cybergate | 40bb451153fd88aed6567dbc7fabd6c67bc8709fe72a12fabe19bb8720d54dc1

Analysis

max time kernel
158s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2022, 00:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

40bb451153fd88aed6567dbc7fabd6c67bc8709fe72a12fabe19bb8720d54dc1.exe
Size

384KB
MD5

1076704ee811b1e8a760f14a2bda727d
SHA1

9556e34a3a1803df564a360b4214004a8f13006d
SHA256

40bb451153fd88aed6567dbc7fabd6c67bc8709fe72a12fabe19bb8720d54dc1
SHA512

2288338d9881d47ab0f10ee05b8fd407701d762ba234f2634ca838265e06597f1ee1b797b51ecbaf118a209eff82281228109833c34fcb390fb23ec1ba2024d0
SSDEEP

3072:Gm2U5CpWpijVgrdVpDOWK6CwtqCCr+fpJfeOchJ9p51tFBa8iRBGGCzYGOWx/C7k:GgY0cVqdvOH21LeOihPho0GCzYGr3QVC

Score

10^/10

cybergate pc persistence stealer trojan upx

Malware Config

Extracted

Family

cybergate

Version

2.2

Botnet

xxfoxx.no-ip.org:81

Mutex

***MUTEX***

Attributes

enable_keylogger
true
enable_message_box
false
ftp_directory
./logs/
ftp_interval
30
injected_process
explorer.exe
install_dir
install
install_file
server.exe
install_flag
true
keylogger_enable_ftp
false
message_box_caption
texto da mensagem
message_box_title
título da mensagem
password
159
regkey_hkcu
HKCU
regkey_hklm
HKLM

Signatures

CyberGate, Rebhip
CyberGate is a lightweight remote administration tool with a wide array of functionalities.
trojan stealer cybergate

Adds policy Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run	Servo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies = "C:\\Windows\\system32\\install\\server.exe"	Servo.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run	Servo.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies = "C:\\Windows\\system32\\install\\server.exe"	Servo.exe

Executes dropped EXE 5 IoCs

pid	Process
1624	Servo.exe
2436	Av-Kill_.exe
2996	Kill1.exe
2456	Kill2.exe
4796	Servo.exe

Modifies Installed Components in the registry 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{CXA2EAFU-22UK-J60H-OD48-3601RKSAW712}	Servo.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CXA2EAFU-22UK-J60H-OD48-3601RKSAW712}\StubPath = "C:\\Windows\\system32\\install\\server.exe Restart"	Servo.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{CXA2EAFU-22UK-J60H-OD48-3601RKSAW712}	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{CXA2EAFU-22UK-J60H-OD48-3601RKSAW712}\StubPath = "C:\\Windows\\system32\\install\\server.exe"	explorer.exe

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1624-147-0x0000000024010000-0x000000002404C000-memory.dmp	upx
behavioral2/memory/1624-163-0x0000000024050000-0x000000002408C000-memory.dmp	upx
behavioral2/memory/4920-166-0x0000000024050000-0x000000002408C000-memory.dmp	upx
behavioral2/memory/4920-170-0x0000000024050000-0x000000002408C000-memory.dmp	upx
behavioral2/memory/1624-176-0x0000000024090000-0x00000000240CC000-memory.dmp	upx
behavioral2/memory/1624-182-0x00000000240D0000-0x000000002410C000-memory.dmp	upx
behavioral2/memory/4796-185-0x00000000240D0000-0x000000002410C000-memory.dmp	upx
behavioral2/memory/4796-190-0x00000000240D0000-0x000000002410C000-memory.dmp	upx
behavioral2/memory/4796-236-0x00000000240D0000-0x000000002410C000-memory.dmp	upx

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	40bb451153fd88aed6567dbc7fabd6c67bc8709fe72a12fabe19bb8720d54dc1.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	Av-Kill_.exe

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Windows\\system32\\install\\server.exe"	Servo.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Windows\CurrentVersion\Run	Servo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU = "C:\\Windows\\system32\\install\\server.exe"	Servo.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	Servo.exe

Drops file in System32 directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\install\server.exe	Servo.exe
File opened for modification	C:\Windows\SysWOW64\install\	Servo.exe
File created	C:\Windows\SysWOW64\install\server.exe	Servo.exe
File opened for modification	C:\Windows\SysWOW64\install\server.exe	Servo.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Kills process with taskkill 64 IoCs

evasion

pid	Process
1976	taskkill.exe
2968	taskkill.exe
3824	taskkill.exe
5012	taskkill.exe
3868	taskkill.exe
2708	taskkill.exe
4108	taskkill.exe
4604	taskkill.exe
2788	taskkill.exe
404	taskkill.exe
3172	taskkill.exe
1940	taskkill.exe
644	taskkill.exe
2520	taskkill.exe
4372	taskkill.exe
3104	taskkill.exe
1532	taskkill.exe
3112	taskkill.exe
1640	taskkill.exe
1192	taskkill.exe
520	taskkill.exe
1676	taskkill.exe
1312	taskkill.exe
4648	taskkill.exe
1000	taskkill.exe
4928	taskkill.exe
3308	taskkill.exe
4028	taskkill.exe
2392	taskkill.exe
4728	taskkill.exe
1848	taskkill.exe
3368	taskkill.exe
1276	taskkill.exe
3504	taskkill.exe
3228	taskkill.exe
1640	taskkill.exe
2260	taskkill.exe
3128	taskkill.exe
2788	taskkill.exe
404	taskkill.exe
4880	taskkill.exe
4172	taskkill.exe
3460	taskkill.exe
3348	taskkill.exe
4956	taskkill.exe
2132	taskkill.exe
2236	taskkill.exe
4580	taskkill.exe
4896	taskkill.exe
1168	taskkill.exe
3136	taskkill.exe
4236	taskkill.exe
872	taskkill.exe
4928	taskkill.exe
3132	taskkill.exe
4024	taskkill.exe
1992	taskkill.exe
4288	taskkill.exe
3268	taskkill.exe
3752	taskkill.exe
2404	taskkill.exe
2424	taskkill.exe
4800	taskkill.exe
4228	taskkill.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings	rundll32.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
2996	Kill1.exe
2996	Kill1.exe
2996	Kill1.exe
2996	Kill1.exe
2996	Kill1.exe
2996	Kill1.exe
2996	Kill1.exe
2996	Kill1.exe
2996	Kill1.exe
2996	Kill1.exe
2456	Kill2.exe
2456	Kill2.exe
2456	Kill2.exe
2456	Kill2.exe
2456	Kill2.exe
2456	Kill2.exe
2456	Kill2.exe
2456	Kill2.exe
2456	Kill2.exe
2456	Kill2.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4796	Servo.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4860	taskkill.exe
Token: SeDebugPrivilege	4580	taskkill.exe
Token: SeDebugPrivilege	456	taskkill.exe
Token: SeDebugPrivilege	1216	taskkill.exe
Token: SeDebugPrivilege	2940	taskkill.exe
Token: SeDebugPrivilege	3800	taskkill.exe
Token: SeDebugPrivilege	4796	Servo.exe
Token: SeDebugPrivilege	4796	Servo.exe
Token: SeDebugPrivilege	1228	taskkill.exe
Token: SeDebugPrivilege	4516	taskkill.exe
Token: SeDebugPrivilege	1112	taskkill.exe
Token: SeDebugPrivilege	3348	taskkill.exe
Token: SeDebugPrivilege	3412	taskkill.exe
Token: SeDebugPrivilege	4228	taskkill.exe
Token: SeDebugPrivilege	1192	taskkill.exe
Token: SeDebugPrivilege	5028	taskkill.exe
Token: SeDebugPrivilege	2328	taskkill.exe
Token: SeDebugPrivilege	4052	taskkill.exe
Token: SeDebugPrivilege	2832	taskkill.exe
Token: SeDebugPrivilege	3956	taskkill.exe
Token: SeDebugPrivilege	1508	taskkill.exe
Token: SeDebugPrivilege	4100	taskkill.exe
Token: SeDebugPrivilege	3196	taskkill.exe
Token: SeDebugPrivilege	4372	taskkill.exe
Token: SeDebugPrivilege	4072	taskkill.exe
Token: SeDebugPrivilege	5004	taskkill.exe
Token: SeDebugPrivilege	480	taskkill.exe
Token: SeDebugPrivilege	3084	taskkill.exe
Token: SeDebugPrivilege	3924	taskkill.exe
Token: SeDebugPrivilege	1656	taskkill.exe
Token: SeDebugPrivilege	3952	taskkill.exe
Token: SeDebugPrivilege	3488	taskkill.exe
Token: SeDebugPrivilege	4064	taskkill.exe
Token: SeDebugPrivilege	2692	taskkill.exe
Token: SeDebugPrivilege	3188	taskkill.exe
Token: SeDebugPrivilege	812	taskkill.exe
Token: SeDebugPrivilege	4312	taskkill.exe
Token: SeDebugPrivilege	2788	taskkill.exe
Token: SeDebugPrivilege	2044	taskkill.exe
Token: SeDebugPrivilege	4440	taskkill.exe
Token: SeDebugPrivilege	2024	taskkill.exe
Token: SeDebugPrivilege	3792	taskkill.exe
Token: SeDebugPrivilege	1700	taskkill.exe
Token: SeDebugPrivilege	4940	taskkill.exe
Token: SeDebugPrivilege	4956	taskkill.exe
Token: SeDebugPrivilege	964	taskkill.exe
Token: SeDebugPrivilege	1828	taskkill.exe
Token: SeDebugPrivilege	1000	taskkill.exe
Token: SeDebugPrivilege	4684	taskkill.exe
Token: SeDebugPrivilege	4236	taskkill.exe
Token: SeDebugPrivilege	2888	taskkill.exe
Token: SeDebugPrivilege	3164	taskkill.exe
Token: SeDebugPrivilege	2208	taskkill.exe
Token: SeDebugPrivilege	808	taskkill.exe
Token: SeDebugPrivilege	2332	taskkill.exe
Token: SeDebugPrivilege	4468	taskkill.exe
Token: SeDebugPrivilege	1480	taskkill.exe
Token: SeDebugPrivilege	2700	taskkill.exe
Token: SeDebugPrivilege	3816	taskkill.exe
Token: SeDebugPrivilege	1748	taskkill.exe
Token: SeDebugPrivilege	1872	taskkill.exe
Token: SeDebugPrivilege	3196	taskkill.exe
Token: SeDebugPrivilege	872	taskkill.exe
Token: SeDebugPrivilege	2424	taskkill.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1624	Servo.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3472	40bb451153fd88aed6567dbc7fabd6c67bc8709fe72a12fabe19bb8720d54dc1.exe
2436	Av-Kill_.exe
2996	Kill1.exe
2456	Kill2.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3472 wrote to memory of 3172	3472	40bb451153fd88aed6567dbc7fabd6c67bc8709fe72a12fabe19bb8720d54dc1.exe	80
PID 3472 wrote to memory of 3172	3472	40bb451153fd88aed6567dbc7fabd6c67bc8709fe72a12fabe19bb8720d54dc1.exe	80
PID 3472 wrote to memory of 3172	3472	40bb451153fd88aed6567dbc7fabd6c67bc8709fe72a12fabe19bb8720d54dc1.exe	80
PID 3172 wrote to memory of 2924	3172	net.exe	82
PID 3172 wrote to memory of 2924	3172	net.exe	82
PID 3172 wrote to memory of 2924	3172	net.exe	82
PID 3472 wrote to memory of 1624	3472	40bb451153fd88aed6567dbc7fabd6c67bc8709fe72a12fabe19bb8720d54dc1.exe	83
PID 3472 wrote to memory of 1624	3472	40bb451153fd88aed6567dbc7fabd6c67bc8709fe72a12fabe19bb8720d54dc1.exe	83
PID 3472 wrote to memory of 1624	3472	40bb451153fd88aed6567dbc7fabd6c67bc8709fe72a12fabe19bb8720d54dc1.exe	83
PID 3472 wrote to memory of 4216	3472	40bb451153fd88aed6567dbc7fabd6c67bc8709fe72a12fabe19bb8720d54dc1.exe	84
PID 3472 wrote to memory of 4216	3472	40bb451153fd88aed6567dbc7fabd6c67bc8709fe72a12fabe19bb8720d54dc1.exe	84
PID 3472 wrote to memory of 4216	3472	40bb451153fd88aed6567dbc7fabd6c67bc8709fe72a12fabe19bb8720d54dc1.exe	84
PID 3472 wrote to memory of 2436	3472	40bb451153fd88aed6567dbc7fabd6c67bc8709fe72a12fabe19bb8720d54dc1.exe	86
PID 3472 wrote to memory of 2436	3472	40bb451153fd88aed6567dbc7fabd6c67bc8709fe72a12fabe19bb8720d54dc1.exe	86
PID 3472 wrote to memory of 2436	3472	40bb451153fd88aed6567dbc7fabd6c67bc8709fe72a12fabe19bb8720d54dc1.exe	86
PID 1624 wrote to memory of 2944	1624	Servo.exe	27
PID 1624 wrote to memory of 2944	1624	Servo.exe	27
PID 1624 wrote to memory of 2944	1624	Servo.exe	27
PID 1624 wrote to memory of 2944	1624	Servo.exe	27
PID 1624 wrote to memory of 2944	1624	Servo.exe	27
PID 1624 wrote to memory of 2944	1624	Servo.exe	27
PID 1624 wrote to memory of 2944	1624	Servo.exe	27
PID 1624 wrote to memory of 2944	1624	Servo.exe	27
PID 1624 wrote to memory of 2944	1624	Servo.exe	27
PID 1624 wrote to memory of 2944	1624	Servo.exe	27
PID 1624 wrote to memory of 2944	1624	Servo.exe	27
PID 1624 wrote to memory of 2944	1624	Servo.exe	27
PID 1624 wrote to memory of 2944	1624	Servo.exe	27
PID 1624 wrote to memory of 2944	1624	Servo.exe	27
PID 1624 wrote to memory of 2944	1624	Servo.exe	27
PID 1624 wrote to memory of 2944	1624	Servo.exe	27
PID 1624 wrote to memory of 2944	1624	Servo.exe	27
PID 1624 wrote to memory of 2944	1624	Servo.exe	27
PID 1624 wrote to memory of 2944	1624	Servo.exe	27
PID 1624 wrote to memory of 2944	1624	Servo.exe	27
PID 1624 wrote to memory of 2944	1624	Servo.exe	27
PID 1624 wrote to memory of 2944	1624	Servo.exe	27
PID 1624 wrote to memory of 2944	1624	Servo.exe	27
PID 1624 wrote to memory of 2944	1624	Servo.exe	27
PID 1624 wrote to memory of 2944	1624	Servo.exe	27
PID 1624 wrote to memory of 2944	1624	Servo.exe	27
PID 1624 wrote to memory of 2944	1624	Servo.exe	27
PID 1624 wrote to memory of 2944	1624	Servo.exe	27
PID 1624 wrote to memory of 2944	1624	Servo.exe	27
PID 1624 wrote to memory of 2944	1624	Servo.exe	27
PID 1624 wrote to memory of 2944	1624	Servo.exe	27
PID 1624 wrote to memory of 2944	1624	Servo.exe	27
PID 1624 wrote to memory of 2944	1624	Servo.exe	27
PID 1624 wrote to memory of 2944	1624	Servo.exe	27
PID 1624 wrote to memory of 2944	1624	Servo.exe	27
PID 1624 wrote to memory of 2944	1624	Servo.exe	27
PID 1624 wrote to memory of 2944	1624	Servo.exe	27
PID 1624 wrote to memory of 2944	1624	Servo.exe	27
PID 1624 wrote to memory of 2944	1624	Servo.exe	27
PID 1624 wrote to memory of 2944	1624	Servo.exe	27
PID 1624 wrote to memory of 2944	1624	Servo.exe	27
PID 1624 wrote to memory of 2944	1624	Servo.exe	27
PID 1624 wrote to memory of 2944	1624	Servo.exe	27
PID 1624 wrote to memory of 2944	1624	Servo.exe	27
PID 1624 wrote to memory of 2944	1624	Servo.exe	27
PID 1624 wrote to memory of 2944	1624	Servo.exe	27
PID 1624 wrote to memory of 2944	1624	Servo.exe	27
PID 1624 wrote to memory of 2944	1624	Servo.exe	27
PID 1624 wrote to memory of 2944	1624	Servo.exe	27

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:2944
- C:\Users\Admin\AppData\Local\Temp\40bb451153fd88aed6567dbc7fabd6c67bc8709fe72a12fabe19bb8720d54dc1.exe
  "C:\Users\Admin\AppData\Local\Temp\40bb451153fd88aed6567dbc7fabd6c67bc8709fe72a12fabe19bb8720d54dc1.exe"
  2⤵
  - Checks computer location settings
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3472
- - C:\Windows\SysWOW64\net.exe
    net stop SharedAccess
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3172
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 stop SharedAccess
      4⤵
      PID:2924
- - C:\Servo.exe
    "C:\Servo.exe"
    3⤵
    - Adds policy Run key to start application
    - Executes dropped EXE
    - Modifies Installed Components in the registry
    - Adds Run key to start application
    - Drops file in System32 directory
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:1624
  - - C:\Windows\SysWOW64\explorer.exe
      explorer.exe
      4⤵
      Modifies Installed Components in the registry
      PID:4920
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:4924
  - - C:\Servo.exe
      "C:\Servo.exe"
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of AdjustPrivilegeToken
      PID:4796
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Super_Kill.bat" "
    3⤵
    PID:4216
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgas.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4860
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nod32krn.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4580
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nod32.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:456
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im kav.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1216
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im kavmm.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2940
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgemc.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:3800
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgcc.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1228
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgamsvr.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4516
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgupsvc.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1112
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgw.exe
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:3348
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ashwebsv.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:3412
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ashdisp.exe
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:4228
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ashmaisv.exe
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:1192
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ashserv.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:5028
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ashwebsv.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2328
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im aswupdsv.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4052
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ewidoctrl.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2832
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im guard.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:3956
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im gcasdtserv.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1508
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im msmpeng.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4100
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcafee.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:3196
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mghml.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4372
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im msiexec.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4072
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im outpost.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:5004
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im isafe.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:480
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im minilog.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:3084
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im zonealarm.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:3924
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im zlclient.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1656
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im updclient.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:3952
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ccapp.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:3488
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navw32.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4064
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im norton.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2692
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navapsvc.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:3188
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ccsetmgr.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:812
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cccproxy.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4312
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ccapp.exe
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:2788
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ccevtmgr.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2044
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im npfmntor.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4440
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im logexprt.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2024
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nisum.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:3792
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im issvc.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1700
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cpdclnt.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4940
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pavprsrv.exe
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:4956
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pavprot.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:964
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avengine.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1828
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im apvxdwin.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1000
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im webproxy.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4684
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avguard.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4236
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgnt.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2888
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im shed.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:3164
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avsched32.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2208
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im sccomm.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:808
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im spiderml.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2332
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im sgmain.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4468
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im spywareguard.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1480
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im kpf4gui.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2700
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im kpf4ss.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:3816
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcdash.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1748
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcdetect.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1872
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcregwiz.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:3196
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcinfo.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:872
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mghtml.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2424
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im oasclnt.exe
      4⤵
      PID:1628
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mpfagent.exe
      4⤵
      PID:4300
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mpfconsole.exe
      4⤵
      PID:4716
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mpfservice.exe
      4⤵
      PID:4184
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mpftray.exe
      4⤵
      PID:3952
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mpfwizard.exe
      4⤵
      PID:3172
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mvtx.exe
      4⤵
      PID:3504
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im _avp32.exe
      4⤵
      PID:560
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im _avpcc.exe
      4⤵
      PID:3964
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im _avpm.exe
      4⤵
      PID:4612
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ackwin32.exe
      4⤵
      PID:812
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im advxdwin.exe
      4⤵
      PID:4852
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im agentsvr.exe
      4⤵
      PID:1784
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im agv.exe
      4⤵
      PID:2172
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ahnsd.exe
      4⤵
      PID:860
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im alertsvc.exe
      4⤵
      PID:4032
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im alogserv.exe
      4⤵
      PID:2648
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im amon.exe
      4⤵
      PID:1168
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im amon9x.exe
      4⤵
      PID:5016
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im amonavp32.exe
      4⤵
      PID:4520
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im anti -trojan.exe
      4⤵
      PID:2392
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im antivir.exe
      4⤵
      PID:1468
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im antivirus.exe
      4⤵
      PID:1624
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ants.exe
      4⤵
      PID:1824
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im antssircam.exe
      4⤵
      PID:2876
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im apimonitor.exe
      4⤵
      Kills process with taskkill
      PID:4236
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im aplica32.exe
      4⤵
      Kills process with taskkill
      PID:2132
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im apvxdwin.exe
      4⤵
      PID:4228
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im atcon.exe
      4⤵
      PID:3564
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im atguard.exe
      4⤵
      PID:5048
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ats.exe
      4⤵
      PID:2596
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im atscan.exe
      4⤵
      PID:2480
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im atupdater.exe
      4⤵
      PID:1480
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im atwatch.exe
      4⤵
      PID:2700
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im autodown.exe
      4⤵
      PID:1852
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im autotrace.exe
      4⤵
      PID:2520
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im autoupdate.exe
      4⤵
      PID:1748
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avconsol.exe
      4⤵
      PID:1872
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ave32.exe
      4⤵
      PID:3196
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgcc32.exe
      4⤵
      Kills process with taskkill
      PID:872
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgctrl.exe
      4⤵
      PID:3556
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgserv.exe
      4⤵
      PID:2292
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgserv9.exe
      4⤵
      PID:3084
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgserv9schedapp.exe
      4⤵
      PID:3552
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgw.exe
      4⤵
      PID:2924
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avkpop.exe
      4⤵
      PID:1856
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avkserv.exe
      4⤵
      PID:2324
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avkservice.exe
      4⤵
      PID:3088
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avkwcl9.exe
      4⤵
      PID:4712
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avkwctl9.exe
      4⤵
      PID:2436
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avnt.exe
      4⤵
      PID:3596
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avp.exe
      4⤵
      PID:2212
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avp32.exe
      4⤵
      PID:4580
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avpcc.exe
      4⤵
      PID:3936
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im AVPCC Service.exe
      4⤵
      PID:2044
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avpccavpm.exe
      4⤵
      PID:2172
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avpdos32.exe
      4⤵
      PID:2024
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avpexec.exe
      4⤵
      PID:3800
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avpinst.exe
      4⤵
      PID:996
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avpm.exe
      4⤵
      PID:4940
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avpmonitor.exe
      4⤵
      PID:2056
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avptc.exe
      4⤵
      PID:2040
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avptc32.exe
      4⤵
      PID:3892
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avpupd.exe
      4⤵
      PID:3492
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avpupdates.exe
      4⤵
      PID:4628
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avrescue.exe
      4⤵
      PID:204
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avsched32.exe
      4⤵
      PID:4684
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avsynmgr.exe
      4⤵
      PID:3348
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avwin95.exe
      4⤵
      PID:776
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avwinnt.exe
      4⤵
      PID:1188
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avwupd32.exe
      4⤵
      PID:4260
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avxgui.exe
      4⤵
      PID:2240
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avxinit.exe
      4⤵
      PID:1192
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avxlive.exe
      4⤵
      PID:5028
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avxmonitor9x.exe
      4⤵
      PID:4324
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avxmonitornt.exe
      4⤵
      PID:4468
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avxnews.exe
      4⤵
      Kills process with taskkill
      PID:520
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avxquar.exe
      4⤵
      PID:2968
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avxsch.exe
      4⤵
      PID:4480
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avxw.exe
      4⤵
      PID:4168
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im BACKLOG.exe
      4⤵
      PID:3104
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im bd_professional.exe
      4⤵
      PID:4552
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im bidef.exe
      4⤵
      PID:3276
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im bidserver.exe
      4⤵
      PID:2888
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im bipcp.exe
      4⤵
      PID:4372
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im bisp.exe
      4⤵
      PID:4592
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im blackd.exe
      4⤵
      PID:4336
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im blackice.exe
      4⤵
      PID:3576
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im blackiceblackd.exe
      4⤵
      PID:3472
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im BootWarn.exe
      4⤵
      PID:3092
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im borg2.exe
      4⤵
      PID:1300
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im bs120.exe
      4⤵
      PID:2764
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im bullguard.exe
      4⤵
      PID:4064
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ccApp.exe
      4⤵
      PID:3068
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ccevtmgr.exe
      4⤵
      PID:4968
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ccIMScan.exe
      4⤵
      PID:2608
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ccPwdSrc.exe
      4⤵
      PID:4384
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ccpxysvc.exe
      4⤵
      PID:1756
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ccSetMgr.exe
      4⤵
      PID:448
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cdp.exe
      4⤵
      PID:5012
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cfiadmin.exe
      4⤵
      PID:4540
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cfiaudit.exe
      4⤵
      PID:4568
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cfinet.exe
      4⤵
      PID:3128
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cfinet32.exe
      4⤵
      PID:1700
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im claw95.exe
      4⤵
      PID:4964
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im claw95cf.exe
      4⤵
      PID:4956
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im clean.exe
      4⤵
      Kills process with taskkill
      PID:1976
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cleaner.exe
      4⤵
      PID:2620
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cleaner3.exe
      4⤵
      PID:1228
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cleanpc.exe
      4⤵
      PID:1456
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cmgrdian.exe
      4⤵
      PID:3444
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cmon016.exe
      4⤵
      PID:2008
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im codered.exe
      4⤵
      PID:884
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im connectionmonitor.exe
      4⤵
      Kills process with taskkill
      PID:4928
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im conseal.exe
      4⤵
      PID:4688
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cpd.exe
      4⤵
      PID:4504
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cpf9x206.exe
      4⤵
      PID:3148
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ctrl.exe
      4⤵
      PID:4672
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im defalert.exe
      4⤵
      PID:1096
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im defence.exe
      4⤵
      PID:4644
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im defense.exe
      4⤵
      PID:312
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im defscangui.exe
      4⤵
      PID:1736
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im defwatch.exe
      4⤵
      PID:5048
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im deputy.exe
      4⤵
      Kills process with taskkill
      PID:4028
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im doors.exe
      4⤵
      PID:3132
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im dpf.exe
      4⤵
      PID:1480
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im drwatson.exe
      4⤵
      PID:2700
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im drweb32.exe
      4⤵
      PID:1304
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im dvp95.exe
      4⤵
      PID:3452
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im dvp95_0.exe
      4⤵
      PID:4696
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ecengine.exe
      4⤵
      PID:3144
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im edisk.exe
      4⤵
      PID:4632
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im efpeadm.exe
      4⤵
      PID:2432
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im esafe.exe
      4⤵
      PID:3640
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im escanh95.exe
      4⤵
      Kills process with taskkill
      PID:2260
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im escanhnt.exe
      4⤵
      Kills process with taskkill
      PID:1676
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im escanv95.exe
      4⤵
      PID:1628
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im espwatch.exe
      4⤵
      PID:1600
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im etrustcipe.exe
      4⤵
      PID:3472
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im evpn.exe
      4⤵
      PID:3092
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im exantivirus -cnet.exe
      4⤵
      PID:1300
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fameh32.exe
      4⤵
      PID:2408
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fast.exe
      4⤵
      PID:4704
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fch32.exe
      4⤵
      PID:3980
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fih32.exe
      4⤵
      PID:4180
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im findviru.exe
      4⤵
      PID:3032
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im firewall.exe
      4⤵
      PID:4564
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fix-it.exe
      4⤵
      PID:4444
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im flowprotector.exe
      4⤵
      PID:3740
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fnrb32.exe
      4⤵
      PID:1928
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fp -win.exe
      4⤵
      PID:2044
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fp -win_trial.exe
      4⤵
      PID:4540
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fprot.exe
      4⤵
      PID:1064
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im frw.exe
      4⤵
      PID:3792
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fsaa.exe
      4⤵
      Kills process with taskkill
      PID:1312
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fsav32.exe
      4⤵
      PID:4872
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fsav95.exe
      4⤵
      PID:3704
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fsave32.exe
      4⤵
      PID:4652
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fsgk32.exe
      4⤵
      PID:2864
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fsm32.exe
      4⤵
      PID:1780
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fsma32.exe
      4⤵
      PID:308
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fsmb32.exe
      4⤵
      PID:3628
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fwenc.exe
      4⤵
      PID:944
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im gbmenu.exe
      4⤵
      PID:552
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im gbpoll.exe
      4⤵
      PID:64
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im gedit.exe
      4⤵
      PID:4492
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im generics.exe
      4⤵
      PID:4688
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im grief3878.exe
      4⤵
      PID:4504
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im guard.exe
      4⤵
      PID:3148
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im guarddog.exe
      4⤵
      PID:4672
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im HackerEliminator.exe
      4⤵
      PID:1096
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im iamapp.exe
      4⤵
      PID:4644
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im iamserv.exe
      4⤵
      PID:312
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im iamstats.exe
      4⤵
      PID:5028
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ibmasn.exe
      4⤵
      PID:4324
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ibmavsp.exe
      4⤵
      PID:2264
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im icload95.exe
      4⤵
      Kills process with taskkill
      PID:3132
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im icloadnt.exe
      4⤵
      PID:1480
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im icmon.exe
      4⤵
      PID:4880
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im icsupp95.exe
      4⤵
      PID:1304
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im icsuppnt.exe
      4⤵
      PID:2420
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im iface.exe
      4⤵
      PID:2844
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ifw2000.exe
      4⤵
      PID:4720
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im inoculateit.exe
      4⤵
      PID:1472
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im iomon98.exe
      4⤵
      PID:1496
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im iparmor.exe
      4⤵
      Kills process with taskkill
      PID:4024
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im iris.exe
      4⤵
      PID:1848
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im isrv95.exe
      4⤵
      PID:2424
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im jammer.exe
      4⤵
      PID:3576
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im jedi.exe
      4⤵
      PID:1444
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im kavpf.exe
      4⤵
      PID:4332
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ldnetmon.exe
      4⤵
      PID:2928
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ldpromenu.exe
      4⤵
      PID:1300
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ldscan.exe
      4⤵
      PID:2408
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im localnet.exe
      4⤵
      PID:4700
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im lockdown.exe
      4⤵
      PID:3068
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im lookout.exe
      4⤵
      PID:3188
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im luall.exe
      4⤵
      PID:4860
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im lucomserver.exe
      4⤵
      PID:2784
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im luspt.exe
      4⤵
      PID:4312
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcafee.exe
      4⤵
      PID:3876
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcagent.exe
      4⤵
      PID:4440
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcmnhdlr.exe
      4⤵
      PID:3684
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcshield.exe
      4⤵
      PID:4568
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcshieldvvstat.exe
      4⤵
      Kills process with taskkill
      PID:3128
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mctool.exe
      4⤵
      PID:4940
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcupdate.exe
      4⤵
      PID:4984
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcvsrte.exe
      4⤵
      Kills process with taskkill
      PID:2392
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcvsshld.exe
      4⤵
      PID:3548
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mgavrtcl.exe
      4⤵
      PID:2484
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mgavrte.exe
      4⤵
      PID:3892
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mghtml.exe
      4⤵
      PID:3868
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mgui.exe
      4⤵
      PID:1936
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im minilog.exe
      4⤵
      PID:3112
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mon.exe
      4⤵
      PID:1568
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im monitor.exe
      4⤵
      Kills process with taskkill
      PID:404
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im monsys32.exe
      4⤵
      PID:3928
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im monsysnt.exe
      4⤵
      PID:4408
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im moolive.exe
      4⤵
      PID:4232
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mpfservice.exe
      4⤵
      PID:4732
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mpftray.exe
      4⤵
      PID:1452
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mrflux.exe
      4⤵
      PID:2100
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im msinfo32.exe
      4⤵
      PID:1192
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mwatch.exe
      4⤵
      PID:2332
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mxtask.exe
      4⤵
      Kills process with taskkill
      PID:4648
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im n32scanw.exe
      4⤵
      PID:1736
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nav.exe
      4⤵
      PID:5048
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im NAV DefAlert.exe
      4⤵
      PID:4028
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nav32.exe
      4⤵
      PID:2084
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navalert.exe
      4⤵
      PID:2816
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navap.exe
      4⤵
      PID:4168
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navapsvc.exe
      4⤵
      PID:3104
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im NAVAPW32.exe
      4⤵
      PID:3648
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navauto -protect.exe
      4⤵
      PID:1872
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navdx.exe
      4⤵
      PID:2844
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navengnavex15.exe
      4⤵
      PID:4720
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navlu32.exe
      4⤵
      PID:1472
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navnt.exe
      4⤵
      PID:1496
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navrunr.exe
      4⤵
      PID:4024
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navstub.exe
      4⤵
      PID:2292
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navw32.exe
      4⤵
      PID:3924
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im Navwnt.exe
      4⤵
      PID:3552
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nc2000.exe
      4⤵
      PID:4184
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ndd32.exe
      4⤵
      PID:4020
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im neomonitor.exe
      4⤵
      PID:1356
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im neowatchlog.exe
      4⤵
      PID:4064
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im net2000.exe
      4⤵
      PID:4712
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im netarmor.exe
      4⤵
      PID:4968
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im netcommando.exe
      4⤵
      PID:3964
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im netinfo.exe
      4⤵
      PID:4384
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im netmon.exe
      4⤵
      PID:4564
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im netpro.exe
      4⤵
      PID:4444
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im netprotect.exe
      4⤵
      PID:5012
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im netscanpro.exe
      4⤵
      PID:3772
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im netspyhunter -1.2.exe
      4⤵
      Kills process with taskkill
      PID:1992
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im netstat.exe
      4⤵
      PID:2668
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im netutils.exe
      4⤵
      Kills process with taskkill
      PID:1168
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im netutils].exe
      4⤵
      PID:4848
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nimda.exe
      4⤵
      PID:5016
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nisserv.exe
      4⤵
      PID:1752
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nisum.exe
      4⤵
      PID:3704
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nisumnisservnisum.exe
      4⤵
      PID:4652
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nmain.exe
      4⤵
      PID:2864
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nod32.exe
      4⤵
      PID:1780
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im norman.exe
      4⤵
      Kills process with taskkill
      PID:1000
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im norman_32.exe
      4⤵
      PID:220
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im norman_av.exe
      4⤵
      PID:1112
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im norman32.exe
      4⤵
      PID:4264
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im normanav.exe
      4⤵
      PID:364
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im normist.exe
      4⤵
      Kills process with taskkill
      PID:4728
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im norton.exe
      4⤵
      PID:4040
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im Norton Auto-Protect.exe
      4⤵
      PID:2132
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im norton_av.exe
      4⤵
      PID:3164
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nortonav.exe
      4⤵
      PID:4260
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im notstart.exe
      4⤵
      PID:1148
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im npfmessenger.exe
      4⤵
      PID:2680
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im npfw.exe
      4⤵
      PID:1528
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im npfw32.exe
      4⤵
      PID:3368
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nprotect.exe
      4⤵
      Kills process with taskkill
      PID:3136
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im npscheck.exe
      4⤵
      PID:4468
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im npssvc.exe
      4⤵
      PID:2060
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nresq32.exe
      4⤵
      PID:3132
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nsched32.exe
      4⤵
      PID:1480
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nschednt.exe
      4⤵
      PID:4880
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nsplugin.exe
      4⤵
      PID:1304
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ntrtscan.exe
      4⤵
      PID:2420
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ntvdm.exe
      4⤵
      Kills process with taskkill
      PID:2236
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ntxconfig.exe
      4⤵
      PID:4044
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nui.exe
      4⤵
      PID:2888
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nupgrade.exe
      4⤵
      PID:4372
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nvarch16.exe
      4⤵
      PID:4592
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nvc95.exe
      4⤵
      PID:1920
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nvsvc32.exe
      4⤵
      PID:3808
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nwservice.exe
      4⤵
      PID:4380
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nwtool16.exe
      4⤵
      PID:4488
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im offguard.exe
      4⤵
      PID:3472
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im OPScan.exe
      4⤵
      PID:3488
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ostronet.exe
      4⤵
      PID:2764
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im outpost.exe
      4⤵
      PID:3504
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im padmin.exe
      4⤵
      PID:4476
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im panda.exe
      4⤵
      PID:3580
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pandaav.exe
      4⤵
      PID:3188
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im panixk.exe
      4⤵
      PID:4860
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pav.exe
      4⤵
      PID:2212
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pavcl.exe
      4⤵
      PID:4312
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pavproxy.exe
      4⤵
      PID:3876
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pavsched.exe
      4⤵
      PID:4440
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pavw.exe
      4⤵
      PID:3468
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pc -cillan.exe
      4⤵
      PID:2024
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pc -cillin.exe
      4⤵
      PID:4904
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pccclient.exe
      4⤵
      PID:1168
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pccguide.exe
      4⤵
      PID:4848
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pcciomon.exe
      4⤵
      PID:5016
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pccntmon.exe
      4⤵
      PID:1752
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pccwin97.exe
      4⤵
      PID:3704
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pccwin98.exe
      4⤵
      PID:4652
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pcfwallicon.exe
      4⤵
      PID:2864
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pcscan.exe
      4⤵
      PID:1780
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im periscope.exe
      4⤵
      PID:1000
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im persfw.exe
      4⤵
      PID:220
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pf2.exe
      4⤵
      PID:1112
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pfwadmin.exe
      4⤵
      PID:4264
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pingscan.exe
      4⤵
      PID:364
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im platin.exe
      4⤵
      PID:4728
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pop3trap.exe
      4⤵
      PID:4040
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im poproxy.exe
      4⤵
      PID:4232
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im portdetective.exe
      4⤵
      PID:2240
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im portmonitor.exe
      4⤵
      PID:808
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ppinupdt.exe
      4⤵
      PID:4192
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pptbc.exe
      4⤵
      PID:4228
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ppvstop.exe
      4⤵
      PID:1528
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im processmonitor.exe
      4⤵
      PID:3368
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im procexplorerv10#.exe
      4⤵
      PID:3136
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im programauditor.exe
      4⤵
      PID:4112
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im proport.exe
      4⤵
      PID:4028
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im protectx.exe
      4⤵
      Kills process with taskkill
      PID:2968
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pspf.exe
      4⤵
      PID:4428
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im purge.exe
      4⤵
      PID:1508
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pview95.exe
      4⤵
      PID:3104
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pw32.exe
      4⤵
      PID:2904
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im qconsole.exe
      4⤵
      PID:3144
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im rav.exe
      4⤵
      PID:4776
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im rav7.exe
      4⤵
      PID:2108
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im rav7win.exe
      4⤵
      PID:3412
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im realmon.exe
      4⤵
      PID:2432
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im regrun2.exe
      4⤵
      PID:1276
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im rescue.exe
      4⤵
      PID:1848
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im rrguard.exe
      4⤵
      PID:3672
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im rshell.exe
      4⤵
      PID:3084
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im rtvscn95.exe
      4⤵
      PID:4300
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im rulaunch.exe
      4⤵
      PID:4716
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im safeweb.exe
      4⤵
      PID:2928
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im SAVscan.exe
      4⤵
      PID:2324
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im sbserv.exe
      4⤵
      PID:4700
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im SBservice.exe
      4⤵
      PID:4704
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im scan.exe
      4⤵
      PID:4612
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im scan32.exe
      4⤵
      PID:1372
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im scan95.exe
      4⤵
      PID:1756
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im scanpm.exe
      4⤵
      Kills process with taskkill
      PID:2788
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im scrscan.exe
      4⤵
      PID:4844
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im sd.exe
      4⤵
      PID:4836
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im SENS.exe
      4⤵
      PID:4540
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im serv95.exe
      4⤵
      PID:3684
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im sfc.exe
      4⤵
      PID:2024
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im sh.exe
      4⤵
      PID:1312
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im sharedaccess.exe
      4⤵
      PID:2056
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im shn.exe
      4⤵
      PID:2040
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im smc.exe
      4⤵
      PID:2708
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im sofi.exe
      4⤵
      PID:2620
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im sophos.exe
      4⤵
      PID:1864
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im sophos_av.exe
      4⤵
      PID:3492
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im sophosav.exe
      4⤵
      PID:1456
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im spf.exe
      4⤵
      PID:3444
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im sphinx.exe
      4⤵
      PID:3116
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im spy.exe
      4⤵
      PID:3112
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im spygate.exe
      4⤵
      PID:1568
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im spyx.exe
      4⤵
      Kills process with taskkill
      PID:404
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im spyxx.exe
      4⤵
      PID:2064
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im srwatch.exe
      4⤵
      PID:4492
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ss3edit.exe
      4⤵
      PID:3228
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im st2.exe
      4⤵
      PID:820
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im supftrl.exe
      4⤵
      PID:4504
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im supp95.exe
      4⤵
      PID:2208
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im supporter5.exe
      4⤵
      PID:4560
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im sweep95.exe
      4⤵
      PID:644
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im sweepnet.exe
      4⤵
      PID:312
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im sweepsrv.sys.exe
      4⤵
      PID:2480
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im sweepsrv.sysvshwin32.exe
      4⤵
      PID:1572
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im swnetsup.exe
      4⤵
      PID:2264
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im symantec.exe
      4⤵
      PID:4480
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im Symantec Core LC.exe
      4⤵
      PID:4100
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im symlcsvc.exe
      4⤵
      PID:3132
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im symproxysvc.exe
      4⤵
      PID:1480
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im symtray.exe
      4⤵
      Kills process with taskkill
      PID:4880
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im sysedit.exe
      4⤵
      PID:540
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im taskmon.exe
      4⤵
      PID:764
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im taumon.exe
      4⤵
      PID:2236
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im tauscan.exe
      4⤵
      PID:3344
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im tbscan.exe
      4⤵
      PID:5004
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im tcm.exe
      4⤵
      PID:3404
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im tctca.exe
      4⤵
      PID:3640
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im tds -3.exe
      4⤵
      Kills process with taskkill
      PID:2424
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im tds2 -98.exe
      4⤵
      PID:4768
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im tds2 -nt.exe
      4⤵
      PID:2292
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im tfak.exe
      4⤵
      PID:3924
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im tfak5.exe
      4⤵
      PID:1600
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im tgbob.exe
      4⤵
      PID:1656
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im trendmicro.exe
      4⤵
      PID:3092
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im trjscan.exe
      4⤵
      Kills process with taskkill
      PID:3172
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im trojantrap3.exe
      4⤵
      PID:4676
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im TrueVector.exe
      4⤵
      PID:4712
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im undoboot.exe
      4⤵
      PID:4476
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im update.exe
      4⤵
      PID:3580
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vbcmserv.exe
      4⤵
      PID:3188
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vbcons.exe
      4⤵
      PID:4992
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vbust.exe
      4⤵
      PID:1756
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vbwin9x.exe
      4⤵
      PID:2788
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vbwinntw.exe
      4⤵
      PID:4844
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vccmserv.exe
      4⤵
      PID:3800
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vcontrol.exe
      4⤵
      PID:1064
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vet32.exe
      4⤵
      PID:996
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vet95.exe
      4⤵
      PID:1700
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vettray.exe
      4⤵
      PID:4556
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vir -help.exe
      4⤵
      PID:5036
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im virus.exe
      4⤵
      PID:5016
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im virusmdpersonalfirewall.exe
      4⤵
      PID:1752
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vnlan300.exe
      4⤵
      Kills process with taskkill
      PID:1940
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vnpc3000.exe
      4⤵
      PID:4652
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vpc32.exe
      4⤵
      PID:2864
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vpfw30s.exe
      4⤵
      PID:3868
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vptray.exe
      4⤵
      PID:1484
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vscan40.exe
      4⤵
      PID:2876
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vsched.exe
      4⤵
      PID:4256
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vsecomr.exe
      4⤵
      PID:4236
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vshwin32.exe
      4⤵
      Kills process with taskkill
      PID:4800
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vshwin32vbcmserv.exe
      4⤵
      PID:4076
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vsmain.exe
      4⤵
      PID:2952
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vsmon.exe
      4⤵
      PID:3460
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vsstat.exe
      4⤵
      PID:4232
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vswin9xe.exe
      4⤵
      PID:2240
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vswinntse.exe
      4⤵
      PID:808
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im w9x.exe
      4⤵
      PID:4192
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im watchdog.exe
      4⤵
      PID:2680
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im webscanx.exe
      4⤵
      PID:4052
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im webtrap.exe
      4⤵
      PID:1896
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im wfindv32.exe
      4⤵
      PID:4460
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im wgfe95.exe
      4⤵
      PID:5048
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im whoswatchingme.exe
      4⤵
      PID:5008
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im wimmun32.exe
      4⤵
      PID:1852
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im winrecon.exe
      4⤵
      PID:3660
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im winroute.exe
      4⤵
      Kills process with taskkill
      PID:3824
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im winsfcm.exe
      4⤵
      PID:5084
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im wnt.exe
      4⤵
      PID:2420
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im wqkmm3878.exe
      4⤵
      PID:2904
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im wradmin.exe
      4⤵
      PID:1868
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im wrctrl.exe
      4⤵
      PID:2352
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im wsbgate.exe
      4⤵
      PID:4720
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im wyvernworksfirewall.exe
      4⤵
      PID:4056
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im zapro.exe
      4⤵
      PID:1496
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im zatutor.exe
      4⤵
      PID:4592
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im zauinst.exe
      4⤵
      PID:1676
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im zonealarm.exe
      4⤵
      Kills process with taskkill
      PID:1848
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nod32krn.exe
      4⤵
      PID:2344
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nod32.exe
      4⤵
      PID:4380
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im kav.exe
      4⤵
      PID:4300
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im kavmm.exe
      4⤵
      PID:4716
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgemc.exe
      4⤵
      PID:3764
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgcc.exe
      4⤵
      PID:8
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgamsvr.exe
      4⤵
      PID:3172
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgupsvc.exe
      4⤵
      PID:4676
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgw.exe
      4⤵
      PID:4712
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ashwebsv.exe
      4⤵
      PID:4476
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ashdisp.exe
      4⤵
      PID:3980
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ashmaisv.exe
      4⤵
      PID:4852
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ashserv.exe
      4⤵
      Kills process with taskkill
      PID:4580
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ashwebsv.exe
      4⤵
      PID:1784
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im aswupdsv.exe
      4⤵
      PID:3876
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ewidoctrl.exe
      4⤵
      PID:5024
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im guard.exe
      4⤵
      PID:3800
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im gcasdtserv.exe
      4⤵
      PID:1064
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im msmpeng.exe
      4⤵
      PID:3684
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcafee.exe
      4⤵
      PID:4940
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mghml.exe
      4⤵
      PID:4872
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im msiexec.exe
      4⤵
      PID:5036
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im outpost.exe
      4⤵
      PID:5016
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im isafe.exe
      4⤵
      PID:3704
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im minilog.exe
      4⤵
      PID:2484
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im zonealarm.exe
      4⤵
      PID:4628
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im zlclient.exe
      4⤵
      PID:3828
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im updclient.exe
      4⤵
      PID:4204
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ccapp.exe
      4⤵
      PID:884
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navw32.exe
      4⤵
      PID:220
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im norton.exe
      4⤵
      PID:552
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navapsvc.exe
      4⤵
      PID:3928
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ccsetmgr.exe
      4⤵
      PID:1264
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cccproxy.exe
      4⤵
      PID:3604
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ccapp.exe
      4⤵
      PID:4260
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ccevtmgr.exe
      4⤵
      PID:3308
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im npfmntor.exe
      4⤵
      PID:3272
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im logexprt.exe
      4⤵
      PID:1256
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nisum.exe
      4⤵
      PID:4560
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im issvc.exe
      4⤵
      Kills process with taskkill
      PID:644
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cpdclnt.exe
      4⤵
      Kills process with taskkill
      PID:3368
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pavprsrv.exe
      4⤵
      PID:2480
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pavprot.exe
      4⤵
      PID:4208
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avengine.exe
      4⤵
      PID:2264
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im apvxdwin.exe
      4⤵
      Kills process with taskkill
      PID:4896
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im webproxy.exe
      4⤵
      PID:2700
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avguard.exe
      4⤵
      PID:3436
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgnt.exe
      4⤵
      PID:4820
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im shed.exe
      4⤵
      PID:1508
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avsched32.exe
      4⤵
      PID:4552
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im sccomm.exe
      4⤵
      PID:2904
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im spiderml.exe
      4⤵
      PID:1868
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im sgmain.exe
      4⤵
      PID:1308
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im spywareguard.exe
      4⤵
      PID:2888
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im kpf4gui.exe
      4⤵
      PID:4372
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im kpf4ss.exe
      4⤵
      Kills process with taskkill
      PID:1276
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcdash.exe
      4⤵
      Kills process with taskkill
      PID:2520
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcdetect.exe
      4⤵
      PID:2292
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcregwiz.exe
      4⤵
      PID:3084
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcinfo.exe
      4⤵
      PID:3552
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mghtml.exe
      4⤵
      PID:4488
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im oasclnt.exe
      4⤵
      PID:3472
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mpfagent.exe
      4⤵
      PID:4544
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mpfconsole.exe
      4⤵
      PID:1012
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mpfservice.exe
      4⤵
      PID:3268
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mpftray.exe
      4⤵
      PID:3504
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mpfwizard.exe
      4⤵
      PID:1500
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mvtx.exe
      4⤵
      PID:3964
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im _avp32.exe
      4⤵
      PID:4412
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im _avpcc.exe
      4⤵
      PID:4564
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im _avpm.exe
      4⤵
      PID:4444
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ackwin32.exe
      4⤵
      Kills process with taskkill
      PID:5012
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im advxdwin.exe
      4⤵
      PID:3752
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im agentsvr.exe
      4⤵
      PID:4440
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im agv.exe
      4⤵
      PID:3468
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ahnsd.exe
      4⤵
      PID:1820
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im alertsvc.exe
      4⤵
      PID:1640
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im alogserv.exe
      4⤵
      Kills process with taskkill
      PID:4108
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im amon.exe
      4⤵
      Kills process with taskkill
      PID:4288
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im amon9x.exe
      4⤵
      PID:4556
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im amonavp32.exe
      4⤵
      PID:2040
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im anti -trojan.exe
      4⤵
      PID:4524
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im antivir.exe
      4⤵
      PID:2644
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im antivirus.exe
      4⤵
      PID:4280
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ants.exe
      4⤵
      PID:3704
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im antssircam.exe
      4⤵
      PID:1624
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im apimonitor.exe
      4⤵
      PID:2864
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im aplica32.exe
      4⤵
      PID:4944
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im apvxdwin.exe
      4⤵
      PID:1824
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im atcon.exe
      4⤵
      Kills process with taskkill
      PID:4172
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im atguard.exe
      4⤵
      PID:2008
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ats.exe
      4⤵
      Kills process with taskkill
      PID:4928
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im atscan.exe
      4⤵
      PID:4596
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im atupdater.exe
      4⤵
      PID:4236
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im atwatch.exe
      4⤵
      PID:552
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im autodown.exe
      4⤵
      PID:2300
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im autotrace.exe
      4⤵
      PID:4040
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im autoupdate.exe
      4⤵
      PID:3148
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avconsol.exe
      4⤵
      Kills process with taskkill
      PID:4604
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ave32.exe
      4⤵
      PID:4260
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgcc32.exe
      4⤵
      Kills process with taskkill
      PID:3308
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgctrl.exe
      4⤵
      PID:3272
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgserv.exe
      4⤵
      PID:1256
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgserv9.exe
      4⤵
      PID:4560
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgserv9schedapp.exe
      4⤵
      PID:644
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgw.exe
      4⤵
      PID:3368
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avkpop.exe
      4⤵
      PID:1572
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avkserv.exe
      4⤵
      PID:520
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avkservice.exe
      4⤵
      PID:2816
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avkwcl9.exe
      4⤵
      PID:400
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avkwctl9.exe
      4⤵
      PID:3816
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avnt.exe
      4⤵
      PID:3452
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avp.exe
      4⤵
      PID:1424
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avp32.exe
      4⤵
      PID:3780
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avpcc.exe
      4⤵
      PID:3532
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im AVPCC Service.exe
      4⤵
      PID:4516
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avpccavpm.exe
      4⤵
      PID:1872
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avpdos32.exe
      4⤵
      PID:872
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avpexec.exe
      4⤵
      PID:2108
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avpinst.exe
      4⤵
      Kills process with taskkill
      PID:4372
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avpm.exe
      4⤵
      PID:1276
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avpmonitor.exe
      4⤵
      PID:2520
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avptc.exe
      4⤵
      PID:2292
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avptc32.exe
      4⤵
      PID:3084
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avpupd.exe
      4⤵
      PID:3552
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avpupdates.exe
      4⤵
      PID:4488
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avrescue.exe
      4⤵
      PID:3472
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avsched32.exe
      4⤵
      PID:4544
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avsynmgr.exe
      4⤵
      PID:1012
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avwin95.exe
      4⤵
      Kills process with taskkill
      PID:3268
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avwinnt.exe
      4⤵
      Kills process with taskkill
      PID:3504
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avwupd32.exe
      4⤵
      PID:1500
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avxgui.exe
      4⤵
      PID:3964
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avxinit.exe
      4⤵
      PID:4412
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avxlive.exe
      4⤵
      PID:4564
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avxmonitor9x.exe
      4⤵
      PID:4444
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avxmonitornt.exe
      4⤵
      PID:5012
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avxnews.exe
      4⤵
      Kills process with taskkill
      PID:3752
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avxquar.exe
      4⤵
      PID:4440
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avxsch.exe
      4⤵
      PID:3468
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avxw.exe
      4⤵
      PID:1820
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im BACKLOG.exe
      4⤵
      Kills process with taskkill
      PID:1640
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im bd_professional.exe
      4⤵
      PID:4108
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im bidef.exe
      4⤵
      PID:4288
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im bidserver.exe
      4⤵
      PID:4556
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im bipcp.exe
      4⤵
      PID:2040
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im bisp.exe
      4⤵
      PID:1772
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im blackd.exe
      4⤵
      PID:1940
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im blackice.exe
      4⤵
      PID:1532
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im blackiceblackd.exe
      4⤵
      PID:4876
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im BootWarn.exe
      4⤵
      PID:1456
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im borg2.exe
      4⤵
      Kills process with taskkill
      PID:3868
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im bs120.exe
      4⤵
      PID:1484
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im bullguard.exe
      4⤵
      PID:3112
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ccApp.exe
      4⤵
      PID:884
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ccevtmgr.exe
      4⤵
      PID:2128
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ccIMScan.exe
      4⤵
      PID:1800
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ccPwdSrc.exe
      4⤵
      PID:404
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ccpxysvc.exe
      4⤵
      PID:3708
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ccSetMgr.exe
      4⤵
      PID:228
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cdp.exe
      4⤵
      PID:780
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cfiadmin.exe
      4⤵
      PID:1608
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cfiaudit.exe
      4⤵
      Kills process with taskkill
      PID:3460
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cfinet.exe
      4⤵
      PID:3524
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cfinet32.exe
      4⤵
      PID:4504
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im claw95.exe
      4⤵
      PID:1148
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im claw95cf.exe
      4⤵
      PID:1876
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im clean.exe
      4⤵
      PID:1528
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cleaner.exe
      4⤵
      PID:640
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cleaner3.exe
      4⤵
      PID:3136
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cleanpc.exe
      4⤵
      PID:4004
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cmgrdian.exe
      4⤵
      PID:3456
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cmon016.exe
      4⤵
      PID:2084
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im codered.exe
      4⤵
      PID:4324
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im connectionmonitor.exe
      4⤵
      PID:2728
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im conseal.exe
      4⤵
      PID:1852
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cpd.exe
      4⤵
      PID:3660
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cpf9x206.exe
      4⤵
      PID:484
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ctrl.exe
      4⤵
      PID:4036
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im defalert.exe
      4⤵
      Kills process with taskkill
      PID:3104
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im defence.exe
      4⤵
      PID:3776
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im defense.exe
      4⤵
      PID:4776
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im defscangui.exe
      4⤵
      PID:3412
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im defwatch.exe
      4⤵
      PID:5032
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im deputy.exe
      4⤵
      PID:4768
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im doors.exe
      4⤵
      PID:3576
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im dpf.exe
      4⤵
      PID:1972
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im drwatson.exe
      4⤵
      PID:4380
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im drweb32.exe
      4⤵
      PID:4300
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im dvp95.exe
      4⤵
      PID:3092
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im dvp95_0.exe
      4⤵
      PID:3592
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ecengine.exe
      4⤵
      PID:1356
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im edisk.exe
      4⤵
      PID:916
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im efpeadm.exe
      4⤵
      PID:2408
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im esafe.exe
      4⤵
      PID:1412
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im escanh95.exe
      4⤵
      PID:3408
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im escanhnt.exe
      4⤵
      PID:4384
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im escanv95.exe
      4⤵
      PID:4860
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im espwatch.exe
      4⤵
      PID:4536
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im etrustcipe.exe
      4⤵
      PID:1216
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im evpn.exe
      4⤵
      PID:1928
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im exantivirus -cnet.exe
      4⤵
      PID:4836
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fameh32.exe
      4⤵
      PID:4572
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fast.exe
      4⤵
      PID:2668
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fch32.exe
      4⤵
      PID:3128
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fih32.exe
      4⤵
      PID:4964
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im findviru.exe
      4⤵
      PID:1312
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im firewall.exe
      4⤵
      PID:3792
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fix-it.exe
      4⤵
      PID:4848
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im flowprotector.exe
      4⤵
      PID:4972
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fnrb32.exe
      4⤵
      Kills process with taskkill
      PID:2708
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fp -win.exe
      4⤵
      PID:5112
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fp -win_trial.exe
      4⤵
      PID:2620
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fprot.exe
      4⤵
      PID:1940
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im frw.exe
      4⤵
      Kills process with taskkill
      PID:1532
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fsaa.exe
      4⤵
      PID:4876
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fsav32.exe
      4⤵
      PID:1456
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fsav95.exe
      4⤵
      PID:3868
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fsave32.exe
      4⤵
      PID:1484
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fsgk32.exe
      4⤵
      Kills process with taskkill
      PID:3112
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fsm32.exe
      4⤵
      PID:884
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fsma32.exe
      4⤵
      PID:2128
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fsmb32.exe
      4⤵
      PID:1800
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fwenc.exe
      4⤵
      PID:404
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im gbmenu.exe
      4⤵
      PID:3708
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im gbpoll.exe
      4⤵
      PID:228
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im gedit.exe
      4⤵
      PID:780
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im generics.exe
      4⤵
      PID:4688
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im grief3878.exe
      4⤵
      PID:4196
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im guard.exe
      4⤵
      PID:4732
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im guarddog.exe
      4⤵
      PID:3564
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im HackerEliminator.exe
      4⤵
      PID:4584
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im iamapp.exe
      4⤵
      PID:700
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im iamserv.exe
      4⤵
      PID:2332
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im iamstats.exe
      4⤵
      PID:5028
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ibmasn.exe
      4⤵
      PID:2588
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ibmavsp.exe
      4⤵
      PID:2340
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im icload95.exe
      4⤵
      PID:1208
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im icloadnt.exe
      4⤵
      PID:5048
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im icmon.exe
      4⤵
      PID:4168
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im icsupp95.exe
      4⤵
      PID:1924
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im icsuppnt.exe
      4⤵
      PID:3648
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im iface.exe
      4⤵
      PID:4820
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ifw2000.exe
      4⤵
      PID:540
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im inoculateit.exe
      4⤵
      Kills process with taskkill
      PID:2404
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im iomon98.exe
      4⤵
      PID:4516
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im iparmor.exe
      4⤵
      PID:4720
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im iris.exe
      4⤵
      PID:1496
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im isrv95.exe
      4⤵
      PID:2108
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im jammer.exe
      4⤵
      PID:1676
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im jedi.exe
      4⤵
      PID:1444
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im kavpf.exe
      4⤵
      PID:1600
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ldnetmon.exe
      4⤵
      PID:2292
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ldpromenu.exe
      4⤵
      PID:3948
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ldscan.exe
      4⤵
      PID:4184
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im localnet.exe
      4⤵
      PID:488
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im lockdown.exe
      4⤵
      PID:3096
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im lookout.exe
      4⤵
      PID:2928
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im luall.exe
      4⤵
      PID:4064
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im lucomserver.exe
      4⤵
      PID:2692
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im luspt.exe
      4⤵
      PID:3032
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcafee.exe
      4⤵
      PID:4612
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcagent.exe
      4⤵
      PID:3980
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcmnhdlr.exe
      4⤵
      PID:2212
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcshield.exe
      4⤵
      PID:2688
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcshieldvvstat.exe
      4⤵
      PID:2920
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mctool.exe
      4⤵
      PID:3852
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcupdate.exe
      4⤵
      PID:5024
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcvsrte.exe
      4⤵
      PID:1992
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcvsshld.exe
      4⤵
      PID:4736
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mgavrtcl.exe
      4⤵
      PID:2348
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mgavrte.exe
      4⤵
      PID:1820
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mghtml.exe
      4⤵
      Kills process with taskkill
      PID:1640
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mgui.exe
      4⤵
      PID:3792
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im minilog.exe
      4⤵
      PID:4848
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mon.exe
      4⤵
      PID:4972
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im monitor.exe
      4⤵
      PID:2708
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im monsys32.exe
      4⤵
      PID:2372
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im monsysnt.exe
      4⤵
      PID:3704
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im moolive.exe
      4⤵
      PID:1624
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mpfservice.exe
      4⤵
      PID:1780
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mpftray.exe
      4⤵
      PID:1000
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mrflux.exe
      4⤵
      PID:3380
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im msinfo32.exe
      4⤵
      PID:1484
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mwatch.exe
      4⤵
      PID:3112
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mxtask.exe
      4⤵
      PID:884
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im n32scanw.exe
      4⤵
      PID:2128
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nav.exe
      4⤵
      PID:1800
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im NAV DefAlert.exe
      4⤵
      PID:404
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nav32.exe
      4⤵
      Kills process with taskkill
      PID:3228
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navalert.exe
      4⤵
      PID:4040
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navap.exe
      4⤵
      PID:3616
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navapsvc.exe
      4⤵
      PID:1608
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im NAVAPW32.exe
      4⤵
      PID:4672
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navauto -protect.exe
      4⤵
      PID:1280
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navdx.exe
      4⤵
      PID:392
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navengnavex15.exe
      4⤵
      PID:2984
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navlu32.exe
      4⤵
      PID:3308
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navnt.exe
      4⤵
      PID:312
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navrunr.exe
      4⤵
      PID:1256
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navstub.exe
      4⤵
      PID:3480
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navw32.exe
      4⤵
      PID:3136
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im Navwnt.exe
      4⤵
      PID:3368
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nc2000.exe
      4⤵
      PID:1572
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ndd32.exe
      4⤵
      PID:2084
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im neomonitor.exe
      4⤵
      PID:4324
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im neowatchlog.exe
      4⤵
      PID:2728
- - C:\Av-Kill_.exe
    "C:\Av-Kill_.exe"
    3⤵
    - Executes dropped EXE
    - Checks computer location settings
    - Suspicious use of SetWindowsHookEx
    PID:2436
  - - C:\Users\Admin\AppData\Local\Temp\Kill1.exe
      "C:\Users\Admin\AppData\Local\Temp\Kill1.exe"
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      PID:2996
  - - C:\Users\Admin\AppData\Local\Temp\Kill2.exe
      "C:\Users\Admin\AppData\Local\Temp\Kill2.exe"
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      PID:2456

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\FirewallControlPanel.dll,ShowWarningDialog "C:\Av-Kill_.exe"
1⤵
- Modifies registry class
PID:4428

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Av-Kill_.exe

Filesize
76KB

MD5
47f5c8d6227a3a3beceba22b765248f1

SHA1
206ad171187d8750b1afa56617932513ec1c10a9

SHA256
a2acff0da6dfe284c9d72ddf1c0389d6c37a0957cc0380f606fcfa786b883df6

SHA512
958a1d774d5f9fa7368b9254e1c13f7862a871745785d5e7d0c667cdca6024147c09a9af640c4092c4294487b5d0d004e334c6e0a8cd280a0aeacdec12aa72ce

Download Submit
C:\Av-Kill_.exe

Filesize
76KB

MD5
47f5c8d6227a3a3beceba22b765248f1

SHA1
206ad171187d8750b1afa56617932513ec1c10a9

SHA256
a2acff0da6dfe284c9d72ddf1c0389d6c37a0957cc0380f606fcfa786b883df6

SHA512
958a1d774d5f9fa7368b9254e1c13f7862a871745785d5e7d0c667cdca6024147c09a9af640c4092c4294487b5d0d004e334c6e0a8cd280a0aeacdec12aa72ce

Download Submit
C:\Servo.exe

Filesize
198KB

MD5
0fd4c101d90e0530185f89a793379ade

SHA1
6b3b3257ec78391fa11db5ec13abc9d906de644a

SHA256
93b94ee46f3d302304363ef9c8543e54d8c624ca667c0f979f8ba31d02fdb6eb

SHA512
52c93568ad317b2c76a2d169a215e5dbeff7a796b1b1cb3702f78ed235b0f1f057709a1c5568ce8f5586fa676569d95f5e2366d33dd3f66dbdadf9ed4b3b3c4c

Download Submit
C:\Servo.exe

Filesize
198KB

MD5
0fd4c101d90e0530185f89a793379ade

SHA1
6b3b3257ec78391fa11db5ec13abc9d906de644a

SHA256
93b94ee46f3d302304363ef9c8543e54d8c624ca667c0f979f8ba31d02fdb6eb

SHA512
52c93568ad317b2c76a2d169a215e5dbeff7a796b1b1cb3702f78ed235b0f1f057709a1c5568ce8f5586fa676569d95f5e2366d33dd3f66dbdadf9ed4b3b3c4c

Download Submit
C:\Servo.exe

Filesize
198KB

MD5
0fd4c101d90e0530185f89a793379ade

SHA1
6b3b3257ec78391fa11db5ec13abc9d906de644a

SHA256
93b94ee46f3d302304363ef9c8543e54d8c624ca667c0f979f8ba31d02fdb6eb

SHA512
52c93568ad317b2c76a2d169a215e5dbeff7a796b1b1cb3702f78ed235b0f1f057709a1c5568ce8f5586fa676569d95f5e2366d33dd3f66dbdadf9ed4b3b3c4c

Download Submit
C:\Super_Kill.bat

Filesize
85KB

MD5
60e3467920f4c89f515c2f2b86653139

SHA1
0f2b17ecb71b2c69302b757db86426c7cc1aa597

SHA256
32b63b45f2bffcafe822485019e0610fc189740c8791b8ee5b19da30d6807d63

SHA512
46eed8c23398805bbd67282fe2404c960cb6117d667646a35be3ce3e3ad81789670b1a541c4814bc36c470e663c26d93baf77aaea68cb0a891c013e08452672d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Kill1.exe

Filesize
32KB

MD5
89a6d01576dce0c344f78f980dd77d93

SHA1
cfaf3a9e081316f7c9bf8c3eb90ca18692d4483e

SHA256
49a7a2527a6da35b942995921ca257ffffd925e852176fc339e6fe46b12037d7

SHA512
3ccd745a820a1def59d03c3f9acd029ed6b956d32868017fed82e304183ee42f1adaa239326c18447b0bb09e11ddee09d97fc181c5cfd99689ed5526a214574b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Kill1.exe

Filesize
32KB

MD5
89a6d01576dce0c344f78f980dd77d93

SHA1
cfaf3a9e081316f7c9bf8c3eb90ca18692d4483e

SHA256
49a7a2527a6da35b942995921ca257ffffd925e852176fc339e6fe46b12037d7

SHA512
3ccd745a820a1def59d03c3f9acd029ed6b956d32868017fed82e304183ee42f1adaa239326c18447b0bb09e11ddee09d97fc181c5cfd99689ed5526a214574b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Kill2.exe

Filesize
32KB

MD5
89a6d01576dce0c344f78f980dd77d93

SHA1
cfaf3a9e081316f7c9bf8c3eb90ca18692d4483e

SHA256
49a7a2527a6da35b942995921ca257ffffd925e852176fc339e6fe46b12037d7

SHA512
3ccd745a820a1def59d03c3f9acd029ed6b956d32868017fed82e304183ee42f1adaa239326c18447b0bb09e11ddee09d97fc181c5cfd99689ed5526a214574b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Kill2.exe

Filesize
32KB

MD5
89a6d01576dce0c344f78f980dd77d93

SHA1
cfaf3a9e081316f7c9bf8c3eb90ca18692d4483e

SHA256
49a7a2527a6da35b942995921ca257ffffd925e852176fc339e6fe46b12037d7

SHA512
3ccd745a820a1def59d03c3f9acd029ed6b956d32868017fed82e304183ee42f1adaa239326c18447b0bb09e11ddee09d97fc181c5cfd99689ed5526a214574b

Download Submit
C:\Users\Admin\AppData\Local\Temp\XX--XX--XX.txt

Filesize
137KB

MD5
b23f427100067b7025e8ed896030c8d8

SHA1
38a40d057e30e8a131aa700c65d4f89ec427de3f

SHA256
428ab282fd2997c4e1e6bba5b09a5b7982d2149b72f8d489a10d3f8bc61424c2

SHA512
f9fc5d6b5bcb50cf41b7d60c4c43363d8ae2a0155ba000237802edbef67086b1c3e4111f0dcdc01313b2fa02952862857c53e630f228bcb4e39bea3426837ada

Download Submit
C:\Windows\SysWOW64\install\server.exe

Filesize
198KB

MD5
0fd4c101d90e0530185f89a793379ade

SHA1
6b3b3257ec78391fa11db5ec13abc9d906de644a

SHA256
93b94ee46f3d302304363ef9c8543e54d8c624ca667c0f979f8ba31d02fdb6eb

SHA512
52c93568ad317b2c76a2d169a215e5dbeff7a796b1b1cb3702f78ed235b0f1f057709a1c5568ce8f5586fa676569d95f5e2366d33dd3f66dbdadf9ed4b3b3c4c

Download Submit
memory/1624-176-0x0000000024090000-0x00000000240CC000-memory.dmp

Filesize
240KB

Download
memory/1624-147-0x0000000024010000-0x000000002404C000-memory.dmp

Filesize
240KB

Download
memory/1624-182-0x00000000240D0000-0x000000002410C000-memory.dmp

Filesize
240KB

Download
memory/1624-163-0x0000000024050000-0x000000002408C000-memory.dmp

Filesize
240KB

Download
memory/4796-185-0x00000000240D0000-0x000000002410C000-memory.dmp

Filesize
240KB

Download
memory/4796-190-0x00000000240D0000-0x000000002410C000-memory.dmp

Filesize
240KB

Download
memory/4796-236-0x00000000240D0000-0x000000002410C000-memory.dmp

Filesize
240KB

Download
memory/4920-166-0x0000000024050000-0x000000002408C000-memory.dmp

Filesize
240KB

Download
memory/4920-170-0x0000000024050000-0x000000002408C000-memory.dmp

Filesize
240KB

Download