Analysis Overview
SHA256
b65f83bc7d778dc7b4498f1dae68b77855be8a6be9aa4a5e483209396f20a8ca
Threat Level: Known bad
The file Perm Loader.exe was found to be: Known bad.
Malicious Activity Summary
Cerber
Cerber family
Executes dropped EXE
Drops file in System32 directory
Unsigned PE
Suspicious behavior: LoadsDriver
Suspicious use of SetWindowsHookEx
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Kills process with taskkill
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-11-23 12:08
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-23 12:08
Reported
2024-11-23 12:09
Platform
win10ltsc2021-20241023-en
Max time kernel
21s
Max time network
22s
Command Line
Signatures
Cerber
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\System32\AMIDEWINx64.EXE | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\System32\AMIDEWINx64.EXE | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\System32\AMIDEWINx64.EXE | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\System32\AMIDEWINx64.EXE | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\System32\AMIDEWINx64.EXE | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\System32\AMIDEWINx64.EXE | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\System32\AMIDEWINx64.EXE | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\System32\AMIDEWINx64.EXE | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\System32\AMIDEWINx64.EXE | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\System32\AMIDEWINx64.EXE | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\System32\AMIDEWINx64.EXE | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\System32\AMIDEWINx64.EXE | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\System32\AMIDEWINx64.EXE | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\System32\AMIDEWINx64.EXE | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\System32\AMIDEWINx64.EXE | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\System32\AMIDEWINx64.EXE | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\System32\AMIDEWINx64.EXE | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\System32\AMIDEWINx64.EXE | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\System32\AMIDEWINx64.EXE | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\System32\AMIDEWINx64.EXE | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\System32\AMIDEWINx64.EXE | N/A |
| Mutant created | AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8} | C:\Windows\System32\AMIDEWINx64.EXE | N/A |
Cerber family
Executes dropped EXE
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\AMIDEWINx64.EXE | C:\Users\Admin\AppData\Local\Temp\Perm Loader.exe | N/A |
| File created | C:\Windows\System32\amifldrv64.sys | C:\Users\Admin\AppData\Local\Temp\Perm Loader.exe | N/A |
Kills process with taskkill
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "245" | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Perm Loader.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Perm Loader.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Perm Loader.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Perm Loader.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Perm Loader.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Perm Loader.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskkill.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Perm Loader.exe
"C:\Users\Admin\AppData\Local\Temp\Perm Loader.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im KsDumperClient.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im KsDumperClient.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im KsDumper.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im KsDumper.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im HTTPDebuggerUI.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im ProcessHacker.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im ProcessHacker.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im idaq.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im idaq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im idaq64.exe >nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Windows\system32\taskkill.exe
taskkill /f /im idaq64.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Wireshark.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Fiddler.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FiddlerEverywhere.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im FiddlerEverywhere.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Xenos64.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Xenos64.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Xenos.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Xenos.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Xenos32.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Xenos32.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im de4dot.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im de4dot.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Cheat Engine.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Cheat Engine.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im cheatengine-x86_64.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im cheatengine-x86_64.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im cheatengine-x86_64-SSE4-AVX2.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im cheatengine-x86_64-SSE4-AVX2.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im MugenJinFuu-x86_64-SSE4-AVX2.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im MugenJinFuu-x86_64-SSE4-AVX2.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im MugenJinFuu-i386.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im MugenJinFuu-i386.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im cheatengine-x86_64.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im cheatengine-x86_64.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im cheatengine-i386.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im cheatengine-i386.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im HTTP Debugger Windows Service (32 bit).exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im HTTP Debugger Windows Service (32 bit).exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im KsDumper.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im KsDumper.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im OllyDbg.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im OllyDbg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im x64dbg.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im x64dbg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im x32dbg.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im x32dbg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im HTTPDebuggerUI.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Ida64.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Ida64.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im OllyDbg.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im OllyDbg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Dbg64.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Dbg64.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Dbg32.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Dbg32.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Taskmgr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\System32\AMIDEWINx64.EXE /IVN "AMI"
C:\Windows\System32\AMIDEWINx64.EXE
C:\Windows\System32\AMIDEWINx64.EXE /IVN "AMI"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\System32\AMIDEWINx64.EXE /SP "System product name"
C:\Windows\System32\AMIDEWINx64.EXE
C:\Windows\System32\AMIDEWINx64.EXE /SP "System product name"
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\System32\AMIDEWINx64.EXE /SP "System product name"
C:\Windows\System32\AMIDEWINx64.EXE
C:\Windows\System32\AMIDEWINx64.EXE /SP "System product name"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\System32\AMIDEWINx64.EXE /SV "System version"
C:\Windows\System32\AMIDEWINx64.EXE
C:\Windows\System32\AMIDEWINx64.EXE /SV "System version"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\System32\AMIDEWINx64.EXE /SS Z1GSK2E3QL
C:\Windows\System32\AMIDEWINx64.EXE
C:\Windows\System32\AMIDEWINx64.EXE /SS Z1GSK2E3QL
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im KsDumperClient.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im KsDumperClient.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\System32\AMIDEWINx64.EXE /SU AUTO
C:\Windows\System32\AMIDEWINx64.EXE
C:\Windows\System32\AMIDEWINx64.EXE /SU AUTO
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\System32\AMIDEWINx64.EXE /SK "To Be Filled By O.E.M"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im KsDumper.exe >nul 2>&1
C:\Windows\System32\AMIDEWINx64.EXE
C:\Windows\System32\AMIDEWINx64.EXE /SK "To Be Filled By O.E.M"
C:\Windows\system32\taskkill.exe
taskkill /f /im KsDumper.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\System32\AMIDEWINx64.EXE /SK "To Be Filled By O.E.M"
C:\Windows\System32\AMIDEWINx64.EXE
C:\Windows\System32\AMIDEWINx64.EXE /SK "To Be Filled By O.E.M"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im HTTPDebuggerUI.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\System32\AMIDEWINx64.EXE /BM "ASRock"
C:\Windows\System32\AMIDEWINx64.EXE
C:\Windows\System32\AMIDEWINx64.EXE /BM "ASRock"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\System32\AMIDEWINx64.EXE /BP "B560M-C"
C:\Windows\System32\AMIDEWINx64.EXE
C:\Windows\System32\AMIDEWINx64.EXE /BP "B560M-C"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\System32\AMIDEWINx64.EXE /BV " "
C:\Windows\System32\AMIDEWINx64.EXE
C:\Windows\System32\AMIDEWINx64.EXE /BV " "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im ProcessHacker.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im ProcessHacker.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\System32\AMIDEWINx64.EXE /BS 9IWEVAKDGHWESS
C:\Windows\System32\AMIDEWINx64.EXE
C:\Windows\System32\AMIDEWINx64.EXE /BS 9IWEVAKDGHWESS
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\System32\AMIDEWINx64.EXE /BT "Default string"
C:\Windows\System32\AMIDEWINx64.EXE
C:\Windows\System32\AMIDEWINx64.EXE /BT "Default string"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im idaq.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im idaq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\System32\AMIDEWINx64.EXE /BLC "Default string"
C:\Windows\System32\AMIDEWINx64.EXE
C:\Windows\System32\AMIDEWINx64.EXE /BLC "Default string"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im idaq64.exe >nul 2>&1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\System32\AMIDEWINx64.EXE /CM "Default string"
C:\Windows\system32\taskkill.exe
taskkill /f /im idaq64.exe
C:\Windows\System32\AMIDEWINx64.EXE
C:\Windows\System32\AMIDEWINx64.EXE /CM "Default string"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Wireshark.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\System32\AMIDEWINx64.EXE /CV "Default string"
C:\Windows\System32\AMIDEWINx64.EXE
C:\Windows\System32\AMIDEWINx64.EXE /CV "Default string"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Fiddler.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\System32\AMIDEWINx64.EXE /CS C3WTED02WP
C:\Windows\System32\AMIDEWINx64.EXE
C:\Windows\System32\AMIDEWINx64.EXE /CS C3WTED02WP
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FiddlerEverywhere.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im FiddlerEverywhere.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\System32\AMIDEWINx64.EXE /CA "Default string"
C:\Windows\System32\AMIDEWINx64.EXE
C:\Windows\System32\AMIDEWINx64.EXE /CA "Default string"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Xenos64.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Xenos64.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\System32\AMIDEWINx64.EXE /CSK "SKU"
C:\Windows\System32\AMIDEWINx64.EXE
C:\Windows\System32\AMIDEWINx64.EXE /CSK "SKU"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Xenos.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Xenos.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\System32\AMIDEWINx64.EXE /PSN "To Be Filled By O.E.M."
C:\Windows\System32\AMIDEWINx64.EXE
C:\Windows\System32\AMIDEWINx64.EXE /PSN "To Be Filled By O.E.M."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Xenos32.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Xenos32.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\System32\AMIDEWINx64.EXE /PAT "To Be Filled By O.E.M."
C:\Windows\System32\AMIDEWINx64.EXE
C:\Windows\System32\AMIDEWINx64.EXE /PAT "To Be Filled By O.E.M."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\System32\AMIDEWINx64.EXE /PPN "To Be Filled By O.E.M."
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im de4dot.exe >nul 2>&1
C:\Windows\System32\AMIDEWINx64.EXE
C:\Windows\System32\AMIDEWINx64.EXE /PPN "To Be Filled By O.E.M."
C:\Windows\system32\taskkill.exe
taskkill /f /im de4dot.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Cheat Engine.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Cheat Engine.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im cheatengine-x86_64.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im cheatengine-x86_64.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im cheatengine-x86_64-SSE4-AVX2.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im cheatengine-x86_64-SSE4-AVX2.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im MugenJinFuu-x86_64-SSE4-AVX2.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im MugenJinFuu-x86_64-SSE4-AVX2.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im MugenJinFuu-i386.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im MugenJinFuu-i386.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im cheatengine-x86_64.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im cheatengine-x86_64.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im cheatengine-i386.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im cheatengine-i386.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im HTTP Debugger Windows Service (32 bit).exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im HTTP Debugger Windows Service (32 bit).exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im KsDumper.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im KsDumper.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im OllyDbg.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im OllyDbg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im x64dbg.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im x64dbg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im x32dbg.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im x32dbg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im HTTPDebuggerUI.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Ida64.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Ida64.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im OllyDbg.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im OllyDbg.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Dbg64.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Dbg64.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Dbg32.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Dbg32.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Taskmgr.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Taskmgr.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im KsDumperClient.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im KsDumperClient.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im KsDumper.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im KsDumper.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im HTTPDebuggerUI.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im HTTPDebuggerSvc.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im ProcessHacker.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im ProcessHacker.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im idaq.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im idaq.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im idaq64.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im idaq64.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Wireshark.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Wireshark.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Fiddler.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Fiddler.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im FiddlerEverywhere.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im FiddlerEverywhere.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Xenos64.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Xenos64.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Xenos.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Xenos.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im Xenos32.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im Xenos32.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c shutdown /r /t 0
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c taskkill /f /im de4dot.exe >nul 2>&1
C:\Windows\system32\taskkill.exe
taskkill /f /im de4dot.exe
C:\Windows\system32\shutdown.exe
shutdown /r /t 0
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa39f3055 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Windows\System32\AMIDEWINx64.EXE
| MD5 | 9adfcdac59db3286690c7eede8da2528 |
| SHA1 | 0b54d251438a634bd13b49a1f20587cf03d4598d |
| SHA256 | 13037eedd91f9313ec0d807947db65c639642e5ae6497e87d12fa6d19951f78e |
| SHA512 | fde1700cdb4212593ec2733944a169c7d02f436ca6831719a33482fbfd0be289697c9aa6ce7ddfb6c245e87952b35416929bbf69753d21a24197ac6c2d1243cc |
C:\Windows\System32\amifldrv64.sys
| MD5 | f22740ba54a400fd2be7690bb204aa08 |
| SHA1 | 5812387783d61c6ab5702213bb968590a18065e3 |
| SHA256 | 65c26276cadda7a36f8977d1d01120edb5c3418be2317d501761092d5f9916c9 |
| SHA512 | ac1f89736cf348f634b526569b5783118a1a35324f9ce2f2804001e5a04751f8cc21d09bfa1c4803cd14a64152beba868f5ecf119f10fa3ccbe680d2fb481500 |