rms | a8e1451977681daed17a51989b03247d068e677a1ef9513b112fc1f968227753

Analysis

max time kernel
153s
max time network
158s
platform
windows7_x64
resource
win7-en-20211208
submitted
13-02-2022 11:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a8e1451977681daed17a51989b03247d068e677a1ef9513b112fc1f968227753.exe
Size

11.9MB
MD5

dcbe4706bb4880c407588a0a1b16d7a5
SHA1

d621fc9854d5ff3a012554378e8c5b77f7761a9f
SHA256

a8e1451977681daed17a51989b03247d068e677a1ef9513b112fc1f968227753
SHA512

6053783ad26ae8d9bdbb2cea609d910c321c012ebaf875f3c18b418e282ace385ef86753ad40391cc132a64b8fabd180edf6cbafb94b784883646a9d708734fb

Score

10^/10

rms evasion persistence rat trojan upx

Malware Config

Signatures

RMS
Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
trojan rat rms
UAC bypass 3 TTPs
evasion trojan

Bypass User Account Control
T1088

Disabling Security Tools
T1089

Modify Registry
T1112

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0005000000014306-86.dat	acprotect
behavioral1/files/0x000500000001438f-108.dat	acprotect

Executes dropped EXE 2 IoCs

pid	Process
460	data.exe
1512	TorAd.exe

Modifies Windows Firewall 1 TTPs
evasion

Modify Existing Service
T1031
Sets file to hidden 1 TTPs
Modifies file attributes to stop it showing in Explorer etc.
evasion

Hidden Files and Directories
T1158

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0005000000014306-86.dat	upx
behavioral1/files/0x000500000001438f-108.dat	upx

Loads dropped DLL 5 IoCs

pid	Process
960	a8e1451977681daed17a51989b03247d068e677a1ef9513b112fc1f968227753.exe
960	a8e1451977681daed17a51989b03247d068e677a1ef9513b112fc1f968227753.exe
960	a8e1451977681daed17a51989b03247d068e677a1ef9513b112fc1f968227753.exe
792	cmd.exe
792	cmd.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows Services = "C:Tor\\TorAd.exe"	reg.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\4w5tb68h7t987093f4trq893f4rw89etw.txt	wscript.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Delays execution with timeout.exe 1 IoCs

evasion

pid	Process
884	timeout.exe

Enumerates processes with tasklist 1 TTPs 64 IoCs

Process Discovery

T1057

pid	Process
476	tasklist.exe
1456	tasklist.exe
1800	tasklist.exe
1636	Process not Found
916	tasklist.exe
292	tasklist.exe
268	tasklist.exe
760	tasklist.exe
1136	tasklist.exe
1212	Process not Found
1732	Process not Found
1488	Process not Found
1488	Process not Found
608	Process not Found
1700	tasklist.exe
1076	Process not Found
1900	Process not Found
308	tasklist.exe
1540	tasklist.exe
2032	tasklist.exe
288	tasklist.exe
1724	Process not Found
2032	tasklist.exe
1488	tasklist.exe
2028	tasklist.exe
1392	tasklist.exe
1456	Process not Found
1612	Process not Found
1348	Process not Found
1744	tasklist.exe
1396	tasklist.exe
996	tasklist.exe
476	tasklist.exe
1076	tasklist.exe
452	tasklist.exe
1616	Process not Found
892	tasklist.exe
1072	tasklist.exe
336	Process not Found
860	Process not Found
816	Process not Found
308	tasklist.exe
996	Process not Found
1776	tasklist.exe
1924	Process not Found
516	Process not Found
1604	tasklist.exe
292	tasklist.exe
428	tasklist.exe
1560	Process not Found
1608	tasklist.exe
1224	tasklist.exe
1224	tasklist.exe
860	tasklist.exe
1136	Process not Found
1604	Process not Found
1844	tasklist.exe
1456	Process not Found
1608	Process not Found
1888	Process not Found
1700	tasklist.exe
1304	tasklist.exe
336	tasklist.exe
1692	tasklist.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

pid	Process
1908	reg.exe

Runs .reg file with regedit 1 IoCs

pid	Process
1128	regedit.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1512	TorAd.exe
1512	TorAd.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	1512	TorAd.exe
Token: SeTcbPrivilege	1512	TorAd.exe
Token: SeTcbPrivilege	1512	TorAd.exe
Token: SeDebugPrivilege	1556	tasklist.exe
Token: SeDebugPrivilege	2036	tasklist.exe
Token: SeDebugPrivilege	428	tasklist.exe
Token: SeDebugPrivilege	292	tasklist.exe
Token: SeDebugPrivilege	1260	tasklist.exe
Token: SeDebugPrivilege	1712	tasklist.exe
Token: SeDebugPrivilege	1968	tasklist.exe
Token: SeDebugPrivilege	796	tasklist.exe
Token: SeDebugPrivilege	1956	tasklist.exe
Token: SeDebugPrivilege	1556	tasklist.exe
Token: SeDebugPrivilege	1584	tasklist.exe
Token: SeDebugPrivilege	1128	tasklist.exe
Token: SeDebugPrivilege	616	tasklist.exe
Token: SeDebugPrivilege	1484	tasklist.exe
Token: SeDebugPrivilege	836	tasklist.exe
Token: SeDebugPrivilege	1744	tasklist.exe
Token: SeDebugPrivilege	1400	tasklist.exe
Token: SeDebugPrivilege	748	tasklist.exe
Token: SeDebugPrivilege	1548	tasklist.exe
Token: SeDebugPrivilege	2036	tasklist.exe
Token: SeDebugPrivilege	428	tasklist.exe
Token: SeDebugPrivilege	292	tasklist.exe
Token: SeDebugPrivilege	1260	tasklist.exe
Token: SeDebugPrivilege	1712	tasklist.exe
Token: SeDebugPrivilege	432	tasklist.exe
Token: SeDebugPrivilege	796	tasklist.exe
Token: SeDebugPrivilege	1844	tasklist.exe
Token: SeDebugPrivilege	1608	tasklist.exe
Token: SeDebugPrivilege	1728	tasklist.exe
Token: SeDebugPrivilege	1396	tasklist.exe
Token: SeDebugPrivilege	2032	tasklist.exe
Token: SeDebugPrivilege	476	tasklist.exe
Token: SeDebugPrivilege	820	tasklist.exe
Token: SeDebugPrivilege	1156	tasklist.exe
Token: SeDebugPrivilege	1304	tasklist.exe
Token: SeDebugPrivilege	952	tasklist.exe
Token: SeDebugPrivilege	1832	tasklist.exe
Token: SeDebugPrivilege	1212	tasklist.exe
Token: SeDebugPrivilege	1128	tasklist.exe
Token: SeDebugPrivilege	616	tasklist.exe
Token: SeDebugPrivilege	1484	tasklist.exe
Token: SeDebugPrivilege	836	tasklist.exe
Token: SeDebugPrivilege	1744	tasklist.exe
Token: SeDebugPrivilege	1400	tasklist.exe
Token: SeDebugPrivilege	748	tasklist.exe
Token: SeDebugPrivilege	1548	tasklist.exe
Token: SeDebugPrivilege	2036	tasklist.exe
Token: SeDebugPrivilege	1128	tasklist.exe
Token: SeDebugPrivilege	1160	tasklist.exe
Token: SeDebugPrivilege	1924	tasklist.exe
Token: SeDebugPrivilege	652	tasklist.exe
Token: SeDebugPrivilege	1576	tasklist.exe
Token: SeDebugPrivilege	656	tasklist.exe
Token: SeDebugPrivilege	452	tasklist.exe
Token: SeDebugPrivilege	1248	tasklist.exe
Token: SeDebugPrivilege	812	tasklist.exe
Token: SeDebugPrivilege	1144	tasklist.exe
Token: SeDebugPrivilege	1516	tasklist.exe
Token: SeDebugPrivilege	1484	tasklist.exe
Token: SeDebugPrivilege	1404	tasklist.exe
Token: SeDebugPrivilege	1136	tasklist.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1512	TorAd.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 960 wrote to memory of 460	960	a8e1451977681daed17a51989b03247d068e677a1ef9513b112fc1f968227753.exe	27
PID 960 wrote to memory of 460	960	a8e1451977681daed17a51989b03247d068e677a1ef9513b112fc1f968227753.exe	27
PID 960 wrote to memory of 460	960	a8e1451977681daed17a51989b03247d068e677a1ef9513b112fc1f968227753.exe	27
PID 960 wrote to memory of 460	960	a8e1451977681daed17a51989b03247d068e677a1ef9513b112fc1f968227753.exe	27
PID 960 wrote to memory of 460	960	a8e1451977681daed17a51989b03247d068e677a1ef9513b112fc1f968227753.exe	27
PID 960 wrote to memory of 460	960	a8e1451977681daed17a51989b03247d068e677a1ef9513b112fc1f968227753.exe	27
PID 960 wrote to memory of 460	960	a8e1451977681daed17a51989b03247d068e677a1ef9513b112fc1f968227753.exe	27
PID 460 wrote to memory of 1400	460	data.exe	28
PID 460 wrote to memory of 1400	460	data.exe	28
PID 460 wrote to memory of 1400	460	data.exe	28
PID 460 wrote to memory of 1400	460	data.exe	28
PID 460 wrote to memory of 1400	460	data.exe	28
PID 460 wrote to memory of 1400	460	data.exe	28
PID 460 wrote to memory of 1400	460	data.exe	28
PID 1400 wrote to memory of 336	1400	WScript.exe	29
PID 1400 wrote to memory of 336	1400	WScript.exe	29
PID 1400 wrote to memory of 336	1400	WScript.exe	29
PID 1400 wrote to memory of 336	1400	WScript.exe	29
PID 1400 wrote to memory of 336	1400	WScript.exe	29
PID 1400 wrote to memory of 336	1400	WScript.exe	29
PID 1400 wrote to memory of 336	1400	WScript.exe	29
PID 1400 wrote to memory of 1968	1400	WScript.exe	30
PID 1400 wrote to memory of 1968	1400	WScript.exe	30
PID 1400 wrote to memory of 1968	1400	WScript.exe	30
PID 1400 wrote to memory of 1968	1400	WScript.exe	30
PID 1400 wrote to memory of 1968	1400	WScript.exe	30
PID 1400 wrote to memory of 1968	1400	WScript.exe	30
PID 1400 wrote to memory of 1968	1400	WScript.exe	30
PID 1400 wrote to memory of 432	1400	WScript.exe	31
PID 1400 wrote to memory of 432	1400	WScript.exe	31
PID 1400 wrote to memory of 432	1400	WScript.exe	31
PID 1400 wrote to memory of 432	1400	WScript.exe	31
PID 1400 wrote to memory of 432	1400	WScript.exe	31
PID 1400 wrote to memory of 432	1400	WScript.exe	31
PID 1400 wrote to memory of 432	1400	WScript.exe	31
PID 1400 wrote to memory of 1144	1400	WScript.exe	32
PID 1400 wrote to memory of 1144	1400	WScript.exe	32
PID 1400 wrote to memory of 1144	1400	WScript.exe	32
PID 1400 wrote to memory of 1144	1400	WScript.exe	32
PID 1400 wrote to memory of 1144	1400	WScript.exe	32
PID 1400 wrote to memory of 1144	1400	WScript.exe	32
PID 1400 wrote to memory of 1144	1400	WScript.exe	32
PID 1400 wrote to memory of 1044	1400	WScript.exe	33
PID 1400 wrote to memory of 1044	1400	WScript.exe	33
PID 1400 wrote to memory of 1044	1400	WScript.exe	33
PID 1400 wrote to memory of 1044	1400	WScript.exe	33
PID 1400 wrote to memory of 1044	1400	WScript.exe	33
PID 1400 wrote to memory of 1044	1400	WScript.exe	33
PID 1400 wrote to memory of 1044	1400	WScript.exe	33
PID 1400 wrote to memory of 1820	1400	WScript.exe	34
PID 1400 wrote to memory of 1820	1400	WScript.exe	34
PID 1400 wrote to memory of 1820	1400	WScript.exe	34
PID 1400 wrote to memory of 1820	1400	WScript.exe	34
PID 1400 wrote to memory of 1820	1400	WScript.exe	34
PID 1400 wrote to memory of 1820	1400	WScript.exe	34
PID 1400 wrote to memory of 1820	1400	WScript.exe	34
PID 1400 wrote to memory of 1084	1400	WScript.exe	35
PID 1400 wrote to memory of 1084	1400	WScript.exe	35
PID 1400 wrote to memory of 1084	1400	WScript.exe	35
PID 1400 wrote to memory of 1084	1400	WScript.exe	35
PID 1400 wrote to memory of 1084	1400	WScript.exe	35
PID 1400 wrote to memory of 1084	1400	WScript.exe	35
PID 1400 wrote to memory of 1084	1400	WScript.exe	35
PID 1400 wrote to memory of 608	1400	WScript.exe	36

Views/modifies file attributes 1 TTPs 3 IoCs

evasion

Hidden Files and Directories

T1158

pid	Process
1736	attrib.exe
1260	attrib.exe
1716	attrib.exe

C:\Users\Admin\AppData\Local\Temp\a8e1451977681daed17a51989b03247d068e677a1ef9513b112fc1f968227753.exe
"C:\Users\Admin\AppData\Local\Temp\a8e1451977681daed17a51989b03247d068e677a1ef9513b112fc1f968227753.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:960
- C:\Users\Admin\AppData\Local\Temp\Windows\build\data.exe
  "C:\Users\Admin\AppData\Local\Temp\Windows\build\data.exe" -p284579G45398T745398T
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:460
- - C:\Windows\SysWOW64\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Log\install.vbs"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1400
  - - C:\Windows\SysWOW64\wscript.exe
      "C:\Windows\System32\wscript.exe" "C:\Log\install.vbs" Run
      4⤵
      Drops file in Windows directory
      PID:336
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Log\Windows\hiscomponent\install.bat" "
        5⤵
        Loads dropped DLL
        
        PID:792
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib +s +h "C:\Log"
        6⤵
        Views/modifies file attributes
        
        PID:1736
      - C:\Windows\SysWOW64\netsh.exe
        
        netsh advfirewall set allprofiles state off
        6⤵
        
        PID:1936
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Log\Windows\hiscomponent\msg.vbs"
        6⤵
        
        PID:1436
      - C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKLM\SYSTEM\Remote Manipulator System" /f
        6⤵
        
        PID:1608
      - C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_LOCAL_MACHINE\SYSTEM\HardwareConfig\DEVICEMAP" /f
        6⤵
        
        PID:860
      - C:\Windows\SysWOW64\reg.exe
        
        reg delete "HKEY_CURRENT_USER\Software\TektonIT\Remote Manipulator System" /f
        6⤵
        
        PID:1224
      - C:\Windows\SysWOW64\regedit.exe
        
        regedit /s "Windows\hiscomponent\regedit.reg"
        6⤵
        Runs .reg file with regedit
        
        PID:1128
      - C:\Windows\SysWOW64\timeout.exe
        
        timeout 1
        6⤵
        Delays execution with timeout.exe
        
        PID:884
      - C:\Windows\SysWOW64\reg.exe
        
        Reg Add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windows Services" /t REG_SZ /d "C:Tor\TorAd.exe" /f
        6⤵
        Adds Run key to start application
        
        PID:620
      - C:\Tor\TorAd.exe
        
        TorAd.exe
        6⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:1512
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib +s +h "C:\Tor\*.*"
        6⤵
        Views/modifies file attributes
        
        PID:1260
      - C:\Windows\SysWOW64\attrib.exe
        
        attrib +s +h "C:\Tor"
        6⤵
        Views/modifies file attributes
        
        PID:1716
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Tor\process.vbs"
        6⤵
        
        PID:1844
        
        C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\Tor\process.bat" "
        7⤵
        
        PID:1904
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1556
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1832
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2036
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1212
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:428
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:972
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:292
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1392
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1260
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1348
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1712
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1684
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1968
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1156
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:796
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1304
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1956
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:952
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1556
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1832
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1584
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1212
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1128
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:972
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:616
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1392
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1484
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1348
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:836
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1684
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1744
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1968
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1400
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1560
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:748
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1956
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1548
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1556
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2036
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1584
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:428
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1128
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:292
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:616
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1260
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1712
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:836
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:432
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1744
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:796
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1400
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1844
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:748
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1548
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:1608
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1728
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:2036
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1396
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:428
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2032
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:292
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:476
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1260
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:820
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1712
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1156
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:432
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1304
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:796
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:952
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1844
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1832
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1212
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1128
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:428
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:616
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:292
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1484
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1260
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:836
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1712
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:1744
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:432
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1400
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:796
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:748
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1844
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1548
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2036
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1128
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:428
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1160
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:292
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1924
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1260
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:652
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1712
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1576
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:432
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:656
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:796
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:452
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1844
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1248
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:812
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1144
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:428
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1516
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:292
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1484
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1260
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1404
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1712
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1136
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:432
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:572
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:796
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1072
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1844
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1900
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:688
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1060
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:428
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:576
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:292
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:884
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1260
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1712
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Enumerates processes with tasklist
        
        PID:916
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:432
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Enumerates processes with tasklist
        
        PID:1604
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:796
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1040
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1844
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1488
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1464
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1968
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:428
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:816
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:292
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:760
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1260
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1612
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1712
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Enumerates processes with tasklist
        
        PID:308
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:432
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Enumerates processes with tasklist
        
        PID:1396
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:796
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Enumerates processes with tasklist
        
        PID:1776
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1844
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:336
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Enumerates processes with tasklist
        
        PID:1224
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1020
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:428
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:620
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:292
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:952
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1260
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:720
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1712
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:880
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:432
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Enumerates processes with tasklist
        
        PID:1540
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:796
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1700
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1844
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:268
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:588
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1956
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:428
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:892
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:292
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1456
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1260
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1392
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1712
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:2032
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:432
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1128
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:796
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1776
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1700
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1560
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:268
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1224
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:588
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1020
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1956
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:620
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:892
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:952
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1456
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:720
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1392
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:880
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:2032
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1540
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1128
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1160
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1776
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:336
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1560
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:588
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:428
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1956
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:292
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:892
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1260
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1456
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1712
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1392
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:432
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:2032
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:796
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1128
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1700
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1776
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:336
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1224
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1020
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:428
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:620
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1348
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:952
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1260
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:720
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1712
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:880
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:432
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1540
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:796
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1160
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1700
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:268
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:748
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1224
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:452
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1020
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Enumerates processes with tasklist
        
        PID:292
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:620
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:2028
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:952
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1920
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:720
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:836
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:880
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1304
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1540
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:996
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1160
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1560
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:268
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:588
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:748
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1956
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:452
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Enumerates processes with tasklist
        
        PID:892
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:292
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1456
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:2028
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1392
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1920
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Enumerates processes with tasklist
        
        PID:2032
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:836
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1128
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1304
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1776
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:996
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:336
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1560
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:588
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:428
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1956
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1348
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:892
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1260
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1456
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1712
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1392
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:432
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:2032
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:796
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1128
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Enumerates processes with tasklist
        
        PID:1700
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1776
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:336
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1224
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:452
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1956
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:292
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:892
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:2028
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1456
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1920
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1392
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:432
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1788
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1304
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1684
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Enumerates processes with tasklist
        
        PID:1700
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:516
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1156
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1224
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1096
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:452
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:884
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:292
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:656
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:2028
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:572
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1920
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1072
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:432
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1900
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1304
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:552
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1700
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1924
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:620
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Enumerates processes with tasklist
        
        PID:1224
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1404
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:452
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:760
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:292
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:836
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:2028
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:796
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1920
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1160
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Enumerates processes with tasklist
        
        PID:268
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1776
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:564
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:336
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:428
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1800
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1348
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1956
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1260
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:892
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1212
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1612
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:308
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:616
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1900
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:860
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:552
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:748
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1924
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1400
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1404
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:760
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:2008
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:292
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:2032
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:796
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1908
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1160
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1684
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1516
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:516
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1744
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1156
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1800
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:652
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1556
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:452
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1260
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:836
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1212
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:572
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:308
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1072
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:616
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1560
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:552
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:588
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:748
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:576
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1364
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1404
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1136
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1584
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:2008
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:2028
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:2032
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1920
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1908
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:268
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1684
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:820
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:336
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:428
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1156
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1348
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:652
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1716
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:452
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1248
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:836
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1392
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:572
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1144
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:616
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:812
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1560
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1700
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:588
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1844
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1224
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1404
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1712
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:916
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:2008
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1128
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:2032
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:996
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1908
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Enumerates processes with tasklist
        
        PID:1488
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1684
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1020
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:336
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:428
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:816
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:892
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1260
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1612
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:656
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:836
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:796
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:476
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1160
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1776
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:860
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1924
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:564
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1576
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1096
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1968
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:884
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1364
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1548
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1136
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Enumerates processes with tasklist
        
        PID:1456
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:836
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1392
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:476
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1488
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1560
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:588
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:564
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:576
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1096
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:884
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1364
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1548
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1136
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1456
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:836
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1392
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:476
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1488
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1956
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:588
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1348
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:576
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1612
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:884
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1396
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1548
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1908
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1456
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1832
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1924
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:476
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1488
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1956
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:652
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1348
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Enumerates processes with tasklist
        
        PID:292
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1612
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1128
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1396
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1900
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1908
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:620
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1832
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1556
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:476
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:720
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1956
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1212
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1348
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:2032
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1612
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Enumerates processes with tasklist
        
        PID:1304
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1396
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:748
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1908
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1832
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1404
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:476
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Enumerates processes with tasklist
        
        PID:760
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1956
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:576
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:308
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:884
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1136
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1548
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:836
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1456
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:516
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1968
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1400
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:452
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1092
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:288
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:996
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1212
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1076
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:2032
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:428
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1396
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1844
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1576
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1724
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1056
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1556
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:2008
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:452
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:988
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:288
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:996
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1700
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1076
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1304
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:428
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1908
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Enumerates processes with tasklist
        
        PID:1844
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:588
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1724
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1332
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:720
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:2008
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1364
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:988
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:996
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1224
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1076
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:564
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Enumerates processes with tasklist
        
        PID:428
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1968
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1844
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1488
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1724
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:2028
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:308
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:2008
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1612
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:988
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1800
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Enumerates processes with tasklist
        
        PID:996
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:748
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1076
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1924
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:428
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1096
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1844
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1400
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1724
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1072
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1212
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:2008
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:836
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:988
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:516
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:996
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1076
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:572
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:428
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:652
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1844
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:796
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1724
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:288
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1900
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:2008
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1304
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:988
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:816
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:996
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:476
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Enumerates processes with tasklist
        
        PID:1076
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1956
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:652
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:720
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:796
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1364
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:288
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1900
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:972
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1304
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:564
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:816
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:476
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:2040
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1076
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1092
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:652
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:2036
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:796
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:860
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:288
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:952
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1900
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1576
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1304
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1056
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:816
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:428
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Enumerates processes with tasklist
        
        PID:476
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:452
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1076
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1128
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:652
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:796
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:620
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:288
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1900
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:588
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1304
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:656
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:816
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:2028
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:476
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:308
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1724
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1128
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1212
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:2008
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:620
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:988
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:996
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:588
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:572
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:656
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:576
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:2028
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:452
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:476
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1700
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1548
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1396
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1800
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1908
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1832
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:916
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1968
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1556
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1096
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1956
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:292
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1516
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:616
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Enumerates processes with tasklist
        
        PID:2032
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:308
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1560
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1724
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:952
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1212
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:2008
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1056
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:988
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1400
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:996
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:884
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:572
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1788
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:576
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1456
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:452
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1700
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1924
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:652
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Enumerates processes with tasklist
        
        PID:336
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1908
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:2040
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:916
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1136
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1556
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1612
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1956
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1516
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1988
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:2032
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1716
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1560
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:760
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:952
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1348
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1092
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1056
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:2036
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1400
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1224
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:884
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:972
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1788
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:564
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1456
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1488
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1540
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1924
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Enumerates processes with tasklist
        
        PID:1072
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:336
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Enumerates processes with tasklist
        
        PID:2028
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:2040
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1128
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1136
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:308
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:516
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1800
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1396
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1832
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:2008
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1076
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:988
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1576
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:292
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:796
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:860
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:288
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1956
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1900
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:452
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:2032
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1724
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1456
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1908
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:656
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Enumerates processes with tasklist
        
        PID:1692
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:916
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:476
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1556
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:576
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:836
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1224
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1112
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:516
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1516
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1988
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1700
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1332
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1560
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1076
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:952
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1072
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:2040
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1056
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Enumerates processes with tasklist
        
        PID:1136
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1548
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Enumerates processes with tasklist
        
        PID:308
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:620
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1800
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:972
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1832
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:564
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1716
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1488
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:656
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1924
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:292
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:336
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Enumerates processes with tasklist
        
        PID:288
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:2028
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1956
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:884
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Enumerates processes with tasklist
        
        PID:452
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1724
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1396
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1456
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:988
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:2008
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1692
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:760
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:476
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1400
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1056
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1612
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1548
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1212
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:516
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1988
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:2032
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1560
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1076
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:572
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1072
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:916
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:2040
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:720
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1224
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:836
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:308
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1112
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1800
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1516
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:564
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1700
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:796
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1716
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Enumerates processes with tasklist
        
        PID:860
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:656
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1788
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:336
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1136
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:288
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1956
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1200
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:452
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:996
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1332
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1396
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1456
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:108
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1404
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:816
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1628
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:572
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1968
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1072
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:2040
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1540
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:836
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1832
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1112
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1972
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1516
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1560
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1576
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:292
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:796
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1400
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:860
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1612
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1788
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1212
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:2028
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1956
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:2032
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:452
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:2008
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1332
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:952
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1456
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1404
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1556
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1628
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Enumerates processes with tasklist
        
        PID:1392
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1968
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:308
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1116
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1540
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:972
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:516
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1488
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1988
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1560
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1076
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:760
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:476
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1400
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:884
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1612
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1548
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1212
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1844
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:2036
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:452
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1972
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1300
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:2008
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:816
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:952
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:656
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1604
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:336
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1556
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1224
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1788
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1200
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:2040
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1800
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:836
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:2032
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1940
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:452
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:616
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1300
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1128
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:816
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:812
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:656
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:588
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:336
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1968
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1224
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:2028
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1200
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1908
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        Enumerates processes with tasklist
        
        PID:1800
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1496
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:2032
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1348
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:452
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:796
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1300
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1900
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:812
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:288
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:588
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:652
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1968
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:1540
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:2028
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:968
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1908
        
        C:\Windows\SysWOW64\find.exe
        
        find "TorAd.exe"
        8⤵
        
        PID:516
        
        C:\Windows\SysWOW64\tasklist.exe
        
        tasklist
        8⤵
        
        PID:1496
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\System32\cmd.exe /k C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
        6⤵
        
        PID:1624
        
        C:\Windows\SysWOW64\reg.exe
        
        C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
        7⤵
        Modifies registry key
        
        PID:1908
  - - C:\Windows\SysWOW64\wscript.exe
      "C:\Windows\System32\wscript.exe" "C:\Log\install.vbs" Run
      4⤵
      PID:1968
  - - C:\Windows\SysWOW64\wscript.exe
      "C:\Windows\System32\wscript.exe" "C:\Log\install.vbs" Run
      4⤵
      PID:432
  - - C:\Windows\SysWOW64\wscript.exe
      "C:\Windows\System32\wscript.exe" "C:\Log\install.vbs" Run
      4⤵
      PID:1144
  - - C:\Windows\SysWOW64\wscript.exe
      "C:\Windows\System32\wscript.exe" "C:\Log\install.vbs" Run
      4⤵
      PID:1044
  - - C:\Windows\SysWOW64\wscript.exe
      "C:\Windows\System32\wscript.exe" "C:\Log\install.vbs" Run
      4⤵
      PID:1820
  - - C:\Windows\SysWOW64\wscript.exe
      "C:\Windows\System32\wscript.exe" "C:\Log\install.vbs" Run
      4⤵
      PID:1084
  - - C:\Windows\SysWOW64\wscript.exe
      "C:\Windows\System32\wscript.exe" "C:\Log\install.vbs" Run
      4⤵
      PID:608
  - - C:\Windows\SysWOW64\wscript.exe
      "C:\Windows\System32\wscript.exe" "C:\Log\install.vbs" Run
      4⤵
      PID:1184

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

T1158

Modify Existing Service

T1031

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Bypass User Account Control

T1088

Defense Evasion

Bypass User Account Control

T1088

Disabling Security Tools

T1089

Hidden Files and Directories

T1158

Modify Registry

T1112

Credential Access

Discovery

Process Discovery

T1057

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/960-55-0x0000000076371000-0x0000000076373000-memory.dmp

Filesize
8KB

Download
memory/1512-110-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download