Malware Analysis Report

2024-12-07 15:34

Sample ID 241113-xjtfvaxfmp
Target spoofer__tpm.rar
SHA256 c44a0dba022b82e964339064fa76fe86cb550373e126633c2fb08bbdceb7e450
Tags
evasion execution discovery
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

c44a0dba022b82e964339064fa76fe86cb550373e126633c2fb08bbdceb7e450

Threat Level: Likely malicious

The file spoofer__tpm.rar was found to be: Likely malicious.

Malicious Activity Summary

evasion execution discovery

Blocklisted process makes network request

Stops running service(s)

Launches sc.exe

System Location Discovery: System Language Discovery

Unsigned PE

Kills process with taskkill

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Runs net.exe

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-13 18:53

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-11-13 18:53

Reported

2024-11-13 18:56

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

156s

Command Line

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\SpooferX\Serialchecker.bat"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 624 wrote to memory of 5112 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cscript.exe
PID 624 wrote to memory of 5112 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cscript.exe
PID 624 wrote to memory of 4268 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 624 wrote to memory of 4268 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 624 wrote to memory of 1664 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 624 wrote to memory of 1664 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 624 wrote to memory of 1016 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 624 wrote to memory of 1016 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 624 wrote to memory of 2248 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 624 wrote to memory of 2248 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 624 wrote to memory of 4584 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 624 wrote to memory of 4584 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 624 wrote to memory of 5072 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 624 wrote to memory of 5072 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 624 wrote to memory of 3392 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\getmac.exe
PID 624 wrote to memory of 3392 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\getmac.exe

Processes

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\SpooferX\Serialchecker.bat"

C:\Windows\system32\cscript.exe

cscript //nologo "C:\temp\popup.vbs"

C:\Windows\System32\Wbem\WMIC.exe

wmic baseboard get serialnumber

C:\Windows\System32\Wbem\WMIC.exe

wmic systemenclosure get serialnumber

C:\Windows\System32\Wbem\WMIC.exe

wmic path win32_computersystemproduct get uuid

C:\Windows\System32\Wbem\WMIC.exe

wmic bios get serialnumber

C:\Windows\System32\Wbem\WMIC.exe

wmic cpu get serialnumber

C:\Windows\system32\reg.exe

reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v ProductID

C:\Windows\system32\getmac.exe

getmac

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 88.16.208.104.in-addr.arpa udp

Files

C:\temp\popup.vbs

MD5 5e7ba0fcfadcbe82f772b97450f0a0a3
SHA1 8acc8f1c23d32c59f7a0cf0f404b373e09231593
SHA256 d6c62b4b8789e97930036a8a9740f01c918ef2d33e4f6ac470834cbab0a5b644
SHA512 3657eaf2c741b3e26700aae14254bc184716e84a2bedb6e52b79c238c96f5b3f6e4e09dd7bb6be97b22199a1166355cddc1074fb8fa373c032741b7f829865d5

Analysis: behavioral6

Detonation Overview

Submitted

2024-11-13 18:53

Reported

2024-11-13 18:56

Platform

win10v2004-20241007-en

Max time kernel

53s

Max time network

132s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

Signatures

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Stops running service(s)

evasion execution

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1360 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 1912 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 4932 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Windows\system32\cmd.exe
PID 1360 wrote to memory of 4932 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Windows\system32\cmd.exe
PID 1360 wrote to memory of 4716 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 4716 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 3244 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 3244 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 2320 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 436 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 436 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 1240 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 1240 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 3920 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 3920 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 1408 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 1408 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 3520 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 3520 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 3860 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 3860 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 3896 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 3896 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 4480 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 4480 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 4408 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 4408 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 5068 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 5068 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 3148 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 3148 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 1392 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 4484 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 4484 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 552 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 552 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 860 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 860 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 1044 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 4368 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 4368 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 1696 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 3748 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 3748 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 5096 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 5096 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 3228 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 3228 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 4236 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 4236 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 2704 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 1416 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 1360 wrote to memory of 1416 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

Processes

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerUI.exe

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerSvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe" MD5 | find /i /v "md5" | find /i /v "certutil"

C:\Windows\system32\certutil.exe

certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe" MD5

C:\Windows\system32\find.exe

find /i /v "md5"

C:\Windows\system32\find.exe

find /i /v "certutil"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq charles*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq ida*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker3

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&1

C:\Windows\system32\sc.exe

sc stop wireshark

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&1

C:\Windows\system32\sc.exe

sc stop npf

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerUI.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerSvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq charles*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq ida*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker3

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&1

C:\Windows\system32\sc.exe

sc stop wireshark

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&1

C:\Windows\system32\sc.exe

sc stop npf

C:\Windows\System32\Conhost.exe

\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerUI.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerSvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq charles*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq ida*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker3

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&1

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc

C:\Windows\system32\sc.exe

sc stop KProcessHacker2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&1

C:\Windows\system32\sc.exe

sc stop wireshark

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&1

C:\Windows\system32\sc.exe

sc stop npf

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerUI.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerSvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq charles*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq ida*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker3

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&1

C:\Windows\system32\sc.exe

sc stop wireshark

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&1

C:\Windows\system32\sc.exe

sc stop npf

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerUI.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerSvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe

C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe -Embedding

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq charles*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq ida*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker3

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&1

C:\Windows\system32\sc.exe

sc stop wireshark

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&1

C:\Windows\system32\sc.exe

sc stop npf

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerUI.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerSvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq charles*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq ida*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker3

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&1

C:\Windows\system32\sc.exe

sc stop wireshark

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&1

C:\Windows\system32\sc.exe

sc stop npf

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerUI.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerSvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq charles*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq ida*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker3

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&1

C:\Windows\system32\sc.exe

sc stop wireshark

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&1

C:\Windows\system32\sc.exe

sc stop npf

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerUI.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerSvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq charles*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq ida*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker3

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&1

C:\Windows\system32\sc.exe

sc stop wireshark

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&1

C:\Windows\system32\sc.exe

sc stop npf

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerUI.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerSvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq charles*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq ida*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker3

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&1

C:\Windows\system32\sc.exe

sc stop wireshark

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&1

C:\Windows\system32\sc.exe

sc stop npf

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerUI.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerSvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq charles*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq ida*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker3

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&1

C:\Windows\system32\sc.exe

sc stop wireshark

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&1

C:\Windows\system32\sc.exe

sc stop npf

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerUI.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerSvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq charles*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq ida*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker3

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&1

C:\Windows\system32\sc.exe

sc stop wireshark

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&1

C:\Windows\system32\sc.exe

sc stop npf

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerUI.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerSvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq charles*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq ida*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker3

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&1

C:\Windows\system32\sc.exe

sc stop wireshark

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&1

C:\Windows\system32\sc.exe

sc stop npf

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerUI.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerSvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq charles*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq ida*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker3

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&1

C:\Windows\system32\sc.exe

sc stop wireshark

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&1

C:\Windows\system32\sc.exe

sc stop npf

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerUI.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerSvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq charles*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq ida*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker3

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&1

C:\Windows\system32\sc.exe

sc stop wireshark

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&1

C:\Windows\system32\sc.exe

sc stop npf

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerUI.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerSvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq charles*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq ida*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker3

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&1

C:\Windows\system32\sc.exe

sc stop wireshark

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&1

C:\Windows\system32\sc.exe

sc stop npf

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerUI.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerSvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq charles*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq ida*" /IM * /F /T

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 keyauth.win udp
US 104.26.1.5:443 keyauth.win tcp
US 8.8.8.8:53 5.1.26.104.in-addr.arpa udp
US 8.8.8.8:53 168.245.100.95.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
N/A 127.0.0.1:63443 tcp
N/A 127.0.0.1:63445 tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

memory/1360-0-0x00007FF6C0BA7000-0x00007FF6C1369000-memory.dmp

memory/1360-1-0x00007FFE949D0000-0x00007FFE949D2000-memory.dmp

memory/1360-2-0x00007FF6C0AC0000-0x00007FF6C20DC000-memory.dmp

memory/1360-7-0x00007FF6C0AC0000-0x00007FF6C20DC000-memory.dmp

memory/1360-6-0x00007FF6C0AC0000-0x00007FF6C20DC000-memory.dmp

memory/1360-27-0x00007FF6C0BA7000-0x00007FF6C1369000-memory.dmp

memory/1360-32-0x00007FF6C0AC0000-0x00007FF6C20DC000-memory.dmp

memory/1360-31-0x00007FF6C0AC0000-0x00007FF6C20DC000-memory.dmp

memory/1360-39-0x00007FF6C0AC0000-0x00007FF6C20DC000-memory.dmp

memory/1360-62-0x00007FF6C0AC0000-0x00007FF6C20DC000-memory.dmp

memory/1360-99-0x00007FF6C0AC0000-0x00007FF6C20DC000-memory.dmp

memory/1360-135-0x00007FF6C0AC0000-0x00007FF6C20DC000-memory.dmp

memory/1360-171-0x00007FF6C0AC0000-0x00007FF6C20DC000-memory.dmp

memory/1360-208-0x00007FF6C0AC0000-0x00007FF6C20DC000-memory.dmp

memory/1360-242-0x00007FF6C0AC0000-0x00007FF6C20DC000-memory.dmp

memory/1360-279-0x00007FF6C0AC0000-0x00007FF6C20DC000-memory.dmp

memory/1360-316-0x00007FF6C0AC0000-0x00007FF6C20DC000-memory.dmp

memory/1360-353-0x00007FF6C0AC0000-0x00007FF6C20DC000-memory.dmp

memory/1360-386-0x00007FF6C0AC0000-0x00007FF6C20DC000-memory.dmp

memory/1360-422-0x00007FF6C0AC0000-0x00007FF6C20DC000-memory.dmp

memory/1360-459-0x00007FF6C0AC0000-0x00007FF6C20DC000-memory.dmp

memory/1360-495-0x00007FF6C0AC0000-0x00007FF6C20DC000-memory.dmp

Analysis: behavioral7

Detonation Overview

Submitted

2024-11-13 18:53

Reported

2024-11-13 18:56

Platform

win7-20241010-en

Max time kernel

122s

Max time network

142s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ed\RESET_TPM.exe"

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ed\RESET_TPM.exe N/A

Runs net.exe

Processes

C:\Users\Admin\AppData\Local\Temp\ed\RESET_TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\RESET_TPM.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\399.tmp\39A.tmp\3AB.bat C:\Users\Admin\AppData\Local\Temp\ed\RESET_TPM.exe"

C:\Windows\system32\net.exe

net session

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 session

Network

N/A

Files

C:\Users\Admin\AppData\Local\Temp\399.tmp\39A.tmp\3AB.bat

MD5 6e4d807ab27cf5c6d971f01e78aecfe1
SHA1 7f89c6b08d7726fe514a55136ab2990e5351f4d9
SHA256 0149a622580177249896100b835e6d2037479b9181ab94866ee69d52f4b6afda
SHA512 c70b8f94e7edfa866195857dc1d573f844c444a74c5787134f0b97ae9426a8837f002f0d0b42b13e07eaf35d9772721a678542ba5b4c28ffada9273a407b6f3f

Analysis: behavioral8

Detonation Overview

Submitted

2024-11-13 18:53

Reported

2024-11-13 18:56

Platform

win10v2004-20241007-en

Max time kernel

96s

Max time network

99s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ed\RESET_TPM.exe"

Signatures

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ed\RESET_TPM.exe N/A

Runs net.exe

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 536 wrote to memory of 704 N/A C:\Users\Admin\AppData\Local\Temp\ed\RESET_TPM.exe C:\Windows\system32\cmd.exe
PID 536 wrote to memory of 704 N/A C:\Users\Admin\AppData\Local\Temp\ed\RESET_TPM.exe C:\Windows\system32\cmd.exe
PID 704 wrote to memory of 4068 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 704 wrote to memory of 4068 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\net.exe
PID 4068 wrote to memory of 4884 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe
PID 4068 wrote to memory of 4884 N/A C:\Windows\system32\net.exe C:\Windows\system32\net1.exe

Processes

C:\Users\Admin\AppData\Local\Temp\ed\RESET_TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\RESET_TPM.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\832A.tmp\832B.tmp\832C.bat C:\Users\Admin\AppData\Local\Temp\ed\RESET_TPM.exe"

C:\Windows\system32\net.exe

net session

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 session

Network

Country Destination Domain Proto
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\832A.tmp\832B.tmp\832C.bat

MD5 6e4d807ab27cf5c6d971f01e78aecfe1
SHA1 7f89c6b08d7726fe514a55136ab2990e5351f4d9
SHA256 0149a622580177249896100b835e6d2037479b9181ab94866ee69d52f4b6afda
SHA512 c70b8f94e7edfa866195857dc1d573f844c444a74c5787134f0b97ae9426a8837f002f0d0b42b13e07eaf35d9772721a678542ba5b4c28ffada9273a407b6f3f

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 18:53

Reported

2024-11-13 18:56

Platform

win7-20240903-en

Max time kernel

121s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\SpooferX\Saqxz Permanent.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\SpooferX\Saqxz Permanent.exe

"C:\Users\Admin\AppData\Local\Temp\SpooferX\Saqxz Permanent.exe"

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-13 18:53

Reported

2024-11-13 18:56

Platform

win10v2004-20241007-en

Max time kernel

94s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\SpooferX\Saqxz Permanent.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\SpooferX\Saqxz Permanent.exe

"C:\Users\Admin\AppData\Local\Temp\SpooferX\Saqxz Permanent.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-13 18:53

Reported

2024-11-13 18:56

Platform

win7-20240903-en

Max time kernel

121s

Max time network

122s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\SpooferX\Serialchecker.bat"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2616 wrote to memory of 2632 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cscript.exe
PID 2616 wrote to memory of 2632 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cscript.exe
PID 2616 wrote to memory of 2632 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\cscript.exe
PID 2616 wrote to memory of 2788 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 2616 wrote to memory of 2788 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 2616 wrote to memory of 2788 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 2616 wrote to memory of 2640 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 2616 wrote to memory of 2640 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 2616 wrote to memory of 2640 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 2616 wrote to memory of 2840 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 2616 wrote to memory of 2840 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 2616 wrote to memory of 2840 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 2616 wrote to memory of 2692 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 2616 wrote to memory of 2692 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 2616 wrote to memory of 2692 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 2616 wrote to memory of 2516 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 2616 wrote to memory of 2516 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 2616 wrote to memory of 2516 N/A C:\Windows\system32\cmd.exe C:\Windows\System32\Wbem\WMIC.exe
PID 2616 wrote to memory of 2596 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 2616 wrote to memory of 2596 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 2616 wrote to memory of 2596 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\reg.exe
PID 2616 wrote to memory of 1296 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\getmac.exe
PID 2616 wrote to memory of 1296 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\getmac.exe
PID 2616 wrote to memory of 1296 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\getmac.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\SpooferX\Serialchecker.bat"

C:\Windows\system32\cscript.exe

cscript //nologo "C:\temp\popup.vbs"

C:\Windows\System32\Wbem\WMIC.exe

wmic baseboard get serialnumber

C:\Windows\System32\Wbem\WMIC.exe

wmic systemenclosure get serialnumber

C:\Windows\System32\Wbem\WMIC.exe

wmic path win32_computersystemproduct get uuid

C:\Windows\System32\Wbem\WMIC.exe

wmic bios get serialnumber

C:\Windows\System32\Wbem\WMIC.exe

wmic cpu get serialnumber

C:\Windows\system32\reg.exe

reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v ProductID

C:\Windows\system32\getmac.exe

getmac

Network

N/A

Files

C:\temp\popup.vbs

MD5 5e7ba0fcfadcbe82f772b97450f0a0a3
SHA1 8acc8f1c23d32c59f7a0cf0f404b373e09231593
SHA256 d6c62b4b8789e97930036a8a9740f01c918ef2d33e4f6ac470834cbab0a5b644
SHA512 3657eaf2c741b3e26700aae14254bc184716e84a2bedb6e52b79c238c96f5b3f6e4e09dd7bb6be97b22199a1166355cddc1074fb8fa373c032741b7f829865d5

Analysis: behavioral5

Detonation Overview

Submitted

2024-11-13 18:53

Reported

2024-11-13 18:56

Platform

win7-20240903-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

Signatures

Stops running service(s)

evasion execution

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A
N/A N/A C:\Windows\system32\sc.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A N/A N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2196 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 2196 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 2196 wrote to memory of 2812 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 2196 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 2196 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 2196 wrote to memory of 2848 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 2196 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Windows\system32\cmd.exe
PID 2196 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Windows\system32\cmd.exe
PID 2196 wrote to memory of 2788 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Windows\system32\cmd.exe
PID 2788 wrote to memory of 2960 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 2788 wrote to memory of 2960 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 2788 wrote to memory of 2960 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 2196 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 2196 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 2196 wrote to memory of 2652 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 2196 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 2196 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 2196 wrote to memory of 2536 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 2196 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 2196 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 2196 wrote to memory of 2824 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 2196 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 2196 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 2196 wrote to memory of 2800 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 2196 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 2196 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 2196 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 2196 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 2196 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 2196 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 2196 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 2196 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 2196 wrote to memory of 2584 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 2196 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Windows\system32\cmd.exe
PID 2196 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Windows\system32\cmd.exe
PID 2196 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Windows\system32\cmd.exe
PID 2196 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 2196 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 2196 wrote to memory of 2528 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 2196 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 2196 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 2196 wrote to memory of 2524 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 2196 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 2196 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 2196 wrote to memory of 2544 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 2196 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 2196 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 2196 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 2196 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 2196 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 2196 wrote to memory of 2592 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 2860 wrote to memory of 1652 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 2860 wrote to memory of 1652 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 2860 wrote to memory of 1652 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 2196 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 2196 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 2196 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 2196 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 2196 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 2196 wrote to memory of 3040 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 2196 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 2196 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 2196 wrote to memory of 3036 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe
PID 2196 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

Processes

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerUI.exe

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerSvc.exe

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>&1

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>&1

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq charles*" /IM * /F /T

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq ida*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker3

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&1

C:\Windows\system32\sc.exe

sc stop wireshark

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&1

C:\Windows\system32\sc.exe

sc stop npf

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerUI.exe

C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe

"C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerSvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe" MD5 | find /i /v "md5" | find /i /v "certutil"

C:\Windows\system32\certutil.exe

certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\ed\Bypass TPM.exe" MD5

C:\Windows\system32\find.exe

find /i /v "md5"

C:\Windows\system32\find.exe

find /i /v "certutil"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq charles*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq ida*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker3

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&1

C:\Windows\system32\sc.exe

sc stop wireshark

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&1

C:\Windows\system32\sc.exe

sc stop npf

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerUI.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerSvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq charles*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq ida*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker3

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&1

C:\Windows\system32\sc.exe

sc stop wireshark

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&1

C:\Windows\system32\sc.exe

sc stop npf

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerUI.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerSvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq charles*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq ida*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker3

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&1

C:\Windows\system32\sc.exe

sc stop wireshark

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&1

C:\Windows\system32\sc.exe

sc stop npf

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerUI.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerSvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq charles*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq ida*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker3

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&1

C:\Windows\system32\sc.exe

sc stop wireshark

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&1

C:\Windows\system32\sc.exe

sc stop npf

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerUI.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerSvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq charles*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq ida*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker3

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&1

C:\Windows\system32\sc.exe

sc stop wireshark

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&1

C:\Windows\system32\sc.exe

sc stop npf

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerUI.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerSvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq charles*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq ida*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker3

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&1

C:\Windows\system32\sc.exe

sc stop wireshark

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&1

C:\Windows\system32\sc.exe

sc stop npf

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerUI.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerSvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq charles*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq ida*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker3

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&1

C:\Windows\system32\sc.exe

sc stop wireshark

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&1

C:\Windows\system32\sc.exe

sc stop npf

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerUI.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerSvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq charles*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq ida*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker3

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&1

C:\Windows\system32\sc.exe

sc stop wireshark

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&1

C:\Windows\system32\sc.exe

sc stop npf

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerUI.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerSvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq charles*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq ida*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker3

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&1

C:\Windows\system32\sc.exe

sc stop wireshark

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&1

C:\Windows\system32\sc.exe

sc stop npf

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerUI.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerSvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq charles*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq ida*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker3

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&1

C:\Windows\system32\sc.exe

sc stop wireshark

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&1

C:\Windows\system32\sc.exe

sc stop npf

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerUI.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerSvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq charles*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq ida*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker3

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&1

C:\Windows\system32\sc.exe

sc stop wireshark

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&1

C:\Windows\system32\sc.exe

sc stop npf

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerUI.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerSvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq charles*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq ida*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker3

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&1

C:\Windows\system32\sc.exe

sc stop wireshark

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&1

C:\Windows\system32\sc.exe

sc stop npf

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerUI.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerSvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq charles*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq ida*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker3

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&1

C:\Windows\system32\sc.exe

sc stop wireshark

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&1

C:\Windows\system32\sc.exe

sc stop npf

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerUI.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerSvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq charles*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq ida*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker3

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&1

C:\Windows\system32\sc.exe

sc stop wireshark

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&1

C:\Windows\system32\sc.exe

sc stop npf

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerUI.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerSvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq charles*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq ida*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker3

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&1

C:\Windows\system32\sc.exe

sc stop wireshark

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&1

C:\Windows\system32\sc.exe

sc stop npf

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerUI.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerSvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq charles*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq ida*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker3

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&1

C:\Windows\system32\sc.exe

sc stop wireshark

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&1

C:\Windows\system32\sc.exe

sc stop npf

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerUI.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerSvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq charles*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq ida*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker3

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&1

C:\Windows\system32\sc.exe

sc stop wireshark

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&1

C:\Windows\system32\sc.exe

sc stop npf

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerUI.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerSvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq charles*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq ida*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker3

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&1

C:\Windows\system32\sc.exe

sc stop wireshark

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&1

C:\Windows\system32\sc.exe

sc stop npf

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerUI.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerSvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq charles*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq ida*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker3

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&1

C:\Windows\system32\sc.exe

sc stop KProcessHacker1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&1

C:\Windows\system32\sc.exe

sc stop wireshark

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&1

C:\Windows\system32\sc.exe

sc stop npf

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerUI.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /f /im HTTPDebuggerSvc.exe

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1

C:\Windows\system32\sc.exe

sc stop HTTPDebuggerPro

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>&1

C:\Windows\system32\taskkill.exe

taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T

Network

Country Destination Domain Proto
US 8.8.8.8:53 keyauth.win udp
US 104.26.0.5:443 keyauth.win tcp
N/A 127.0.0.1:49204 tcp
N/A 127.0.0.1:49206 tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 2.19.252.143:80 crl.microsoft.com tcp

Files

memory/2196-4-0x0000000077650000-0x0000000077652000-memory.dmp

memory/2196-2-0x0000000077650000-0x0000000077652000-memory.dmp

memory/2196-0-0x0000000077650000-0x0000000077652000-memory.dmp

memory/2196-10-0x000000013FB90000-0x00000001411AC000-memory.dmp

memory/2196-5-0x000000013FB90000-0x00000001411AC000-memory.dmp

memory/2196-9-0x000000013FC77000-0x0000000140439000-memory.dmp

memory/2196-33-0x000000013FC77000-0x0000000140439000-memory.dmp

memory/2196-38-0x000000013FB90000-0x00000001411AC000-memory.dmp

memory/2196-40-0x000000013FB90000-0x00000001411AC000-memory.dmp

memory/2196-39-0x000000013FB90000-0x00000001411AC000-memory.dmp

memory/2196-46-0x000000013FB90000-0x00000001411AC000-memory.dmp

memory/2196-73-0x000000013FB90000-0x00000001411AC000-memory.dmp

memory/2196-111-0x000000013FB90000-0x00000001411AC000-memory.dmp

memory/2196-153-0x000000013FB90000-0x00000001411AC000-memory.dmp

memory/2196-190-0x000000013FB90000-0x00000001411AC000-memory.dmp

memory/2196-233-0x000000013FB90000-0x00000001411AC000-memory.dmp

memory/2196-275-0x000000013FB90000-0x00000001411AC000-memory.dmp

memory/2196-312-0x000000013FB90000-0x00000001411AC000-memory.dmp

memory/2196-354-0x000000013FB90000-0x00000001411AC000-memory.dmp

memory/2196-396-0x000000013FB90000-0x00000001411AC000-memory.dmp

memory/2196-437-0x000000013FB90000-0x00000001411AC000-memory.dmp

memory/2196-475-0x000000013FB90000-0x00000001411AC000-memory.dmp

memory/2196-517-0x000000013FB90000-0x00000001411AC000-memory.dmp

memory/2196-558-0x000000013FB90000-0x00000001411AC000-memory.dmp