Technical Information
- '<SYSTEM32>\taskkill.exe' /f /im HTTPDebuggerUI.exe
- '<SYSTEM32>\taskkill.exe' /f /im HTTPDebuggerSvc.exe
- '<SYSTEM32>\taskkill.exe' /FI "IMAGENAME eq cheatengine*" /IM * /F /T
- '<SYSTEM32>\taskkill.exe' /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
- '<SYSTEM32>\taskkill.exe' /FI "IMAGENAME eq processhacker*" /IM * /F /T
- '<SYSTEM32>\taskkill.exe' /FI "IMAGENAME eq fiddler*" /IM * /F /T
- '<SYSTEM32>\taskkill.exe' /FI "IMAGENAME eq wireshark*" /IM * /F /T
- '<SYSTEM32>\taskkill.exe' /FI "IMAGENAME eq rawshark*" /IM * /F /T
- '<SYSTEM32>\taskkill.exe' /FI "IMAGENAME eq charles*" /IM * /F /T
- '<SYSTEM32>\taskkill.exe' /FI "IMAGENAME eq ida*" /IM * /F /T
- ClassName: '', WindowName: 'The Wireshark Network Analyzer'
- nul
- %WINDIR%\temp\tar9f94.tmp
- %WINDIR%\temp\cab9f93.tmp
- %WINDIR%\temp\tar884b.tmp
- %WINDIR%\temp\cab884a.tmp
- %WINDIR%\temp\tar87cc.tmp
- %WINDIR%\temp\cab87cb.tmp
- %WINDIR%\temp\tar7054.tmp
- %WINDIR%\temp\cab7053.tmp
- %WINDIR%\temp\tar6f59.tmp
- %WINDIR%\temp\cab6f58.tmp
- %WINDIR%\temp\tar581f.tmp
- %WINDIR%\temp\cab581e.tmp
- %WINDIR%\temp\tar5771.tmp
- %WINDIR%\temp\cabe710.tmp
- %WINDIR%\temp\cab5770.tmp
- %WINDIR%\temp\cab4008.tmp
- %WINDIR%\temp\tar3fd8.tmp
- %WINDIR%\temp\cab3fd7.tmp
- %WINDIR%\temp\tar3f69.tmp
- %WINDIR%\temp\cab3f68.tmp
- %WINDIR%\temp\tar3efa.tmp
- %WINDIR%\temp\cab3ef9.tmp
- %WINDIR%\temp\tar27d0.tmp
- %WINDIR%\temp\cab27cf.tmp
- %WINDIR%\temp\tar2741.tmp
- %WINDIR%\temp\cab2731.tmp
- %WINDIR%\temp\tarf7b.tmp
- %WINDIR%\temp\cabf7a.tmp
- %WINDIR%\temp\tar4009.tmp
- %WINDIR%\temp\tare711.tmp
- %WINDIR%\temp\cabf7a.tmp
- %WINDIR%\temp\tar9f94.tmp
- %WINDIR%\temp\cab9f93.tmp
- %WINDIR%\temp\tar884b.tmp
- %WINDIR%\temp\cab884a.tmp
- %WINDIR%\temp\tar87cc.tmp
- %WINDIR%\temp\cab87cb.tmp
- %WINDIR%\temp\tar7054.tmp
- %WINDIR%\temp\cab7053.tmp
- %WINDIR%\temp\tar6f59.tmp
- %WINDIR%\temp\cab6f58.tmp
- %WINDIR%\temp\tar581f.tmp
- %WINDIR%\temp\cab581e.tmp
- %WINDIR%\temp\tar5771.tmp
- %WINDIR%\temp\cab5770.tmp
- %WINDIR%\temp\tar4009.tmp
- %WINDIR%\temp\cab4008.tmp
- %WINDIR%\temp\tar3fd8.tmp
- %WINDIR%\temp\cab3fd7.tmp
- %WINDIR%\temp\tar3f69.tmp
- %WINDIR%\temp\cab3f68.tmp
- %WINDIR%\temp\tar3efa.tmp
- %WINDIR%\temp\cab3ef9.tmp
- %WINDIR%\temp\tar27d0.tmp
- %WINDIR%\temp\cab27cf.tmp
- %WINDIR%\temp\tar2741.tmp
- %WINDIR%\temp\cab2731.tmp
- %WINDIR%\temp\tarf7b.tmp
- %WINDIR%\temp\cabe710.tmp
- %WINDIR%\temp\tare711.tmp
- 'localhost':49185
- 'localhost':49187
- 'ke##uth.win':443
- 'x1.#.lencr.org':80
- 'x2.#.lencr.org':80
- http://x1.#.lencr.org/
- http://x2.#.lencr.org/
- 'localhost':49185
- 'localhost':49187
- 'localhost':49188
- 'ke##uth.win':443
- DNS ASK ke##uth.win
- DNS ASK x1.#.lencr.org
- DNS ASK x2.#.lencr.org
- ClassName: '' WindowName: 'Progress Telerik Fiddler Web Debugger'
- ClassName: '' WindowName: 'x64dbg'
- ClassName: '' WindowName: 'KsDumper'
- ClassName: '' WindowName: ''
- '<SYSTEM32>\cmd.exe' /c certutil -hashfile "<Full path to file>" MD5 | find /i /v "md5" | find /i /v "certutil"
- '<SYSTEM32>\sc.exe' stop wireshark
- '<SYSTEM32>\cmd.exe' /c sc stop wireshark >nul 2>&1
- '<SYSTEM32>\sc.exe' stop KProcessHacker1
- '<SYSTEM32>\cmd.exe' /c sc stop KProcessHacker1 >nul 2>&1
- '<SYSTEM32>\sc.exe' stop KProcessHacker2
- '<SYSTEM32>\cmd.exe' /c sc stop KProcessHacker2 >nul 2>&1
- '<SYSTEM32>\sc.exe' stop KProcessHacker3
- '<SYSTEM32>\cmd.exe' /c sc stop KProcessHacker3 >nul 2>&1
- '<SYSTEM32>\cmd.exe' /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1
- '<SYSTEM32>\cmd.exe' /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1
- '<SYSTEM32>\cmd.exe' /c taskkill /FI "IMAGENAME eq rawshark*" /IM * /F /T >nul 2>&1
- '<SYSTEM32>\cmd.exe' /c taskkill /FI "IMAGENAME eq wireshark*" /IM * /F /T >nul 2>&1
- '<SYSTEM32>\cmd.exe' /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
- '<SYSTEM32>\cmd.exe' /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
- '<SYSTEM32>\cmd.exe' /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
- '<SYSTEM32>\cmd.exe' /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
- '<SYSTEM32>\sc.exe' stop HTTPDebuggerPro
- '<SYSTEM32>\cmd.exe' /c sc stop HTTPDebuggerPro >nul 2>&1
- '<SYSTEM32>\cmd.exe' /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
- '<SYSTEM32>\cmd.exe' /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
- '<SYSTEM32>\find.exe' /i /v "certutil"
- '<SYSTEM32>\find.exe' /i /v "md5"
- '<SYSTEM32>\certutil.exe' -hashfile "<Full path to file>" MD5
- '<SYSTEM32>\cmd.exe' /c sc stop npf >nul 2>&1
- '<SYSTEM32>\sc.exe' stop npf