Analysis
-
max time kernel
810s -
max time network
806s -
platform
windows11-21h2_x64 -
resource
win11-20240611-en -
resource tags
arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system -
submitted
29-06-2024 18:45
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://gofile.io/d/cGWbix
Resource
win10-20240611-en
Behavioral task
behavioral2
Sample
https://gofile.io/d/cGWbix
Resource
win11-20240611-en
General
-
Target
https://gofile.io/d/cGWbix
Malware Config
Extracted
xworm
91.92.241.69:5555
-
Install_directory
%ProgramData%
-
install_file
PhoneLink.exe
Signatures
-
Detect Xworm Payload 2 IoCs
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\PhoneLink.exe family_xworm behavioral2/memory/1036-1380-0x0000000000700000-0x000000000071A000-memory.dmp family_xworm -
Command and Scripting Interpreter: PowerShell 1 TTPs 8 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
Processes:
powershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepid process 1412 powershell.exe 6012 powershell.exe 5548 powershell.exe 4796 powershell.exe 4528 powershell.exe 5288 powershell.exe 4444 powershell.exe 5548 powershell.exe -
Downloads MZ/PE file
-
Drops startup file 4 IoCs
Processes:
PhoneLink.exesvchost.exedescription ioc process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PhoneLink.lnk PhoneLink.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PhoneLink.lnk PhoneLink.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel Graphics Processor.exe svchost.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel Graphics Processor.exe svchost.exe -
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE 21 IoCs
Processes:
7z2407-x64.exehexer.exehexer.exewinlogin.exeSystem32.exeHexPloit.exePhoneLink.exehexer.exenexusloader.exesvchost.exesvchost.exesvchost.exePhoneLink.exepid process 2832 7z2407-x64.exe 2900 hexer.exe 5636 hexer.exe 4336 winlogin.exe 984 System32.exe 5376 HexPloit.exe 1036 PhoneLink.exe 2980 hexer.exe 4592 nexusloader.exe 5188 svchost.exe 2736 svchost.exe 1304 svchost.exe 5036 PhoneLink.exe 860 4336 5276 5684 2504 5220 4668 3088 -
Loads dropped DLL 64 IoCs
Processes:
hexer.exehexer.exenexusloader.exesvchost.exepid process 3312 5636 hexer.exe 5636 hexer.exe 5636 hexer.exe 5636 hexer.exe 5636 hexer.exe 5636 hexer.exe 5636 hexer.exe 5636 hexer.exe 5636 hexer.exe 5636 hexer.exe 5636 hexer.exe 5636 hexer.exe 5636 hexer.exe 5636 hexer.exe 5636 hexer.exe 5636 hexer.exe 5636 hexer.exe 2980 hexer.exe 2980 hexer.exe 2980 hexer.exe 2980 hexer.exe 2980 hexer.exe 2980 hexer.exe 2980 hexer.exe 2980 hexer.exe 2980 hexer.exe 2980 hexer.exe 2980 hexer.exe 2980 hexer.exe 2980 hexer.exe 2980 hexer.exe 2980 hexer.exe 2980 hexer.exe 2980 hexer.exe 4592 nexusloader.exe 4592 nexusloader.exe 4592 nexusloader.exe 4592 nexusloader.exe 4592 nexusloader.exe 2736 svchost.exe 2736 svchost.exe 2736 svchost.exe 2736 svchost.exe 2736 svchost.exe 2736 svchost.exe 2736 svchost.exe 2736 svchost.exe 2736 svchost.exe 2736 svchost.exe 2736 svchost.exe 2736 svchost.exe 2736 svchost.exe 2736 svchost.exe 2736 svchost.exe 2736 svchost.exe 2736 svchost.exe 2736 svchost.exe 2736 svchost.exe 2736 svchost.exe 2736 svchost.exe 2736 svchost.exe 2736 svchost.exe 2736 svchost.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
PhoneLink.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000\Software\Microsoft\Windows\CurrentVersion\Run\PhoneLink = "C:\\ProgramData\\PhoneLink.exe" PhoneLink.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service 5 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 126 ip-api.com 139 api.ipify.org 140 api.ipify.org 141 ipinfo.io 142 ipinfo.io -
Drops file in Program Files directory 64 IoCs
Processes:
7z2407-x64.exedescription ioc process File opened for modification C:\Program Files\7-Zip\7zFM.exe 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\fur.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\th.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\vi.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\ne.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\descript.ion 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\fi.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\mr.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\ka.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\ru.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\7z.sfx 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\el.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\hr.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\eo.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\kk.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\va.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\be.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\uz-cyrl.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Uninstall.exe 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\pt.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\tg.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\License.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\kab.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\uk.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\ky.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\lv.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\ba.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\fr.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\gu.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\7zG.exe 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\en.ttt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\id.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\tt.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\pt-br.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\sk.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\tk.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\7-zip.chm 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\hy.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\nn.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\az.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\fa.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\ro.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\mn.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\si.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\sq.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\it.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\kaa.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\mk.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\ps.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\sa.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\he.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\mng.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\pl.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\uz.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\co.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\ext.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\sv.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\yo.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\et.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\sl.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\sr-spl.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\ko.txt 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\7z.exe 7z2407-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\es.txt 7z2407-x64.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Kills process with taskkill 64 IoCs
Processes:
taskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exepid process 5988 1656 4160 4888 860 4812 3996 2816 taskkill.exe 468 taskkill.exe 3868 3472 2728 5812 5520 2464 taskkill.exe 4268 1560 5768 5836 3056 2788 3464 5508 1556 2284 5156 taskkill.exe 2164 5628 1916 3020 6016 5288 3940 taskkill.exe 1032 taskkill.exe 2272 1192 2964 5620 5388 5624 4812 6024 3712 5904 5256 2376 4228 4056 taskkill.exe 1632 4844 6020 3048 taskkill.exe 1932 3912 3636 3256 1984 6132 5780 4968 712 1008 2348 1676 -
Modifies registry class 23 IoCs
Processes:
7z2407-x64.exemsedge.exeOpenWith.exemsedge.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 7z2407-x64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip 7z2407-x64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip 7z2407-x64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip 7z2407-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" 7z2407-x64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000} 7z2407-x64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 7z2407-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" 7z2407-x64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip 7z2407-x64.exe Key created \REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings msedge.exe Key created \REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1276817940-128734381-631578427-1000\{5756D14D-0FBA-472B-8C37-398149D672FA} msedge.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" 7z2407-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" 7z2407-x64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} 7z2407-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" 7z2407-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" 7z2407-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" 7z2407-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll" 7z2407-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" 7z2407-x64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip 7z2407-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" 7z2407-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" 7z2407-x64.exe -
NTFS ADS 6 IoCs
Processes:
msedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exedescription ioc process File opened for modification C:\Users\Admin\Downloads\HexPloit Release (1).rar:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\HexPloit Release (2).rar:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\files.zip:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\HexPloit Release.rar:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\Unconfirmed 149947.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\7z2407-x64.exe:Zone.Identifier msedge.exe -
Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: AddClipboardFormatListener 2 IoCs
Processes:
vlc.exePhoneLink.exepid process 1336 vlc.exe 1036 PhoneLink.exe -
Suspicious behavior: EnumeratesProcesses 58 IoCs
Processes:
msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.exesvchost.exepowershell.exepid process 3352 msedge.exe 3352 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 1852 msedge.exe 1852 msedge.exe 428 identity_helper.exe 428 identity_helper.exe 4064 msedge.exe 4064 msedge.exe 2812 msedge.exe 2812 msedge.exe 244 msedge.exe 244 msedge.exe 3076 msedge.exe 3076 msedge.exe 2792 msedge.exe 2792 msedge.exe 388 msedge.exe 388 msedge.exe 388 msedge.exe 388 msedge.exe 4772 msedge.exe 4772 msedge.exe 5632 msedge.exe 5632 msedge.exe 2984 msedge.exe 2984 msedge.exe 5288 powershell.exe 5288 powershell.exe 5288 powershell.exe 4444 powershell.exe 4444 powershell.exe 4444 powershell.exe 4796 powershell.exe 4796 powershell.exe 4796 powershell.exe 4528 powershell.exe 4528 powershell.exe 4528 powershell.exe 1412 powershell.exe 1412 powershell.exe 1412 powershell.exe 6012 powershell.exe 6012 powershell.exe 6012 powershell.exe 2736 svchost.exe 2736 svchost.exe 2736 svchost.exe 2736 svchost.exe 2736 svchost.exe 2736 svchost.exe 5548 powershell.exe 5548 powershell.exe 5548 powershell.exe 2736 svchost.exe 2736 svchost.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
vlc.exepid process 1336 vlc.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 45 IoCs
Processes:
msedge.exepid process 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
powershell.exepowershell.exePhoneLink.exepowershell.exepowershell.exepowershell.exepowershell.exesvchost.exesvchost.exetaskkill.exepowershell.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exedescription pid process Token: SeDebugPrivilege 5288 powershell.exe Token: SeDebugPrivilege 4444 powershell.exe Token: SeDebugPrivilege 1036 PhoneLink.exe Token: SeDebugPrivilege 4796 powershell.exe Token: SeDebugPrivilege 4528 powershell.exe Token: SeDebugPrivilege 1412 powershell.exe Token: SeDebugPrivilege 6012 powershell.exe Token: SeDebugPrivilege 1036 PhoneLink.exe Token: SeDebugPrivilege 2736 svchost.exe Token: SeDebugPrivilege 1304 svchost.exe Token: SeDebugPrivilege 5052 taskkill.exe Token: SeDebugPrivilege 5548 powershell.exe Token: SeDebugPrivilege 2364 taskkill.exe Token: SeDebugPrivilege 5272 taskkill.exe Token: SeDebugPrivilege 5168 taskkill.exe Token: SeDebugPrivilege 5028 taskkill.exe Token: SeDebugPrivilege 460 taskkill.exe Token: SeDebugPrivilege 5252 taskkill.exe Token: SeDebugPrivilege 5884 taskkill.exe Token: SeDebugPrivilege 3124 taskkill.exe Token: SeDebugPrivilege 2896 taskkill.exe Token: SeDebugPrivilege 6100 taskkill.exe Token: SeDebugPrivilege 4688 taskkill.exe Token: SeDebugPrivilege 1556 taskkill.exe Token: SeDebugPrivilege 2240 taskkill.exe Token: SeDebugPrivilege 3868 taskkill.exe Token: SeDebugPrivilege 1632 taskkill.exe Token: SeDebugPrivilege 5548 taskkill.exe Token: SeDebugPrivilege 2980 taskkill.exe Token: SeDebugPrivilege 5168 taskkill.exe Token: SeDebugPrivilege 1848 taskkill.exe Token: SeDebugPrivilege 5872 taskkill.exe Token: SeDebugPrivilege 3556 taskkill.exe Token: SeDebugPrivilege 5520 taskkill.exe Token: SeDebugPrivilege 5416 taskkill.exe Token: SeDebugPrivilege 2344 taskkill.exe Token: SeDebugPrivilege 3800 taskkill.exe Token: SeDebugPrivilege 2984 taskkill.exe Token: SeDebugPrivilege 1596 taskkill.exe Token: SeDebugPrivilege 5084 taskkill.exe Token: SeDebugPrivilege 4212 taskkill.exe Token: SeDebugPrivilege 2240 taskkill.exe Token: SeDebugPrivilege 2588 taskkill.exe Token: SeDebugPrivilege 5396 taskkill.exe Token: SeDebugPrivilege 5784 taskkill.exe Token: SeDebugPrivilege 1696 taskkill.exe Token: SeDebugPrivilege 5724 taskkill.exe Token: SeDebugPrivilege 5804 taskkill.exe Token: SeDebugPrivilege 5272 taskkill.exe Token: SeDebugPrivilege 1980 taskkill.exe Token: SeDebugPrivilege 5392 taskkill.exe Token: SeDebugPrivilege 5252 taskkill.exe Token: SeDebugPrivilege 2180 taskkill.exe Token: SeDebugPrivilege 4904 taskkill.exe Token: SeDebugPrivilege 3276 taskkill.exe Token: SeDebugPrivilege 4476 taskkill.exe Token: SeDebugPrivilege 6080 taskkill.exe Token: SeDebugPrivilege 2368 taskkill.exe Token: SeDebugPrivilege 6084 taskkill.exe Token: SeDebugPrivilege 2984 taskkill.exe Token: SeDebugPrivilege 4688 taskkill.exe Token: SeDebugPrivilege 4160 taskkill.exe Token: SeDebugPrivilege 1844 taskkill.exe Token: SeDebugPrivilege 3168 taskkill.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
msedge.exevlc.exepid process 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 1336 vlc.exe 1336 vlc.exe 1336 vlc.exe 1336 vlc.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe -
Suspicious use of SendNotifyMessage 23 IoCs
Processes:
msedge.exevlc.exepid process 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 1336 vlc.exe 1336 vlc.exe 1336 vlc.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe 3164 msedge.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
7z2407-x64.exeOpenWith.exevlc.exenexusloader.exepid process 2832 7z2407-x64.exe 3284 OpenWith.exe 3284 OpenWith.exe 3284 OpenWith.exe 1336 vlc.exe 4592 nexusloader.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 3164 wrote to memory of 1832 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 1832 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 3572 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 3572 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 3572 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 3572 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 3572 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 3572 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 3572 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 3572 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 3572 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 3572 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 3572 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 3572 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 3572 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 3572 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 3572 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 3572 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 3572 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 3572 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 3572 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 3572 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 3572 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 3572 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 3572 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 3572 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 3572 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 3572 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 3572 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 3572 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 3572 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 3572 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 3572 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 3572 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 3572 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 3572 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 3572 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 3572 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 3572 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 3572 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 3572 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 3572 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 3352 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 3352 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 4544 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 4544 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 4544 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 4544 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 4544 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 4544 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 4544 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 4544 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 4544 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 4544 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 4544 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 4544 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 4544 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 4544 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 4544 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 4544 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 4544 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 4544 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 4544 3164 msedge.exe msedge.exe PID 3164 wrote to memory of 4544 3164 msedge.exe msedge.exe -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gofile.io/d/cGWbix1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc4c4b3cb8,0x7ffc4c4b3cc8,0x7ffc4c4b3cd82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6220 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6500 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5788 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6940 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1740 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1704 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Downloads\7z2407-x64.exe"C:\Users\Admin\Downloads\7z2407-x64.exe"2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7192 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7216 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7548 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6792 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4896 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7464 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7656 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7728 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7748 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7644 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7472 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7380 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7896 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7804 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8144 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8280 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8296 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8052 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8460 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8636 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8612 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8240 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7240 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2448 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7684 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1828,9959157182140459754,1681649492758710400,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8604 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\HexPloit Release.rar"2⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\DataExchangeHost.exeC:\Windows\System32\DataExchangeHost.exe -Embedding1⤵
-
C:\Users\Admin\Downloads\files\HexPloit Release\HexPloit V1.5.exe"C:\Users\Admin\Downloads\files\HexPloit Release\HexPloit V1.5.exe"1⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAHcAYgB6ACMAPgBBAGQAZAAtAFQAeQBwAGUAIAAtAEEAcwBzAGUAbQBiAGwAeQBOAGEAbQBlACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsAPAAjAGIAegB2ACMAPgBbAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwAuAE0AZQBzAHMAYQBnAGUAQgBvAHgAXQA6ADoAUwBoAG8AdwAoACcAUgB1AG4AIABBAGcAYQBpAG4AIABJAGYAIABEAG8AdwBuAGwAbwBhAGQAZQByACAARABvAGUAcwBuACcAJwB0ACAAUwB0AGEAcgB0ACcALAAnACcALAAnAE8ASwAnACwAJwBJAG4AZgBvAHIAbQBhAHQAaQBvAG4AJwApADwAIwBhAG0AbAAjAD4A"2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\hexer.exe"C:\Users\Admin\AppData\Local\Temp\hexer.exe"2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\onefile_2900_133641606043572903\hexer.exe"C:\Users\Admin\AppData\Local\Temp\hexer.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\tempfolders\winlogin\winlogin.exe"4⤵
-
C:\Users\Admin\AppData\Local\Temp\tempfolders\winlogin\winlogin.exeC:\Users\Admin\AppData\Local\Temp\tempfolders\winlogin\winlogin.exe5⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAGgAegB2ACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGoAcQBnACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAHkAcQBlACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHQAaAB6ACMAPgA="6⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\System32.exe"C:\Users\Admin\AppData\Local\Temp\System32.exe"6⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\onefile_984_133641606128688919\hexer.exe"C:\Users\Admin\AppData\Local\Temp\System32.exe"7⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\tempfolders\svchost\svchost.exe"8⤵
-
C:\Users\Admin\AppData\Local\Temp\tempfolders\svchost\svchost.exeC:\Users\Admin\AppData\Local\Temp\tempfolders\svchost\svchost.exe9⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\onefile_5188_133641606504508442\svchost.exeC:\Users\Admin\AppData\Local\Temp\tempfolders\svchost\svchost.exe10⤵
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"11⤵
-
C:\Users\Admin\AppData\Local\Temp\onefile_5188_133641606504508442\svchost.exe"C:\Users\Admin\AppData\Local\Temp\onefile_5188_133641606504508442\svchost.exe" "--multiprocessing-fork" "parent_pid=2736" "pipe_handle=876"11⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM wireshark.exe13⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tshark.exe13⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tcpdump.exe13⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM ettercap.exe13⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM dumpcap.exe13⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM windump.exe13⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM fiddler.exe13⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM httpdebuggerui.exe13⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM wireshark.exe13⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tshark.exe13⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tcpdump.exe13⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM ettercap.exe13⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM dumpcap.exe13⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM windump.exe13⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM fiddler.exe13⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM httpdebuggerui.exe13⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM wireshark.exe13⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tshark.exe13⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tcpdump.exe13⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM ettercap.exe13⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM dumpcap.exe13⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM windump.exe13⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM fiddler.exe13⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM httpdebuggerui.exe13⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM wireshark.exe13⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tshark.exe13⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tcpdump.exe13⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM ettercap.exe13⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"12⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV113⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM dumpcap.exe13⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM windump.exe13⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM fiddler.exe13⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM httpdebuggerui.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM wireshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tcpdump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM ettercap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"12⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV113⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM dumpcap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM windump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"12⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV113⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM fiddler.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM httpdebuggerui.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM wireshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tcpdump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM ettercap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"12⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV113⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM dumpcap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM windump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM fiddler.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM httpdebuggerui.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM wireshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tcpdump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"12⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV113⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM ettercap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM dumpcap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM windump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM fiddler.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM httpdebuggerui.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM wireshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tcpdump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM ettercap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM dumpcap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM windump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"12⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV113⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM fiddler.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM httpdebuggerui.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM wireshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tcpdump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM ettercap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM dumpcap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM windump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM fiddler.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM httpdebuggerui.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"12⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV113⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM wireshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tcpdump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM ettercap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM dumpcap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM windump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM fiddler.exe13⤵
- Kills process with taskkill
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM httpdebuggerui.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM wireshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"12⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV113⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tcpdump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"12⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV113⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM ettercap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM dumpcap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM windump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM fiddler.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"12⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV113⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM httpdebuggerui.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM wireshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"12⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV113⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tcpdump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM ettercap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM dumpcap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM windump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM fiddler.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM httpdebuggerui.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM wireshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"12⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV113⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tcpdump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM ettercap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM dumpcap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM windump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"12⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV113⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM fiddler.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM httpdebuggerui.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM wireshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tcpdump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM ettercap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM dumpcap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM windump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM fiddler.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM httpdebuggerui.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM wireshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tcpdump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM ettercap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM dumpcap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM windump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM fiddler.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM httpdebuggerui.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM wireshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tcpdump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM ettercap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM dumpcap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM windump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM fiddler.exe13⤵
- Kills process with taskkill
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM httpdebuggerui.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM wireshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tcpdump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM ettercap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM dumpcap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM windump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM fiddler.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM httpdebuggerui.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM wireshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tcpdump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM ettercap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM dumpcap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM windump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM fiddler.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM httpdebuggerui.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM wireshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tcpdump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM ettercap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM dumpcap.exe13⤵
- Kills process with taskkill
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM windump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM fiddler.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM httpdebuggerui.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM wireshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tcpdump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM ettercap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM dumpcap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM windump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM fiddler.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM httpdebuggerui.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM wireshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tcpdump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM ettercap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM dumpcap.exe13⤵
- Kills process with taskkill
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM windump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM fiddler.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM httpdebuggerui.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM wireshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tcpdump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM ettercap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM dumpcap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM windump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM fiddler.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM httpdebuggerui.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM wireshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tcpdump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM ettercap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM dumpcap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM windump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM fiddler.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM httpdebuggerui.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM wireshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tcpdump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM ettercap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM dumpcap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM windump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM fiddler.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM httpdebuggerui.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM wireshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tcpdump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM ettercap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM dumpcap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM windump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM fiddler.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM httpdebuggerui.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM wireshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tcpdump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM ettercap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM dumpcap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM windump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM fiddler.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM httpdebuggerui.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM wireshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tcpdump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM ettercap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM dumpcap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM windump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM fiddler.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM httpdebuggerui.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM wireshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tcpdump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM ettercap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM dumpcap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM windump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM fiddler.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM httpdebuggerui.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM wireshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tcpdump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM ettercap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM dumpcap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM windump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM fiddler.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM httpdebuggerui.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM wireshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tcpdump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM ettercap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM dumpcap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM windump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM fiddler.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM httpdebuggerui.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM wireshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tcpdump.exe13⤵
- Kills process with taskkill
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM ettercap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM dumpcap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM windump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM fiddler.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM httpdebuggerui.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM wireshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tcpdump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM ettercap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM dumpcap.exe13⤵
- Kills process with taskkill
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM windump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM fiddler.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM httpdebuggerui.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM wireshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tcpdump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM ettercap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM dumpcap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM windump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM fiddler.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM httpdebuggerui.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM wireshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tcpdump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM ettercap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM dumpcap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM windump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM fiddler.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM httpdebuggerui.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM wireshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tcpdump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM ettercap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM dumpcap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM windump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM fiddler.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM httpdebuggerui.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM wireshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tcpdump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM ettercap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM dumpcap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM windump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM fiddler.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM httpdebuggerui.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM wireshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tcpdump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM ettercap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM dumpcap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM windump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM fiddler.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM httpdebuggerui.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM wireshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tcpdump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM ettercap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM dumpcap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM windump.exe13⤵
- Kills process with taskkill
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM fiddler.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM httpdebuggerui.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM wireshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tcpdump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM ettercap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM dumpcap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM windump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM fiddler.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM httpdebuggerui.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM wireshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tcpdump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM ettercap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM dumpcap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM windump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM fiddler.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM httpdebuggerui.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM wireshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tcpdump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM ettercap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM dumpcap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM windump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM fiddler.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM httpdebuggerui.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM wireshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tcpdump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM ettercap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM dumpcap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM windump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM fiddler.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM httpdebuggerui.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM wireshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tcpdump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM ettercap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM dumpcap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM windump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM fiddler.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM httpdebuggerui.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM wireshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tcpdump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM ettercap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM dumpcap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM windump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM fiddler.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM httpdebuggerui.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM wireshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tcpdump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM ettercap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM dumpcap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM windump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM fiddler.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM httpdebuggerui.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM wireshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tcpdump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM ettercap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM dumpcap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM windump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM fiddler.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM httpdebuggerui.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM wireshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tcpdump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM ettercap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM dumpcap.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM dumpcap.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM windump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM windump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM fiddler.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM fiddler.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM httpdebuggerui.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM httpdebuggerui.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM wireshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM wireshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tshark.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tshark.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM tcpdump.exe"12⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM tcpdump.exe13⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM ettercap.exe"12⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -WindowStyle Hidden -Command "Add-MpPreference -ExclusionPath C:\path\to\exclude"11⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM chrome.exe12⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM msedge.exe12⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM firefox.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM firefox.exe12⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM opera.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM opera.exe12⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM yandex.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM yandex.exe12⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM iexplore.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM iexplore.exe12⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM brave.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM brave.exe12⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM vivaldi.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM vivaldi.exe12⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM Telegram.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM Telegram.exe12⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM chrome.exe12⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM msedge.exe12⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM firefox.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM firefox.exe12⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM opera.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM opera.exe12⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM yandex.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM yandex.exe12⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM iexplore.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM iexplore.exe12⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM brave.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM brave.exe12⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM vivaldi.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM vivaldi.exe12⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM Telegram.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM Telegram.exe12⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM chrome.exe12⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM msedge.exe12⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM firefox.exe"11⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV112⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM firefox.exe12⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM opera.exe"11⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV112⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM opera.exe12⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM yandex.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM yandex.exe12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM iexplore.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM iexplore.exe12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM brave.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM brave.exe12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM vivaldi.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM vivaldi.exe12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM Telegram.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM Telegram.exe12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM chrome.exe12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM msedge.exe12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM firefox.exe"11⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV112⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM firefox.exe12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM opera.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM opera.exe12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM yandex.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM yandex.exe12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM iexplore.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM iexplore.exe12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM brave.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM brave.exe12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM vivaldi.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM vivaldi.exe12⤵
- Kills process with taskkill
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM Telegram.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM Telegram.exe12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM chrome.exe12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM msedge.exe12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM firefox.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM firefox.exe12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM opera.exe"11⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV112⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM opera.exe12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM yandex.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM yandex.exe12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM iexplore.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM iexplore.exe12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM brave.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM brave.exe12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM vivaldi.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM vivaldi.exe12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM Telegram.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM Telegram.exe12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM chrome.exe12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM msedge.exe12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM firefox.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM firefox.exe12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM opera.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM opera.exe12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM yandex.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM yandex.exe12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM iexplore.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM iexplore.exe12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM brave.exe"11⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV112⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM brave.exe12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM vivaldi.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM vivaldi.exe12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM Telegram.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM Telegram.exe12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM chrome.exe12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"11⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV112⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM msedge.exe12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM firefox.exe"11⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV112⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM firefox.exe12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM opera.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM opera.exe12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM yandex.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM yandex.exe12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM iexplore.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM iexplore.exe12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM brave.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM brave.exe12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM vivaldi.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM vivaldi.exe12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM Telegram.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM Telegram.exe12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM chrome.exe12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"11⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV112⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM msedge.exe12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM firefox.exe"11⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV112⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM firefox.exe12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM opera.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM opera.exe12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM yandex.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM yandex.exe12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM iexplore.exe"11⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV112⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM iexplore.exe12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM brave.exe"11⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV112⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM brave.exe12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM vivaldi.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM vivaldi.exe12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM Telegram.exe"11⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM Telegram.exe12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName"11⤵
-
C:\Windows\System32\Wbem\WMIC.exeWMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName12⤵
-
C:\Users\Admin\AppData\Local\Temp\HexPloit.exe"C:\Users\Admin\AppData\Local\Temp\HexPloit.exe"6⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\onefile_5376_133641606132078958\nexusloader.exe"C:\Users\Admin\AppData\Local\Temp\HexPloit.exe"7⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\PhoneLink.exe"C:\Users\Admin\AppData\Local\Temp\PhoneLink.exe"6⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\PhoneLink.exe'7⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'PhoneLink.exe'7⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\ProgramData\PhoneLink.exe'7⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'PhoneLink.exe'7⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\schtasks.exe"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "PhoneLink" /tr "C:\ProgramData\PhoneLink.exe"7⤵
- Scheduled Task/Job: Scheduled Task
-
C:\ProgramData\PhoneLink.exeC:\ProgramData\PhoneLink.exe1⤵
- Executes dropped EXE
Network
MITRE ATT&CK Matrix ATT&CK v13
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Event Triggered Execution
1Component Object Model Hijacking
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files\7-Zip\7-zip.dllFilesize
99KB
MD58af282b10fd825dc83d827c1d8d23b53
SHA117c08d9ad0fb1537c7e6cb125ec0acbc72f2b355
SHA2561c0012c9785c3283556ac33a70f77a1bc6914d79218a5c4903b1c174aaa558ca
SHA512cb6811df9597796302d33c5c138b576651a1e1f660717dd79602db669692c18844b87c68f2126d5f56ff584eee3c8710206265465583de9ec9da42a6ed2477f8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD564f055a833e60505264595e7edbf62f6
SHA1dad32ce325006c1d094b7c07550aca28a8dac890
SHA2567172dc46924936b8dcee2d0c39535d098c2dbf510402c5bbb269399aed4d4c99
SHA51286644776207d0904bc3293b4fec2fa724b8b3c9c3086cd0ef2696027ab3d840a8049b6bde3464c209e57ffa83cbc3df6115500fbe36a9acb222830c1aac4dc7a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5a74887034b3a720c50e557d5b1c790bf
SHA1fb245478258648a65aa189b967590eef6fb167be
SHA256f25b27187fad2b82ac76fae98dfdddc1c04f4e8370d112d45c1dd17a8908c250
SHA512888c3fceb1a28a41c5449f5237ca27c7cbd057ce407f1542973478a31aa84ce9b77943130ca37551c31fa7cd737b9195b7374f886a969b39148a531530a91af3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000cFilesize
62KB
MD5c3c0eb5e044497577bec91b5970f6d30
SHA1d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA51283d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000dFilesize
67KB
MD59e3f75f0eac6a6d237054f7b98301754
SHA180a6cb454163c3c11449e3988ad04d6ad6d2b432
SHA25633a84dec02c65acb6918a1ae82afa05664ee27ad2f07760e8b008636510fd5bf
SHA5125cea53f27a4fdbd32355235c90ce3d9b39f550a1b070574cbc4ea892e9901ab0acace0f8eeb5814515ca6ff2970bc3cc0559a0c87075ac4bb3251bc8eaee6236
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000eFilesize
19KB
MD52e86a72f4e82614cd4842950d2e0a716
SHA1d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA5127a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000fFilesize
41KB
MD5b15016a51bd29539b8dcbb0ce3c70a1b
SHA14eab6d31dea4a783aae6cabe29babe070bd6f6f0
SHA256e72c68736ce86ec9e3785a89f0d547b4993d5a2522a33104eeb7954eff7f488a
SHA5121c74e4d2895651b9ab86158396bcce27a04acfb5655a32a28c37ee0ebd66cd044c3c895db7e14acc41a93db55463310425c188a7c503f0308ce894cf93df219f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010Filesize
65KB
MD556d57bc655526551f217536f19195495
SHA128b430886d1220855a805d78dc5d6414aeee6995
SHA256f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA5127814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011Filesize
84KB
MD574e33b4b54f4d1f3da06ab47c5936a13
SHA16e5976d593b6ee3dca3c4dbbb90071b76e1cd85c
SHA256535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287
SHA51279218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012Filesize
1.2MB
MD5620dd00003f691e6bda9ff44e1fc313f
SHA1aaf106bb2767308c1056dee17ab2e92b9374fb00
SHA256eea7813cba41e7062794087d5d4c820d7b30b699af3ec37cb545665940725586
SHA5123e245851bfa901632ea796ddd5c64b86eda217ec5cd0587406f5c28328b5cb98c5d8089d868e409e40560c279332ba85dd8ce1159ae98e8588e35ed61da2f006
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002eFilesize
19KB
MD53be2e9c4c58e18766801ef703a9161cc
SHA1cbdc61e9fa2bd8c4293ea298a8aab94745e57f2d
SHA2561c3f11c5ba6d3d5e0e1e88a3de6c27a16df13833470a19c03b04fb2f99dd5d57
SHA5122f1a71f1fc17e79ddc1c0ba0be697fdc1641ee38604bd0c424b6ab702f008f9fd3c57f22ca959cea1f1de368016b258027190c279637ae8838787be366e40ec0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
288B
MD5e035d4065e9c2239cdceb3e401599e39
SHA1ae1d3ac5022e188de7592b5a051a95c2a126bbb2
SHA25622619bd318afd06f645a08f19bf63a9e72572f950c6dd19147d48fd9a9710684
SHA512c8c37acdb4911987bf8130079c8dbc2a0e19e56b33cef399d57e9f12a73a349e92c55461e15da4919503084b4c4ae944a235f4f275f892815e27428750fe392a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
2KB
MD5e091543b53e0f36b66b5588617c51cf1
SHA1f60c3a91e7d8c6ed57b34c4420eb0cbd131da2a2
SHA256ccb8cbe5b4250ef68ec86cc32d4bb8539e62821351d35a07e234291ae76ff107
SHA51228813dff0c8d9120656c2b8b22e7f5523d3e803e799398669904665e36ffb84bdbeaa1e1ece490c2c1f66b0f40a3e8f34feae10f15c756adb810ae5d42375a5f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
3KB
MD542fc1ea40a9691e3c4673d5fe4eb27aa
SHA1f6e7656a8d915f3d3b89a693e46979cc973550de
SHA25688cdd2aa64bbdf0bdcb8e0a27b88b6ce96160fe09e49aa4c62488498924d753a
SHA51231563b7bc18d246132ba690cf1209428ba4d3d1efadf894774ab886949a79a859c12ab3e221b27b0bbdc99c09e68b6a3933ba1334e9703de173da9924e7f64bf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
3KB
MD566e8e2b522b06fece2c36feaa19afb51
SHA19c37db97dd508cabc0743637702ccb29841e88a7
SHA2566c6126e3ee11c93115a7a92bc6cb20f9825807ffd0e8b0abfd8de508f386a94c
SHA51225668429574a57551b67148484fafc695403a8e82f4e00b7ffa2a861d458d0255f7305522e7a277e41fa98d13a6cef68bbfded9773caf2ef057f93bc8b84282c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
3KB
MD5ff5fb942d239d7553b4c752e118cb649
SHA1e1b5e69de05c12f73f852d041b08f423c209c499
SHA256c4e213aea913eb6d634998ea56871b5391950063a23d73dcfa42f968f598741b
SHA512552b2d220e11b802ecafd1945170f639f0e86b6a837baa25da16024c35f0b135f005c45924d3a17b2a63b36c4c78aad35aedb389f897fe0ebc1a46fe69625b80
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD5cb91a8e71b1245b4893ace821d8a2252
SHA1c36858b52b8e43b2aecc7ea01faa3573ecce5255
SHA2565800cc5c593011e2d26dbb1025c880a7c5550da05588332c7986c07a322790e9
SHA512d3ef73f78be803f77ba0b37c555e8525a4f033a59ef63998f5402e1dd8a2a90d1d8ef4e0b8ede06cc98a86609cfd07aba03db723cf4c22643986c0415a863668
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
3KB
MD5b1515a2e21d2ec32cd7309034ae28ff2
SHA16619c5cf7629519cc58afa0b7aa5c5dae4de928c
SHA256f7a45a543b678986a1efc9ebe0c1d9829b6610d50718e45ee84f4332d430b7b5
SHA512e8168b9b8532e98987e8b305fb8489d8b42d159ac3c5b386fdbc5975d953103f03be849413902ca278d0474f6f28ce1858679a53ca1a8b0c94a02fe0df0eaf0c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5d5a1215f6796607f22b106454432927a
SHA1edb5d3f047fcaf83bd9a67b1dc9ddc9ffee4c9c2
SHA25637f8c60393e9eaf23f3ebd6b0888a5b78acb721f93e0705b63ef54245e33a91a
SHA512e75278733a9c9125cf9214e7ee80574d4c1ae1a05d46df60bf204b313caf12a9b8b991aab5cd8277140b23d45c92efa6224fc59f50a92f8ec795b2a86a9aeb41
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5fbdad22a75158beef8ea3a3f54548419
SHA1a2cc02c83c9ff7cfecd82585f6b30c2da4049d5f
SHA2560110df46bb587a5b608c1009edd47a1097dd0e24a794b0ce74e4498a063d9742
SHA5127b5114fbb6060daa5bd1c7c14e232d999247511002080da95a08adc10834edceed4468eedac1ab16e0e5b9f4b5229ab6d2be4e77bebd42e2f3847807d7e39b9b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD555fe2abe0b38f6c139c0d57592f25d68
SHA15d2091a785240bd35973d89d0ed9d8c5177e8fbb
SHA25650ae215d15a27eb85229fd84b5842e895a240f7618949c5235155f9009fb5bff
SHA512cc1f515be1a7360da6413b30877dda6be9c66a43558cae0ea417f8e20db4216c95215ab40d29d181b6dc6b37014ee4b5a3123ba7c65d308443349e3f96879dc2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
8KB
MD5697d727b810377caa6e904ff92d395b0
SHA1eeeffdab19958c66ed0bb7896c09d557b15341fe
SHA256f682bd2affc5cfe8c964061cf132d8526d2a14c1729b2a90c113bd94b2e58d3d
SHA512aa7872ffd0cb17789b69ac9913af024a26fac6b141b084e118824b39d2f633cf568f3643e9238840d068de999a044bddd8cd2bf050b04649fe5cf5dd194003a1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD503d9db80333db63f5dbc94b826914d59
SHA106b18598dae5a128c0eb0a117ce19f92990a7a39
SHA256bfb5b75c0fffc8bfc545ec0e38bf8a3c5d24cf99e18a30cc207a4bc3ab20e81c
SHA512cad2fa360f9741f612e9f0ca9cea5687937bad3b649984e914e6d78a2c7094880f5f70bdf5289a8db449f45823636920f7b20dfcb69a5e18157f724c16fa9978
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
8KB
MD57c44f23ae35075adb1e65fad7339a015
SHA1500de9cc0ba340770cf5299fe2fa237827e0bc90
SHA25611ddcee5ea0faf8502b837c99e9372fcabe467b2c6ec71e419bfcf57a2f417fe
SHA512529e5a7c0e1033b985239a35bebef94f4f10022721c04eed001c573c3a8dcd22a7d0de7a5c19066ac2c393db1bb1f208184dd72af721165f0a698a95893385b2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD54640218d1a1ae395109d44980e4cf614
SHA13528ccc157bd3c7ba36a28019ef57aeadcf7de0f
SHA25669d443aa11430cacdaff7c4516751ac9345cf710bb42a46a35bc4ae30701ebdc
SHA51259c409bcb6c82a3bcdc26a77be21aaa0554c8e261a5326a346ea99efb3de5bc318e8fab15bec988a523be1e602bcaee15e0b445a845a54a86f4b25d90a78c8dd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD58291b8e4638f41c69b119e65144d3da8
SHA1e33dad9b3ab9524af2206ba4679932a967052b7c
SHA256eca81eda23a0cafcf5a107420dfe7c5ca5361a03d55ae01df9e5cbd1524abfd0
SHA512915e582e2ff6edc84e2dfd9cb85d744b961866e0694a2a139cd33d0212492c5e3270dba776ae2d43835e07aa5a5cfb3eba31c233ffeddf5841cde056759bfb57
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD59924840ae89ea20bffe786f4cedaf053
SHA12b6a746f4d03cbbbb57570ea00ed618a859794b2
SHA256319d1c9390ac217fb58aabaafd8b3b909d5247b1834c2fef9a1e5665edb75db5
SHA512833a821d7eb120ddc54a4a3f5d18637483392f4a847b34136831c9c64a62fad10f96c938584f4b069163deebb7f53fb79409f92f55771ad294d77b1ef9e52278
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD59d9c6c6dcc6dd133ca9e0c87e0c4b986
SHA122a407a7af32acdc4b13fbb7d9b06308ac713cb5
SHA25619428369016f0603b4d77d542a832a57db4a0deca643a39d97a489e4759501ef
SHA5123af3510748b32c0bf02f07692c05a18fc43452287ff18dfc4a4c7ee79ceff8dcde15d43a4fb27362aa9c1516bfc2dd8ee065bad0a26c692f34e8fab734fdd68b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e530.TMPFilesize
538B
MD52a1f551a604d1557f3a785cd5c77ce08
SHA1edc05a7a529b4d0629ee9584a9b6ec2c5fec1b6f
SHA2562d8049a3d157992a799c424c3f2ad2518bed69eb272217fdeef7f5f52f8c761f
SHA512763647c5c0d7f10528cca3505c55a84692280fda856de7d8d9f9f1e6ba9cd074e2c38c89e5c473cdddf7607e32286128006d973a903b3e90340a1f0e6bd93f30
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD57b3ed57c578bf4837fc61dbaa3060e32
SHA17a5b511467b5d739e1672491e722e1110943b60f
SHA256fbc4e01303904fe4306517587e2c3cd4edaa7125dc6e4895711649ee7acaa6bd
SHA512dfdc0063b510506a3350c9a9c758b9faf4c10966354591b523bbdeca75be9ece727bbec1cef92d1aa359a75b9049d447bfe739d1e552e5426754373d0fb6db07
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5c8fc5c70108fef067674ff9c7ee105c1
SHA18f1fa20613d8b2d3c70850372f4f21c740ba07fb
SHA25613772dd94e7cf5b69aab38a0054f8363e9bc0f315112bd4e11a07c4e84963513
SHA512c5956ccac2820d6b44691baaa0f8c7c6bbc7d2032fa2b08cf5e106cf517add34f739cc686beae6896eeb3dab7d170d9bbc8475d184b9615187a477145efde5b9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD5d2032737ac77d71d9b70d829a3271000
SHA19abedabb706c52eca57cd3a018d2baa7835db800
SHA25611b0efc1c084b29c43fd1bdd9a0bd61f1dab91eed19b46bdf4fba0b89ea3314c
SHA5129787b479c87d5b720e0c8283beb30d4977f93744b1f6294d33b4d738cd101f0d9db4035119230c2206598e7d006ca9086025a4300106c00c8c99f08856bf786f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD563f4fa4120a76cb75fc225850dd68816
SHA1cc8883f37cb6ef4954575c31f76e967812ad4e90
SHA2566f7715f856b44e3ad8227a2827e562d4884c6e8886e9630e8bfc6b3360a9dc06
SHA51253f2af426312f8d9ae50d68b188ca51b3f70210fae0a4de5cf77387bee29ce27f55117ca772f84ec63d777ea4632dac96436c82f01da845a58d6b85af2e44150
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD52d302aff2f5c30aa600b724ece87628e
SHA12fe33a0f7044025ccd341f39dd577112f8b41bd7
SHA256e5c782408e195efd7e433fdc2838c9c7a1d84a7436356a7e7338b405f2973320
SHA512bd65ea73d1e53d0990c80cdc1c00b68b0d17fc84a9c646f18edbb64ec146bb6500fa7c94ca5abb9991958ccc5af9e24cd3e2106c11ad89db9877af176671dee5
-
C:\Users\Admin\AppData\Local\Temp\HexPloit.exeFilesize
5.0MB
MD5fe5b0dfcc04303dd6871be672a8bf5a9
SHA17b75e6bdf568d4d2b7cfc17503c3eff4787a73fc
SHA2562e6288e94c9e3dc2e6c9f4426d4ac17f1644e32e206bacd7698c55c672f0fdde
SHA512b357fcfcf3674e85cdd9dfd89cd7bd00a73bf468cdb7c8eb36491bda058de3ac4c3142f4c60c54aaf48ca7b9deb975f90db76b085cfcc995832993f86cd72430
-
C:\Users\Admin\AppData\Local\Temp\PhoneLink.exeFilesize
82KB
MD5ebe0f8e6eb48115c2c4c5edc38d96e99
SHA1c878421557761af220289ddb4ca167700a80d750
SHA2564eb10210f5e90ffe9ca6bae041990871ae48046a364a644123f4cfe1ddfefb7b
SHA512744c4f73e5115f6d0ddce939e20ef0f2dc5468680d3a2b7985bc8efd6820806b085e05c9751625c568f2ff2ff2fb5d8d85a5479cf6ddcc4844814bd01dd1877a
-
C:\Users\Admin\AppData\Local\Temp\System32.exeFilesize
8.5MB
MD555f327910a27960e7fcc8386b31933ad
SHA1cf7d1c03b09ab7e8fd9b5438c379225699f35da9
SHA256b30a74dded65d0114a52e929c11d0a1d6ffa3d9e872a507ce5b3e6fedc4600a0
SHA512f4404c10a8aed44c2454fc337dba498f06fbf1da16c941b00671f7f11379c09fb34610ac581d9242d6272b92be0c4c298ab8f30f00a3ed06baeec200b05251ed
-
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_5sp3552r.lzr.ps1Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
C:\Users\Admin\AppData\Local\Temp\hexer.exeFilesize
8.5MB
MD5219dd0008f3aead1f7d62ab0adbf28bb
SHA105fa2cec4388d41278e55d00b5f9db65d0e381d8
SHA256836fc78d60b1b6cbef077c7d7a2eae626d0b5e63cf6ee4e0d9652978b80623f2
SHA5121e1bb4ad835cd54a1b124e5fdb4066ca56f46ef51308d5abf89f7d5e2c58d39be9cc71ce9978660f3804e6cc19a2bb73f1599294b850e8ff93986bd70d85faf2
-
C:\Users\Admin\AppData\Local\Temp\onefile_5188_133641606504508442\_cffi_backend.pydFilesize
177KB
MD5ebb660902937073ec9695ce08900b13d
SHA1881537acead160e63fe6ba8f2316a2fbbb5cb311
SHA25652e5a0c3ca9b0d4fc67243bd8492f5c305ff1653e8d956a2a3d9d36af0a3e4fd
SHA51219d5000ef6e473d2f533603afe8d50891f81422c59ae03bead580412ec756723dc3379310e20cd0c39e9683ce7c5204791012e1b6b73996ea5cb59e8d371de24
-
C:\Users\Admin\AppData\Local\Temp\onefile_5188_133641606504508442\_decimal.pydFilesize
241KB
MD51cdd7239fc63b7c8a2e2bc0a08d9ea76
SHA185ef6f43ba1343b30a223c48442a8b4f5254d5b0
SHA256384993b2b8cfcbf155e63f0ee2383a9f9483de92ab73736ff84590a0c4ca2690
SHA512ba4e19e122f83d477cc4be5e0dea184dafba2f438a587dd4f0ef038abd40cb9cdc1986ee69c34bac3af9cf2347bea137feea3b82e02cca1a7720d735cea7acda
-
C:\Users\Admin\AppData\Local\Temp\onefile_5188_133641606504508442\cryptography\hazmat\bindings\_rust.pydFilesize
6.3MB
MD523b2d3aac2a873e981c0539eea21d2b3
SHA1679249f218c46025b0572714beba5a288e6d6eb9
SHA25658339e750fd6cee450aa21fbbd1657c78ef84b9d35503750696372c8aa845ec7
SHA51218c559df7dd992c55c247ef541693737a192fd5f5e94ae36116c4a23bad73623a46994ffc521bf81fa67ccedb571f1d886d7f45e50f6904bacf1c5e32ccddffe
-
C:\Users\Admin\AppData\Local\Temp\onefile_5188_133641606504508442\pyexpat.pydFilesize
187KB
MD5983d8e003e772e9c078faad820d14436
SHA11c90ad33dc4fecbdeb21f35ca748aa0094601c07
SHA256e2146bed9720eb94388532551444f434d3195310fa7bd117253e7df81a8e187e
SHA512e7f0fd841c41f313c1782331c0f0aa35e1d8ba42475d502d08c3598a3aaefd400179c19613941cdfad724eca067dd1b2f4c2f1e8a1d6f70eeb29f7b2213e6500
-
C:\Users\Admin\AppData\Local\Temp\onefile_5188_133641606504508442\python3.dllFilesize
60KB
MD5a5471f05fd616b0f8e582211ea470a15
SHA1cb5f8bf048dc4fc58f80bdfd2e04570dbef4730e
SHA2568d5e09791b8b251676e16bdd66a7118d88b10b66ad80a87d5897fadbefb91790
SHA512e87d06778201615b129dcf4e8b4059399128276eb87102b5c3a64b6e92714f6b0d5bde5df4413cc1b66d33a77d7a3912eaa1035f73565dbfd62280d09d46abff
-
C:\Users\Admin\AppData\Local\Temp\onefile_5188_133641606504508442\select.pydFilesize
25KB
MD578d421a4e6b06b5561c45b9a5c6f86b1
SHA1c70747d3f2d26a92a0fe0b353f1d1d01693929ac
SHA256f1694ce82da997faa89a9d22d469bfc94abb0f2063a69ec9b953bc085c2cb823
SHA51283e02963c9726a40cd4608b69b4cdf697e41c9eedfb2d48f3c02c91500e212e7e0ab03e6b3f70f42e16e734e572593f27b016b901c8aa75f674b6e0fbb735012
-
C:\Users\Admin\AppData\Local\Temp\onefile_5188_133641606504508442\unicodedata.pydFilesize
1.1MB
MD5a40ff441b1b612b3b9f30f28fa3c680d
SHA142a309992bdbb68004e2b6b60b450e964276a8fc
SHA2569b22d93f4db077a70a1d85ffc503980903f1a88e262068dd79c6190ec7a31b08
SHA5125f9142b16ed7ffc0e5b17d6a4257d7249a21061fe5e928d3cde75265c2b87b723b2e7bd3109c30d2c8f83913134445e8672c98c187073368c244a476ac46c3ef
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel Graphics Processor.exeFilesize
32.9MB
MD5ad2250bfac6e81b563e5b37e54ec5d0b
SHA1a36811dadfecab6761e350033c1a4d365b084c79
SHA256328cf6ed6cfedfc6a9b55d51c28f40956c9e43acc339a8b07f11690f06e533be
SHA512104b84d885b6327638d613b379425fbde9988d645d7d0408b7fd780b22e8246aa3e62a90600b6048b9660e3d7071ed5f4f3c83029bbc4d5a834e52ae8034aa0c
-
C:\Users\Admin\Downloads\HexPloit Release.rar:Zone.IdentifierFilesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
C:\Users\Admin\Downloads\Unconfirmed 149947.crdownloadFilesize
1.5MB
MD5f1320bd826092e99fcec85cc96a29791
SHA1c0fa3b83cf9f9ec5e584fbca4a0afa9a9faa13ed
SHA256ad12cec3a3957ff73a689e0d65a05b6328c80fd76336a1b1a6285335f8dab1ba
SHA512c6ba7770de0302dd90b04393a47dd7d80a0de26fab0bc11e147bf356e3e54ec69ba78e3df05f4f8718ba08ccaefbd6ea0409857973af3b6b57d271762685823a
-
C:\Users\Admin\Downloads\Unconfirmed 432432.crdownloadFilesize
18.2MB
MD5cf2cf86dd0bc0e31ef39b2ebad26bc0d
SHA1dbc174423236aa0ea95961f7c66eb0eeb3f9972e
SHA2564055159927af308186ba1e2e84dceff7e52bdc10400e4e1a6f56b63c3d249005
SHA5129069dd4c7cb45753247841a0275dfd6d11a32353eb21ed0895ce126d3e495447b5654e3111eaf5c6809e4541971bef7b4380b26d81ddb64b6e7bbd9376dcf13f
-
C:\Users\Admin\Downloads\Unconfirmed 462290.crdownloadFilesize
16.3MB
MD5277e874bfcbfa5eaef175c8d3d707f24
SHA186c02c4a4b2d4e9d56caf8f21b6fd670bc37d5a3
SHA256ed13a4a39159adf0b5831569aa408f9d829cafabb4fe832bfa9929810e64b447
SHA5123bb1adbffae6cf363d03d22877163f7fc3da6ae96cd1c13c19f239864b44387c83208630f28a79e7853b09c2d2501395e48be2939e58324c4c830fac2b776de4
-
\??\pipe\LOCAL\crashpad_3164_JADIWIAQKVHYGPCMMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/1036-1380-0x0000000000700000-0x000000000071A000-memory.dmpFilesize
104KB
-
memory/1336-592-0x00007FFC38FB0000-0x00007FFC38FE4000-memory.dmpFilesize
208KB
-
memory/1336-591-0x00007FF61AB20000-0x00007FF61AC18000-memory.dmpFilesize
992KB
-
memory/1336-593-0x00007FFC38280000-0x00007FFC38536000-memory.dmpFilesize
2.7MB
-
memory/1336-594-0x00007FFC36E80000-0x00007FFC37F30000-memory.dmpFilesize
16.7MB
-
memory/1412-2371-0x0000013B24610000-0x0000013B2475F000-memory.dmpFilesize
1.3MB
-
memory/4444-2334-0x0000000007910000-0x0000000007921000-memory.dmpFilesize
68KB
-
memory/4444-2331-0x0000000007390000-0x0000000007434000-memory.dmpFilesize
656KB
-
memory/4444-1742-0x0000000005E60000-0x00000000061B7000-memory.dmpFilesize
3.3MB
-
memory/4444-2319-0x00000000068C0000-0x000000000690C000-memory.dmpFilesize
304KB
-
memory/4444-2320-0x0000000007350000-0x0000000007384000-memory.dmpFilesize
208KB
-
memory/4444-2321-0x0000000073A70000-0x0000000073ABC000-memory.dmpFilesize
304KB
-
memory/4444-2330-0x0000000006970000-0x000000000698E000-memory.dmpFilesize
120KB
-
memory/4444-2338-0x0000000007990000-0x0000000007998000-memory.dmpFilesize
32KB
-
memory/4444-2332-0x0000000007780000-0x000000000778A000-memory.dmpFilesize
40KB
-
memory/4444-2333-0x00000000079B0000-0x0000000007A46000-memory.dmpFilesize
600KB
-
memory/4444-2337-0x0000000007A50000-0x0000000007A6A000-memory.dmpFilesize
104KB
-
memory/4444-2335-0x0000000007940000-0x000000000794E000-memory.dmpFilesize
56KB
-
memory/4444-2336-0x0000000007950000-0x0000000007965000-memory.dmpFilesize
84KB
-
memory/4528-2361-0x000002A49FEF0000-0x000002A4A003F000-memory.dmpFilesize
1.3MB
-
memory/4796-2345-0x0000020920A00000-0x0000020920A22000-memory.dmpFilesize
136KB
-
memory/4796-2351-0x0000020920A70000-0x0000020920BBF000-memory.dmpFilesize
1.3MB
-
memory/5288-1286-0x0000000005B30000-0x000000000615A000-memory.dmpFilesize
6.2MB
-
memory/5288-1307-0x00000000061D0000-0x0000000006527000-memory.dmpFilesize
3.3MB
-
memory/5288-1296-0x0000000005AC0000-0x0000000005B26000-memory.dmpFilesize
408KB
-
memory/5288-1309-0x00000000066D0000-0x000000000671C000-memory.dmpFilesize
304KB
-
memory/5288-1295-0x0000000005920000-0x0000000005942000-memory.dmpFilesize
136KB
-
memory/5288-1297-0x0000000006160000-0x00000000061C6000-memory.dmpFilesize
408KB
-
memory/5288-1269-0x0000000002EC0000-0x0000000002EF6000-memory.dmpFilesize
216KB
-
memory/5288-1308-0x00000000066A0000-0x00000000066BE000-memory.dmpFilesize
120KB
-
memory/5288-1313-0x0000000007AB0000-0x0000000007B42000-memory.dmpFilesize
584KB
-
memory/5288-1312-0x0000000008930000-0x0000000008ED6000-memory.dmpFilesize
5.6MB
-
memory/5288-1311-0x0000000006BB0000-0x0000000006BCA000-memory.dmpFilesize
104KB
-
memory/5288-1310-0x0000000007D00000-0x000000000837A000-memory.dmpFilesize
6.5MB
-
memory/5548-3396-0x00000254B4590000-0x00000254B46DF000-memory.dmpFilesize
1.3MB
-
memory/6012-2381-0x000001289C800000-0x000001289C94F000-memory.dmpFilesize
1.3MB