMs and can be used to detect execution in a VM.
description ioc Process File opened (read-only) \??\VBoxMiniRdrDN Blueberry Free Swoofer.exe -
Executes dropped EXE 1 IoCs
pid Process 5004 Blueberry Free Swoofer.exe -
Launches sc.exe 22 IoCs
Sc.exe is a Windows utlilty to control services on the system.
pid Process 5904 sc.exe 5500 sc.exe 3196 sc.exe 3820 sc.exe 4380 sc.exe 5968 sc.exe 5368 sc.exe 6128 sc.exe 4328 sc.exe 4280 sc.exe 908 sc.exe 5080 sc.exe 5668 sc.exe 5768 sc.exe 6140 sc.exe 2420 sc.exe 5872 sc.exe 5688 sc.exe 5728 sc.exe 5568 sc.exe 2892 sc.exe 5620 sc.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 10 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString AnyDesk.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AnyDesk.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe -
Kills process with taskkill 64 IoCs
pid Process 5976 taskkill.exe 5752 taskkill.exe 5600 taskkill.exe 5264 taskkill.exe 2688 taskkill.exe 1372 taskkill.exe 5464 taskkill.exe 5324 taskkill.exe 5788 taskkill.exe 4428 taskkill.exe 5268 taskkill.exe 5636 taskkill.exe 5712 taskkill.exe 5836 taskkill.exe 2328 taskkill.exe 4124 taskkill.exe 5724 taskkill.exe 3712 taskkill.exe 4156 taskkill.exe 3196 taskkill.exe 1384 taskkill.exe 2268 taskkill.exe 420 taskkill.exe 5752 taskkill.exe 2728 taskkill.exe 4860 taskkill.exe 5452 taskkill.exe 6036 taskkill.exe 5872 taskkill.exe 4908 taskkill.exe 3196 taskkill.exe 4496 taskkill.exe 1240 taskkill.exe 5908 taskkill.exe 5500 taskkill.exe 6008 taskkill.exe 1960 taskkill.exe 5248 taskkill.exe 5400 taskkill.exe 1260 taskkill.exe 5356 taskkill.exe 5060 taskkill.exe 5704 taskkill.exe 4236 taskkill.exe 1036 taskkill.exe 5576 taskkill.exe 5732 taskkill.exe 5664 taskkill.exe 2328 taskkill.exe 5592 taskkill.exe 4744 taskkill.exe 1468 taskkill.exe 1472 taskkill.exe 2352 taskkill.exe 5672 taskkill.exe 6064 taskkill.exe 3140 taskkill.exe 4744 taskkill.exe 2420 taskkill.exe 2688 taskkill.exe 2036 taskkill.exe 4716 taskkill.exe 6112 taskkill.exe 656 taskkill.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings firefox.exe -
NTFS ADS 1 IoCs
description ioc Process File created C:\Users\Admin\Downloads\Blueberry Free Swoofer.exe:Zone.Identifier firefox.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 4404 AnyDesk.exe -
Suspicious behavior: EnumeratesProcesses 26 IoCs
pid Process 2168 AnyDesk.exe 2168 AnyDesk.exe 2168 AnyDesk.exe 2168 AnyDesk.exe 2168 AnyDesk.exe 2168 AnyDesk.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe -
Suspicious behavior: LoadsDriver 1 IoCs
pid Process 624 Process not Found -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeDebugPrivilege 2168 AnyDesk.exe Token: 33 2992 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2992 AUDIODG.EXE Token: SeDebugPrivilege 3884 firefox.exe Token: SeDebugPrivilege 3884 firefox.exe Token: SeDebugPrivilege 5208 taskkill.exe Token: SeDebugPrivilege 5216 taskkill.exe Token: SeDebugPrivilege 5500 taskkill.exe Token: SeDebugPrivilege 5512 taskkill.exe Token: SeDebugPrivilege 5656 taskkill.exe Token: SeDebugPrivilege 5704 taskkill.exe Token: SeDebugPrivilege 5736 taskkill.exe Token: SeDebugPrivilege 5788 taskkill.exe Token: SeDebugPrivilege 5816 taskkill.exe Token: SeDebugPrivilege 5876 taskkill.exe Token: SeDebugPrivilege 5896 taskkill.exe Token: SeDebugPrivilege 5956 taskkill.exe Token: SeDebugPrivilege 5976 taskkill.exe Token: SeDebugPrivilege 6036 taskkill.exe Token: SeDebugPrivilege 6056 taskkill.exe Token: SeIncreaseQuotaPrivilege 6136 WMIC.exe Token: SeSecurityPrivilege 6136 WMIC.exe Token: SeTakeOwnershipPrivilege 6136 WMIC.exe Token: SeLoadDriverPrivilege 6136 WMIC.exe Token: SeSystemProfilePrivilege 6136 WMIC.exe Token: SeSystemtimePrivilege 6136 WMIC.exe Token: SeProfSingleProcessPrivilege 6136 WMIC.exe Token: SeIncBasePriorityPrivilege 6136 WMIC.exe Token: SeCreatePagefilePrivilege 6136 WMIC.exe Token: SeBackupPrivilege 6136 WMIC.exe Token: SeRestorePrivilege 6136 WMIC.exe Token: SeShutdownPrivilege 6136 WMIC.exe Token: SeDebugPrivilege 6136 WMIC.exe Token: SeSystemEnvironmentPrivilege 6136 WMIC.exe Token: SeRemoteShutdownPrivilege 6136 WMIC.exe Token: SeUndockPrivilege 6136 WMIC.exe Token: SeManageVolumePrivilege 6136 WMIC.exe Token: SeImpersonatePrivilege 6136 WMIC.exe Token: 33 6136 WMIC.exe Token: 34 6136 WMIC.exe Token: 35 6136 WMIC.exe Token: 36 6136 WMIC.exe Token: SeDebugPrivilege 5248 taskkill.exe Token: SeDebugPrivilege 4364 taskkill.exe Token: SeIncreaseQuotaPrivilege 6136 WMIC.exe Token: SeSecurityPrivilege 6136 WMIC.exe Token: SeTakeOwnershipPrivilege 6136 WMIC.exe Token: SeLoadDriverPrivilege 6136 WMIC.exe Token: SeSystemProfilePrivilege 6136 WMIC.exe Token: SeSystemtimePrivilege 6136 WMIC.exe Token: SeProfSingleProcessPrivilege 6136 WMIC.exe Token: SeIncBasePriorityPrivilege 6136 WMIC.exe Token: SeCreatePagefilePrivilege 6136 WMIC.exe Token: SeBackupPrivilege 6136 WMIC.exe Token: SeRestorePrivilege 6136 WMIC.exe Token: SeShutdownPrivilege 6136 WMIC.exe Token: SeDebugPrivilege 6136 WMIC.exe Token: SeSystemEnvironmentPrivilege 6136 WMIC.exe Token: SeRemoteShutdownPrivilege 6136 WMIC.exe Token: SeUndockPrivilege 6136 WMIC.exe Token: SeManageVolumePrivilege 6136 WMIC.exe Token: SeImpersonatePrivilege 6136 WMIC.exe Token: 33 6136 WMIC.exe Token: 34 6136 WMIC.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 4404 AnyDesk.exe 4404 AnyDesk.exe 4404 AnyDesk.exe 4404 AnyDesk.exe 4404 AnyDesk.exe 4404 AnyDesk.exe 3884 firefox.exe 3884 firefox.exe 3884 firefox.exe 3884 firefox.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe 5004 Blueberry Free Swoofer.exe -
Suspicious use of SendNotifyMessage 9 IoCs
pid Process 4404 AnyDesk.exe 4404 AnyDesk.exe 4404 AnyDesk.exe 4404 AnyDesk.exe 4404 AnyDesk.exe 4404 AnyDesk.exe 3884 firefox.exe 3884 firefox.exe 3884 firefox.exe -
Suspicious use of SetWindowsHookEx 7 IoCs
pid Process 4540 AnyDesk.exe 4540 AnyDesk.exe 3884 firefox.exe 3884 firefox.exe 3884 firefox.exe 3884 firefox.exe 5004 Blueberry Free Swoofer.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4300 wrote to memory of 2168 4300 AnyDesk.exe 73 PID 4300 wrote to memory of 2168 4300 AnyDesk.exe 73 PID 4300 wrote to memory of 2168 4300 AnyDesk.exe 73 PID 4300 wrote to memory of 4404 4300 AnyDesk.exe 74 PID 4300 wrote to memory of 4404 4300 AnyDesk.exe 74 PID 4300 wrote to memory of 4404 4300 AnyDesk.exe 74 PID 3136 wrote to memory of 3884 3136 firefox.exe 84 PID 3136 wrote to memory of 3884 3136 firefox.exe 84 PID 3136 wrote to memory of 3884 3136 firefox.exe 84 PID 3136 wrote to memory of 3884 3136 firefox.exe 84 PID 3136 wrote to memory of 3884 3136 firefox.exe 84 PID 3136 wrote to memory of 3884 3136 firefox.exe 84 PID 3136 wrote to memory of 3884 3136 firefox.exe 84 PID 3136 wrote to memory of 3884 3136 firefox.exe 84 PID 3136 wrote to memory of 3884 3136 firefox.exe 84 PID 3136 wrote to memory of 3884 3136 firefox.exe 84 PID 3136 wrote to memory of 3884 3136 firefox.exe 84 PID 3884 wrote to memory of 4556 3884 firefox.exe 85 PID 3884 wrote to memory of 4556 3884 firefox.exe 85 PID 3884 wrote to memory of 4140 3884 firefox.exe 86 PID 3884 wrote to memory of 4140 3884 firefox.exe 86 PID 3884 wrote to memory of 4140 3884 firefox.exe 86 PID 3884 wrote to memory of 4140 3884 firefox.exe 86 PID 3884 wrote to memory of 4140 3884 firefox.exe 86 PID 3884 wrote to memory of 4140 3884 firefox.exe 86 PID 3884 wrote to memory of 4140 3884 firefox.exe 86 PID 3884 wrote to memory of 4140 3884 firefox.exe 86 PID 3884 wrote to memory of 4140 3884 firefox.exe 86 PID 3884 wrote to memory of 4140 3884 firefox.exe 86 PID 3884 wrote to memory of 4140 3884 firefox.exe 86 PID 3884 wrote to memory of 4140 3884 firefox.exe 86 PID 3884 wrote to memory of 4140 3884 firefox.exe 86 PID 3884 wrote to memory of 4140 3884 firefox.exe 86 PID 3884 wrote to memory of 4140 3884 firefox.exe 86 PID 3884 wrote to memory of 4140 3884 firefox.exe 86 PID 3884 wrote to memory of 4140 3884 firefox.exe 86 PID 3884 wrote to memory of 4140 3884 firefox.exe 86 PID 3884 wrote to memory of 4140 3884 firefox.exe 86 PID 3884 wrote to memory of 4140 3884 firefox.exe 86 PID 3884 wrote to memory of 4140 3884 firefox.exe 86 PID 3884 wrote to memory of 4140 3884 firefox.exe 86 PID 3884 wrote to memory of 4140 3884 firefox.exe 86 PID 3884 wrote to memory of 4140 3884 firefox.exe 86 PID 3884 wrote to memory of 4140 3884 firefox.exe 86 PID 3884 wrote to memory of 4140 3884 firefox.exe 86 PID 3884 wrote to memory of 4140 3884 firefox.exe 86 PID 3884 wrote to memory of 4140 3884 firefox.exe 86 PID 3884 wrote to memory of 4140 3884 firefox.exe 86 PID 3884 wrote to memory of 4140 3884 firefox.exe 86 PID 3884 wrote to memory of 4140 3884 firefox.exe 86 PID 3884 wrote to memory of 4140 3884 firefox.exe 86 PID 3884 wrote to memory of 4140 3884 firefox.exe 86 PID 3884 wrote to memory of 4140 3884 firefox.exe 86 PID 3884 wrote to memory of 4140 3884 firefox.exe 86 PID 3884 wrote to memory of 4140 3884 firefox.exe 86 PID 3884 wrote to memory of 4140 3884 firefox.exe 86 PID 3884 wrote to memory of 4140 3884 firefox.exe 86 PID 3884 wrote to memory of 4140 3884 firefox.exe 86 PID 3884 wrote to memory of 4140 3884 firefox.exe 86 PID 3884 wrote to memory of 4140 3884 firefox.exe 86 PID 3884 wrote to memory of 4140 3884 firefox.exe 86 PID 3884 wrote to memory of 4140 3884 firefox.exe 86 PID 3884 wrote to memory of 4140 3884 firefox.exe 86 PID 3884 wrote to memory of 4140 3884 firefox.exe 86 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"1⤵
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:4300 -
C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2168 -
C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --backend3⤵
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
PID:4540
-
-
-
C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control2⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4404
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x38c1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2992
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:368
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3136 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3884 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3884.0.1546790538\1489199427" -parentBuildID 20221007134813 -prefsHandle 1716 -prefMapHandle 1708 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a83e3921-1efd-4d9b-86dd-fdd8a3b0304a} 3884 "\\.\pipe\gecko-crash-server-pipe.3884" 1796 25d7d8d8458 gpu3⤵PID:4556
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3884.1.855491774\1053699062" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3996eff-b6e1-4759-869c-89fd45cdecf5} 3884 "\\.\pipe\gecko-crash-server-pipe.3884" 2152 25d7d7fbc58 socket3⤵
- Checks processor information in registry
PID:4140
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3884.2.1919139020\191223638" -childID 1 -isForBrowser -prefsHandle 2724 -prefMapHandle 2852 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1212 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9644bac8-180b-4e75-ac55-9379c0863487} 3884 "\\.\pipe\gecko-crash-server-pipe.3884" 2928 25d022b8f58 tab3⤵PID:4312
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3884.3.793801263\237681544" -childID 2 -isForBrowser -prefsHandle 3540 -prefMapHandle 3536 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1212 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {103e78d7-5d13-43ad-95fe-d03ba96f917b} 3884 "\\.\pipe\gecko-crash-server-pipe.3884" 3544 25d03111058 tab3⤵PID:2772
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3884.4.630676053\20312612" -childID 3 -isForBrowser -prefsHandle 4396 -prefMapHandle 4316 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1212 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {abe177a3-f2a8-4330-b4f9-3735598ec866} 3884 "\\.\pipe\gecko-crash-server-pipe.3884" 4404 25d04804d58 tab3⤵PID:4928
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3884.5.26356846\1735182918" -childID 4 -isForBrowser -prefsHandle 4892 -prefMapHandle 4904 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1212 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f9cb915-bb32-4209-8241-1dd36a6d64f5} 3884 "\\.\pipe\gecko-crash-server-pipe.3884" 4912 25d03145258 tab3⤵PID:5000
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3884.6.1680764667\1457358836" -childID 5 -isForBrowser -prefsHandle 5052 -prefMapHandle 5056 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1212 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {29a927a9-76f6-4690-9bdc-cc34d56f1fd7} 3884 "\\.\pipe\gecko-crash-server-pipe.3884" 4936 25d04bb2558 tab3⤵PID:2356
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3884.7.1532518522\1298502764" -childID 6 -isForBrowser -prefsHandle 5248 -prefMapHandle 5252 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1212 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f238b57e-2343-4d4f-aa7b-f5b37177ffb4} 3884 "\\.\pipe\gecko-crash-server-pipe.3884" 5332 25d04bb3158 tab3⤵PID:4280
-
-
C:\Users\Admin\Downloads\Blueberry Free Swoofer.exe"C:\Users\Admin\Downloads\Blueberry Free Swoofer.exe"3⤵
- Looks for VirtualBox Guest Additions in registry
- Checks BIOS information in registry
- Checks for VirtualBox DLLs, possible anti-VM trick
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:5004 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq floss*" /IM * /F /T >nul 2>&14⤵PID:5156
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq floss*" /IM * /F /T5⤵
- Suspicious use of AdjustPrivilegeToken
PID:5216
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:5168
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵
- Suspicious use of AdjustPrivilegeToken
PID:5208
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:5356
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵
- Suspicious use of AdjustPrivilegeToken
PID:5500
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&14⤵PID:5364
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebuggerUI.exe5⤵
- Suspicious use of AdjustPrivilegeToken
PID:5512
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls4⤵PID:5620
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:5628
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵
- Suspicious use of AdjustPrivilegeToken
PID:5656
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c color 0B4⤵PID:5644
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&14⤵PID:5684
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebuggerSvc.exe5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:5704
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:5696
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵
- Suspicious use of AdjustPrivilegeToken
PID:5736
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Ida64.exe >nul 2>&14⤵PID:5764
-
C:\Windows\system32\taskkill.exetaskkill /f /im Ida64.exe5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:5788
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:5776
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵
- Suspicious use of AdjustPrivilegeToken
PID:5816
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im OllyDbg.exe >nul 2>&14⤵PID:5852
-
C:\Windows\system32\taskkill.exetaskkill /f /im OllyDbg.exe5⤵
- Suspicious use of AdjustPrivilegeToken
PID:5876
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:5864
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵
- Suspicious use of AdjustPrivilegeToken
PID:5896
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Dbg64.exe >nul 2>&14⤵PID:5932
-
C:\Windows\system32\taskkill.exetaskkill /f /im Dbg64.exe5⤵
- Suspicious use of AdjustPrivilegeToken
PID:5956
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:5944
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:5976
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Dbg32.exe >nul 2>&14⤵PID:6012
-
C:\Windows\system32\taskkill.exetaskkill /f /im Dbg32.exe5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:6036
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:6024
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵
- Suspicious use of AdjustPrivilegeToken
PID:6056
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls4⤵PID:6084
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic baseboard get serialnumber4⤵PID:6104
-
C:\Windows\System32\Wbem\WMIC.exewmic baseboard get serialnumber5⤵
- Suspicious use of AdjustPrivilegeToken
PID:6136
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&14⤵PID:6116
-
C:\Windows\system32\sc.exesc stop HTTPDebuggerPro5⤵
- Launches sc.exe
PID:6128
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:5128
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:5248
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&14⤵PID:2960
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T5⤵
- Suspicious use of AdjustPrivilegeToken
PID:4364
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:5476
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:1748
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic bios get serialnumber4⤵PID:220
-
C:\Windows\System32\Wbem\WMIC.exewmic bios get serialnumber5⤵PID:192
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:2008
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵
- Kills process with taskkill
PID:4428
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&14⤵PID:1968
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T5⤵PID:1984
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic cpu get serialnumber4⤵PID:5544
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get serialnumber5⤵PID:5556
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:5552
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:5624
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&14⤵PID:5612
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T5⤵PID:5508
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wmic diskdrive get serialnumber4⤵PID:5568
-
C:\Windows\System32\Wbem\WMIC.exewmic diskdrive get serialnumber5⤵PID:5512
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&14⤵PID:5676
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebuggerUI.exe5⤵
- Kills process with taskkill
PID:5664
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:5632
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:5708
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&14⤵PID:5760
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebuggerSvc.exe5⤵PID:5752
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:4308
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:5836
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c vol | findstr Serial4⤵PID:5812
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /S /D /c" vol "5⤵PID:5804
-
-
C:\Windows\system32\findstr.exefindstr Serial5⤵PID:5788
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&14⤵PID:5784
-
C:\Windows\system32\sc.exesc stop HTTPDebuggerPro5⤵
- Launches sc.exe
PID:5904
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c getmac4⤵PID:5880
-
C:\Windows\system32\getmac.exegetmac5⤵PID:5860
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:5924
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵
- Kills process with taskkill
PID:5872
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&14⤵PID:5912
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T5⤵
- Kills process with taskkill
PID:6008
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:5932
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:5944
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:2740
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:1880
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&14⤵PID:6092
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T5⤵
- Kills process with taskkill
PID:6064
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&14⤵PID:364
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T5⤵
- Kills process with taskkill
PID:1240
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:4264
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:428
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&14⤵PID:4948
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T5⤵
- Kills process with taskkill
PID:656
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:1448
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵
- Kills process with taskkill
PID:3140
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&14⤵PID:1340
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T5⤵PID:2944
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:3648
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵
- Kills process with taskkill
PID:2328
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&14⤵PID:5184
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T5⤵
- Kills process with taskkill
PID:5268
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:5232
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:3052
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&14⤵PID:4412
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T5⤵PID:5056
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:4936
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:5000
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&14⤵PID:5156
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T5⤵
- Kills process with taskkill
PID:1384
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:4740
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:4192
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:1176
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:4716
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&14⤵PID:60
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq charles*" /IM * /F /T5⤵PID:5348
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls4⤵PID:4140
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c color 0B4⤵PID:1636
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:3000
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:2760
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&14⤵PID:1884
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T5⤵
- Kills process with taskkill
PID:2268
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&14⤵PID:3368
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq ida*" /IM * /F /T5⤵PID:5128
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:1264
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:5456
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:6136
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:6104
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&14⤵PID:4520
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T5⤵PID:4560
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:5480
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:4628
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&14⤵PID:4468
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T5⤵PID:356
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:5492
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:5408
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c color 0B4⤵PID:2920
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&14⤵PID:588
-
C:\Windows\system32\sc.exesc stop HTTPDebuggerPro5⤵
- Launches sc.exe
PID:5500
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c color 0B4⤵PID:5376
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c color 0B4⤵PID:5576
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:5580
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵
- Kills process with taskkill
PID:5636
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerProSdk >nul 2>&14⤵PID:4476
-
C:\Windows\system32\sc.exesc stop HTTPDebuggerProSdk5⤵
- Launches sc.exe
PID:5620
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:5520
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:5684
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&14⤵PID:5624
-
C:\Windows\system32\sc.exesc stop KProcessHacker35⤵
- Launches sc.exe
PID:5728
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&14⤵PID:5656
-
C:\Windows\system32\sc.exesc stop KProcessHacker25⤵
- Launches sc.exe
PID:5688
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:5704
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵
- Kills process with taskkill
PID:5712
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&14⤵PID:5512
-
C:\Windows\system32\sc.exesc stop KProcessHacker15⤵
- Launches sc.exe
PID:5568
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:5744
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:5756
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&14⤵PID:5752
-
C:\Windows\system32\sc.exesc stop wireshark5⤵
- Launches sc.exe
PID:5768
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&14⤵PID:5828
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebuggerUI.exe5⤵
- Kills process with taskkill
PID:5908
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:908
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:2692
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&14⤵PID:4388
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebuggerSvc.exe5⤵PID:3916
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:1520
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:4932
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&14⤵PID:2968
-
C:\Windows\system32\sc.exesc stop HTTPDebuggerPro5⤵
- Launches sc.exe
PID:3196
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&14⤵PID:5868
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T5⤵PID:6068
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:5984
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:5600
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:4276
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵
- Kills process with taskkill
PID:4908
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&14⤵PID:4624
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T5⤵PID:4284
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:2876
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:4280
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&14⤵PID:3060
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T5⤵
- Kills process with taskkill
PID:4124
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&14⤵PID:1260
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T5⤵
- Kills process with taskkill
PID:2328
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:3648
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:4156
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&14⤵PID:5236
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T5⤵
- Kills process with taskkill
PID:1372
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:4912
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:5160
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&14⤵PID:5116
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T5⤵PID:4188
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:1944
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵
- Kills process with taskkill
PID:1960
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&14⤵PID:4436
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T5⤵
- Kills process with taskkill
PID:4236
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:692
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵
- Kills process with taskkill
PID:420
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq die*" /IM * /F /T >nul 2>&14⤵PID:1164
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq die*" /IM * /F /T5⤵
- Kills process with taskkill
PID:5400
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:5244
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:1032
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&14⤵PID:1804
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebuggerSvc.exe5⤵
- Kills process with taskkill
PID:1036
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:4576
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:2564
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebugger.exe >nul 2>&14⤵PID:3500
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebugger.exe5⤵PID:3092
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:4580
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:4408
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im FolderChangesView.exe >nul 2>&14⤵PID:5016
-
C:\Windows\system32\taskkill.exetaskkill /f /im FolderChangesView.exe5⤵
- Kills process with taskkill
PID:4744
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:3300
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:3284
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c sc stop HttpDebuggerSdk >nul 2>&14⤵PID:4320
-
C:\Windows\system32\sc.exesc stop HttpDebuggerSdk5⤵
- Launches sc.exe
PID:4328
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&14⤵PID:5324
-
C:\Windows\system32\sc.exesc stop npf5⤵
- Launches sc.exe
PID:6140
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:5340
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:1872
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq floss*" /IM * /F /T >nul 2>&14⤵PID:1472
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq floss*" /IM * /F /T5⤵PID:3612
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:6108
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:5484
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&14⤵PID:3340
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebuggerUI.exe5⤵PID:5440
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:5476
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵
- Kills process with taskkill
PID:5464
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&14⤵PID:4596
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebuggerSvc.exe5⤵PID:888
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:2352
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵
- Kills process with taskkill
PID:5592
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Ida64.exe >nul 2>&14⤵PID:5604
-
C:\Windows\system32\taskkill.exetaskkill /f /im Ida64.exe5⤵
- Kills process with taskkill
PID:5500
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:5564
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵
- Kills process with taskkill
PID:5576
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im OllyDbg.exe >nul 2>&14⤵PID:5572
-
C:\Windows\system32\taskkill.exetaskkill /f /im OllyDbg.exe5⤵PID:5528
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:5672
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:5728
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Dbg64.exe >nul 2>&14⤵PID:5488
-
C:\Windows\system32\taskkill.exetaskkill /f /im Dbg64.exe5⤵PID:5684
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:5688
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:5632
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Dbg32.exe >nul 2>&14⤵PID:5656
-
C:\Windows\system32\taskkill.exetaskkill /f /im Dbg32.exe5⤵
- Kills process with taskkill
PID:5724
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:5512
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵
- Kills process with taskkill
PID:5752
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&14⤵PID:5768
-
C:\Windows\system32\sc.exesc stop HTTPDebuggerPro5⤵
- Launches sc.exe
PID:3820
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&14⤵PID:5736
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T5⤵PID:5780
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:5744
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:4992
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:1584
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:360
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&14⤵PID:2892
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T5⤵PID:2976
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:404
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵
- Kills process with taskkill
PID:2420
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&14⤵PID:5404
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T5⤵PID:2888
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&14⤵PID:6044
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebuggerUI.exe5⤵PID:6036
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:5600
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:5872
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&14⤵PID:4496
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebuggerSvc.exe5⤵PID:364
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:4908
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:5860
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:4164
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:1448
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&14⤵PID:4924
-
C:\Windows\system32\sc.exesc stop HTTPDebuggerPro5⤵
- Launches sc.exe
PID:4280
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:3112
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:4008
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&14⤵PID:4948
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T5⤵
- Kills process with taskkill
PID:1260
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:5268
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:3648
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&14⤵PID:5220
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T5⤵PID:1372
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:3876
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:2236
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&14⤵PID:400
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T5⤵
- Kills process with taskkill
PID:3712
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:1176
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵
- Kills process with taskkill
PID:2688
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&14⤵PID:1536
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T5⤵
- Kills process with taskkill
PID:2728
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:3068
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:2936
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&14⤵PID:2736
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T5⤵PID:4744
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:4328
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:3420
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&14⤵PID:4320
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T5⤵
- Kills process with taskkill
PID:5324
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:1872
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:2884
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&14⤵PID:5340
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T5⤵
- Kills process with taskkill
PID:1472
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:316
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:3136
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&14⤵PID:6112
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T5⤵PID:4560
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:168
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:5480
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&14⤵PID:888
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq charles*" /IM * /F /T5⤵PID:4428
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:2920
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵
- Kills process with taskkill
PID:2352
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&14⤵PID:4944
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T5⤵
- Kills process with taskkill
PID:5356
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:5620
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:5616
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&14⤵PID:5044
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq ida*" /IM * /F /T5⤵
- Kills process with taskkill
PID:2036
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:5504
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵
- Kills process with taskkill
PID:5732
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&14⤵PID:5548
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T5⤵PID:5676
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:5628
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:5688
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&14⤵PID:5756
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T5⤵PID:3212
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:5772
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵
- Kills process with taskkill
PID:5752
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:5020
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵
- Kills process with taskkill
PID:5836
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&14⤵PID:4892
-
C:\Windows\system32\sc.exesc stop HTTPDebuggerPro5⤵
- Launches sc.exe
PID:4380
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerProSdk >nul 2>&14⤵PID:4984
-
C:\Windows\system32\sc.exesc stop HTTPDebuggerProSdk5⤵
- Launches sc.exe
PID:908
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&14⤵PID:2272
-
C:\Windows\system32\sc.exesc stop KProcessHacker35⤵
- Launches sc.exe
PID:2892
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:4388
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:2976
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:5912
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵
- Kills process with taskkill
PID:3196
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&14⤵PID:6092
-
C:\Windows\system32\sc.exesc stop KProcessHacker25⤵
- Launches sc.exe
PID:2420
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&14⤵PID:5404
-
C:\Windows\system32\sc.exesc stop KProcessHacker15⤵
- Launches sc.exe
PID:5968
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:4824
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:6068
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&14⤵PID:5984
-
C:\Windows\system32\sc.exesc stop wireshark5⤵
- Launches sc.exe
PID:5872
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:6044
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵
- Kills process with taskkill
PID:5600
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&14⤵PID:4700
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebuggerUI.exe5⤵PID:3752
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:364
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:1880
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&14⤵PID:428
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebuggerSvc.exe5⤵
- Kills process with taskkill
PID:4496
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:988
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵
- Kills process with taskkill
PID:4860
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&14⤵PID:2328
-
C:\Windows\system32\sc.exesc stop HTTPDebuggerPro5⤵
- Launches sc.exe
PID:5368
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&14⤵PID:5208
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T5⤵
- Kills process with taskkill
PID:5264
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:4660
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:3112
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:5172
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵
- Kills process with taskkill
PID:5060
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&14⤵PID:3220
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T5⤵
- Kills process with taskkill
PID:4156
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:5048
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:5412
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&14⤵PID:3876
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T5⤵PID:1136
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:5156
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:3716
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&14⤵PID:1884
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T5⤵PID:5468
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:5084
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵
- Kills process with taskkill
PID:2688
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&14⤵PID:4644
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T5⤵
- Kills process with taskkill
PID:4716
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:3000
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:3120
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&14⤵PID:4808
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T5⤵
- Kills process with taskkill
PID:4744
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:5072
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:3300
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&14⤵PID:368
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T5⤵PID:3420
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:5444
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵
- Kills process with taskkill
PID:5452
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq die*" /IM * /F /T >nul 2>&14⤵PID:692
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq die*" /IM * /F /T5⤵PID:3288
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&14⤵PID:5272
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebuggerSvc.exe5⤵PID:1472
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:3136
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:5340
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebugger.exe >nul 2>&14⤵PID:3340
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebugger.exe5⤵PID:4560
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:5480
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵
- Kills process with taskkill
PID:6112
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im FolderChangesView.exe >nul 2>&14⤵PID:4428
-
C:\Windows\system32\taskkill.exetaskkill /f /im FolderChangesView.exe5⤵PID:5536
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:3168
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵
- Kills process with taskkill
PID:1468
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c sc stop HttpDebuggerSdk >nul 2>&14⤵PID:5580
-
C:\Windows\system32\sc.exesc stop HttpDebuggerSdk5⤵
- Launches sc.exe
PID:5080
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:5544
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:3808
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&14⤵PID:5620
-
C:\Windows\system32\sc.exesc stop npf5⤵
- Launches sc.exe
PID:5668
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq floss*" /IM * /F /T >nul 2>&14⤵PID:5364
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq floss*" /IM * /F /T5⤵PID:5124
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:5560
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵
- Kills process with taskkill
PID:5672
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:5652
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:5676
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&14⤵PID:5696
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebuggerUI.exe5⤵PID:2980
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&14⤵PID:3224
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebuggerSvc.exe5⤵PID:5908
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:4524
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:3212
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:4928
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:3184
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Ida64.exe >nul 2>&14⤵PID:5940
-
C:\Windows\system32\taskkill.exetaskkill /f /im Ida64.exe5⤵PID:5780
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:1584
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:3528
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im OllyDbg.exe >nul 2>&14⤵PID:2792
-
C:\Windows\system32\taskkill.exetaskkill /f /im OllyDbg.exe5⤵PID:2692
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:1520
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵
- Kills process with taskkill
PID:3196
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Dbg64.exe >nul 2>&14⤵PID:208
-
C:\Windows\system32\taskkill.exetaskkill /f /im Dbg64.exe5⤵PID:6048
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&14⤵PID:6096
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe5⤵PID:6084
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Dbg32.exe >nul 2>&14⤵PID:404
-
C:\Windows\system32\taskkill.exetaskkill /f /im Dbg32.exe5⤵PID:5984
-
-
-
-
-
C:\Windows\ImmersiveControlPanel\SystemSettings.exe"C:\Windows\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel1⤵PID:6008
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}1⤵PID:2740
-
\??\c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs1⤵PID:6116
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /71⤵PID:2536
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
385KB
MD51ce7d5a1566c8c449d0f6772a8c27900
SHA160854185f6338e1bfc7497fd41aa44c5c00d8f85
SHA25673170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf
SHA5127e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753
-
Filesize
9KB
MD595615bb09afcfc1dfecfd644d87ea109
SHA1f41fe9b42d976360265707885fdd9fb692b8ce74
SHA256170cdc89c707e27958fc00cb8ee3ee2a124d451786ef11f3d0f0ea653e92f82f
SHA51268be2b8a1f12809b6b1f68d3ff48ffa46cdb297f33efc03911c5759bb036cebd778318b7e84bccb8b0d61fb182e0448d8220c35eb52e05aa7a2c2c6c3f942e9f
-
Filesize
44KB
MD59bbf9a4883ab198e712449527b9f9e18
SHA14db272b36c5f79b253ea94e4dde206be2fbb52f4
SHA2565ed1a539ec558d89c51363242ebf1b1975862eca3c5f54a4ee897a59e012c2fc
SHA512b46489a9963b9a1039372221ddc2a0bd621b11547d69e4724565775fe6cabe9ce0d9094c5279a74d378a498478f26756214368adffea847400ebdd071ce58de1
-
Filesize
2KB
MD5997683a1735d5738412ea0b33aea070f
SHA17edce2f3a4d8d756532594b0931b15cc93bc6f3a
SHA2563584b8cd0d58f78acf86c2f383443192bfa421307a53ac173ade5bfc7d81d0d4
SHA5121b3493c9049d879abcd15c42d8458b7a8379440e2a9975b0d166060fb07d565b18b675dfe5010351bfaddb6c8a5992ce8a871a5d18570326875fcd5b3e868e0f
-
Filesize
2KB
MD5e624a1d19a0566b80a982bd4b65cb197
SHA14225c9760d24ddeda3c64800ebbb2b1027dd2a35
SHA2560413d3194b884d6ca71ef4b72b63f9ba349a292c2e9a5060c37b1b67fdbc9565
SHA512ef0ed14ce7cfd322364a45f69dcf39ee0740ab28d6329d2a6c747ce53aa0522c758b4465aa5f0a5da69454f12d14f69cf50bb3e4c2748a7a32b10679b5edbc9a
-
Filesize
701B
MD5396a4eaae401b1f32c79c247c2f94982
SHA1330666d8fbe007556fc53bda9fab2ca4dea5741c
SHA256e4496c33421f5390a5cc9f2d2248a0a21de8683451480827dac6e4995a662279
SHA51289a86cdf38cdcebdfc86348199428222b8200ab8c3c24b1df7eff8e460333662bd0836ca8337db81c2964e4fa28819cdbed4b1684050aae67c94521200f4df04
-
Filesize
312B
MD50c04ad1083dc5c7c45e3ee2cd344ae38
SHA1f1cf190f8ca93000e56d49732e9e827e2554c46f
SHA2566452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0
SHA5126c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492
-
Filesize
424B
MD5f8d29c406be7ebdb29263e7c8aea30db
SHA18ee8016ef567ea3b0ba98c6d0e4dcbae7af79b3c
SHA256ecf79402aaa1913c0eea09d07262036a1f5ee408839998d1b093ed9e062fc645
SHA512ee48bbfdef08446be1daeac16bc8c64cc101675e8d7f40f4e3d9d72d44c2b395f186b1e4f397caa43cfa68c91f32893bd063f08af2cdaf9dddf45f160fd698ee
-
Filesize
424B
MD508e6555f0c3fc061e65089eac843a987
SHA195b89b49298aec6dcfca7f067cf833e201f5b483
SHA25641c432167b89bf7ddfb4232c86768624e0daeef81618481426125e54ee3860ac
SHA512caf6374ba1b3cc779bd714844a8fb601540506ade67e401f424ccc4f0a39b2774003121b113b5175f1f292cd293b515b225f108ef08820e8aea008c1439f3606
-
Filesize
1KB
MD5f2015dd5e5366aa8419481890fb47685
SHA1ab6fed54eb311c0663d445a71d291653cb8ed770
SHA256864f3c7b57921409d1bccbdf10f76a4323d43a7b94322f178e922a08f5356e4b
SHA5127f33011af45a8ae89c27b7f829b041ee710cf85092c53a8cd5010755a37daec15c1c5a40e61fa9ec04273754669ba343871e62eac4689f7d1418f42cbaa345f5
-
Filesize
2KB
MD5310c5606c5476f246b5fcd68c77311cd
SHA169ed368904a33aee9f38bc5eeabac087b1917254
SHA25654743e11da4db7a874d23c13f09aa69f13c67328cb5d1f67c92e3eef3a1e50d9
SHA512e5a35ef82c03bb833b1737dbd6832795b391678de1aed195c453ff2d4311b5b060e0bfd33bc9e9426b2720e79dcf3bea7ffdf417a8d8643703a95ab6a3e0dd56
-
Filesize
2KB
MD5b93c2c8379739dc1e8d55367e2964765
SHA12d494d00fc1f158310f1eff67bdd2e70af524e48
SHA256e8c1d2d62b18689217f06558ef9186a67535ef4344057e39808fd20d8da8a906
SHA512281cc2891273f1303bfe0bd52e44385b255e0c9f31e478a3e3cbb52699491d1abe6bffec8b444c8712f151f3eff8dfb81ce84a516a17d79eb73c377154e36807
-
Filesize
2KB
MD5164d47861bc847cab17a4c79f5639c94
SHA107b1414a1cc73750e2e0600a2a15302b8e37c0c6
SHA256192d8dff8c76efd758643b1cb5e4fc8231c6f1e44482af13e7389bb12b1cdf23
SHA5129057eab49a96aca6dad25936749555f6586c6813e89725df174629237bcfc2cb846dbf8783dd3c78f7d20a326a4410c4d27feef9204efcc6badc8c6fbe65c207
-
Filesize
1KB
MD5ff5f58bc56474233e52a2cb99608adaa
SHA13e16d9a0e6766367ad2298f1cd4deba488f321b4
SHA256d92270c410572c9ec305d3bd58d44fe3f33f8ab42875efd54dc1196a05faa873
SHA512480436319fe84cf1587410af26bb934200c830ff5578bb7b58cfb48d01d97b5963a4240928e45d8abf8cbc9a13250d3482e2ac1561f84eef9fb54df5ea031230
-
Filesize
6KB
MD525a099d6e1cd630fe3d26eec0dcf2608
SHA115889b0850298eabc744a9f996b65075b75054e0
SHA25604625e2ce36f900258fa22326b0e262922d5c4f341bf4240fd5672cd0601a560
SHA512e39131c2f691f0f020b2b650826139c27f71d9f2fb88c6da4cea41715e1ca893334fd10d097793aa44de6e3bfcc1e2a9d4a66b630e254e144dbcd2225d9dbd6b
-
Filesize
6KB
MD5380e5e014f9fb6b2c9add725aa4e6eb7
SHA129fcd8905e2f299b22891566167f7ead69feb98f
SHA2560c2f480261f7c8ed2bdebe5338999108bdf27e75230d26cc9edc290657864cff
SHA512e149f11cb4d9502898fb0ec70c930dbe3115cee812092589ed7364536b6dca0aec6defafce23bf02f016418d23b2b18af17ea61fc65bfcfa2c6f43f75666ce3b
-
Filesize
6KB
MD5e5412e8ed3d7fd9f24318efcaf093431
SHA1233d94a5755d77d755eec53f764fcc2b485d6d44
SHA256740195a100afb9ce8b7da77d0b18cab774b995736153378df8253b038811cf43
SHA512256a667acf9ebde429803d07ea5d4e1a59f86d755db169a4109b39f502a404678051e2a98a7e88dd7b75de5fd1245d6040255c3b021ca62bd7476f720cafc0fc
-
Filesize
1KB
MD5465c71d2871617020c55c8704abf7c5b
SHA1bf9f0ea610bcca905cf1955799c51a9d02273a19
SHA2561209a82c6bc449489194cf65ed5ba20a4fd62fd787dcf743e43743ebd3da3cd2
SHA51222e39e814a99c589fe0b650d4302d7affdc40251c2300309f1b8a7710829304efc813796f27c1a9b8c1bbf901d0e67adab6520415e1d824db6e6713994bcf103
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\db\data.safe.bin
Filesize2KB
MD59eba0120402778d29bca0d90d46489e3
SHA1a1a4878f6ea9f7b7e5940b17dd89bce41c828113
SHA2563bedf94710b6ce9969b017584adbd90ae921c5652ce5e4abc7f15cf3d5eeb323
SHA512d86278cb4c5e2eca167ddf7d69a7fd3ecfbce15a88f7927ba1e9ffc0495010e47adc4564f34283d779383b7139d7cb2247d759116ae7b0b68de69772d0ca1061
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\0173dc66-d916-4cdb-9012-e50cb078e35c
Filesize10KB
MD59b17280392376960a002193a27dde902
SHA1a91d1b3d7fe5cd930e779782457e58478d8006e5
SHA2567b5b5bba67de25b261c8699e7a343ecaa6f6261d28c61e03c1fc2aff3fe6dbb6
SHA512a0cc73d465e70ddc4049618b9815865643176442240e11cfb34b37aa76561ed8e108fdb5cb709d7670dceb0d96260eec12778693fe5692f74b763f9ccfd95859
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\316ef601-fc83-4b78-ba33-6b9162b34505
Filesize746B
MD5fc339fb05c835146eb4076a8934ec1e7
SHA19f7425c4195a2d9ad13d0dc16a22208b5faedfe4
SHA256d997610476c295fa9719319c2e9b49c79d417d5000521c960eac5c973326aec5
SHA512a80834550286c4131040cf6dc1e8450176cb455f46263006fe48f2a804ffe19d4e69090e5bea657db1abc04331ae394f3a6e5a4a6da8bca2ae3b14c0f4ee73f4
-
Filesize
6KB
MD5f3d6c4acb9fc2c1bd8b15249316f17f7
SHA19a48487c58641735557c2ee293139b7484c19c0a
SHA25621c292fbcbef0af0963a80b95e1bff30d7ea01cfd9a9657daddc6c4f14e15eba
SHA512d5459b2ed68a15a898fcfdc6b74c80c12cf67d6ae50c3a22484d384cf6c68e27fb2c093a6dbe05632d727305327cd7d603974a5761e61d06646468bc5032b2c9
-
Filesize
6KB
MD562c5a89faf2130dfa96598ce787ed724
SHA14552e2864f09361fb4b4755bf13a1b2ff6096b33
SHA2561725834aa1f8c344d3d4e06883b54d14ef5b27a998980f44ab5f011e1b287b9d
SHA51223bce41ef02103c78ef2a1ffff93a73cfb5b2066f70e81460e1ab6ed4c5edbffba1d8786488d787fdb7d50c3660eb5de71274fef61cee63827f5ed65cb6ad87d
-
Filesize
6KB
MD51540678e0e6106aef00cca34dba6e900
SHA18829fe4848a79f50f57d4da0e76d6bfc117d0afb
SHA256be6a9f248e8574f1616f171f65d4ae5c7ec5d28ba2f2868630479c712b1483d9
SHA5122a942ee740ff7680f62097a98f50ffb6a370ad4cb79e9b760d979aba9b0d03c1ad449ff0c96db9f3c44ea0ff43bea5ba2031a02732766141458ce29d735f40c3
-
Filesize
6KB
MD5b3c9a64ab8e278aed38607503ae0d838
SHA1e18136797f3c0c20df9a8da7e2b82d01024e26ae
SHA256de14f32acd7267b00ceaea7f5b59364c565f9cdb21a87eb235651f650e446f60
SHA5121b1c0fb446cd6f925322a5200c5a71e41a403e94e80cdd989183b54fd5fedb94353931226d137bd17a55b152486df7fdbc5e44abe993ba5486ae78922e4345a1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionCheckpoints.json.tmp
Filesize259B
MD5700fe59d2eb10b8cd28525fcc46bc0cc
SHA1339badf0e1eba5332bff317d7cf8a41d5860390d
SHA2564f5d849bdf4a5eeeb5da8836589e064e31c8e94129d4e55b1c69a6f98fb9f9ea
SHA5123fa1b3fd4277d5900140e013b1035cb4c72065afcc6b6a8595b43101cfe7d09e75554a877e4a01bb80b0d7a58cdcfe553c4a9ef308c5695c5e77cb0ea99bada4
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore.jsonlz4
Filesize1KB
MD58b918497474ef371ae7f3454e248287b
SHA16188f0ac6c4a0d9dad96827597347434a74a1fa9
SHA25607be6eacd67bb0365b0693bae3f73d4adbe5137aeb95070354b96ad142ab155d
SHA5121a4e7fc0ff50750b97c79b0164cf26a96ad26c301e0b4ba21d9ba09acd24150b6581be4aa678714cd137359b51ed603a109be5bb8e3c6d8a3e780d766b85ceaa
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize184KB
MD50d0013d9708d9fef539adc917f5b87f6
SHA15e071e6b4d8abf007c8bb78ee948caf5bb0439e1
SHA256f416d29cdbaa66b7d04483831d2a593a735316fafb643414a12df78da0ab054b
SHA512851e9965a0fed9e0f5195ce655635cf13687d18678e4a9df807ab22cbc53c02cd2006fd65d93cd80b2a06d709e59122ea9933ba5cec551c6d51f5e9b4c175388
-
Filesize
5.3MB
MD58f88795b9df3306f8f9f24b413dea84f
SHA1b7a60c2a54be9c85c8f1a1e88e31c69647d708ab
SHA2561a6f8a9b534719c549cbcbed6a90c35885cd3d098f92b9a05a4b4922f4d8919e
SHA512f39daf69c829e012ef23b8d0540f894778de00defcb22c0407e5b43be3ccb51f39e6ac2a40afb722dbf0ba318cae08371c4d77148b6905da6f2777ba533dbf29
-
Filesize
61KB
MD5b601b3b7427748a2561a8ab81408fd0e
SHA1b25d6575edab936c209df2549b191339a1bf035a
SHA256486feda63c9005bb392f40eda1ea5a8e12e8081becdfc82fb7db2b719f5788ed
SHA512123f46666ad945e7d34db267d6c2440e35f6f040abf088b86603e6f8d90aa11c361bcd38c7f4fa0e33164f676da3ad45572f63dedf685c9e381bc7a52f7685e8