5247ccedc9744c5c25eb13c036b48cffadde1f804372fc60f43c4d1d4abb879e

Analysis

max time kernel
190s
max time network
236s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 07:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5247ccedc9744c5c25eb13c036b48cffadde1f804372fc60f43c4d1d4abb879e.exe
Size

13KB
MD5

d5c5f9a8736c119ed87dfc7661d0cc24
SHA1

790eac77fd7d51ac19c36a35afa89ae8492e9b16
SHA256

5247ccedc9744c5c25eb13c036b48cffadde1f804372fc60f43c4d1d4abb879e
SHA512

7b0464eb27ea0277b776ad073cca8fed50c4d2b39d2d4fe7fc6f04c62af282f6fa1dbdbc6f9af5cbba0d68bc03b6fa4e9642f007508a15cae6ecd21544143426
SSDEEP

192:tfx1/biSj4MLsQ2BX13AakSvUkt7KeBDTdiPdP6lTDQc2nFaNJhLkwcud2DH9Vw9:tfxnT2BX1JNVjKVK2FaNJawcudoD7Ub

Score

8^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4040	b2e.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/216-132-0x0000000000400000-0x0000000000417000-memory.dmp	upx
behavioral2/memory/216-136-0x0000000000400000-0x0000000000417000-memory.dmp	upx

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	5247ccedc9744c5c25eb13c036b48cffadde1f804372fc60f43c4d1d4abb879e.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	b2e.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Kills process with taskkill 64 IoCs

evasion

pid	Process
2632	taskkill.exe
3676	taskkill.exe
1480	taskkill.exe
3988	taskkill.exe
4700	taskkill.exe
2092	taskkill.exe
1312	taskkill.exe
632	taskkill.exe
372	taskkill.exe
2640	taskkill.exe
3508	taskkill.exe
5116	taskkill.exe
3512	taskkill.exe
2268	taskkill.exe
1964	taskkill.exe
3120	taskkill.exe
1300	taskkill.exe
3112	taskkill.exe
2584	taskkill.exe
3712	taskkill.exe
1768	taskkill.exe
1288	taskkill.exe
836	taskkill.exe
2164	taskkill.exe
2300	taskkill.exe
2592	taskkill.exe
3088	taskkill.exe
2584	taskkill.exe
4908	taskkill.exe
3240	taskkill.exe
1612	taskkill.exe
3920	taskkill.exe
3648	taskkill.exe
3980	taskkill.exe
1976	taskkill.exe
1168	taskkill.exe
1572	taskkill.exe
780	taskkill.exe
4496	taskkill.exe
516	taskkill.exe
2592	taskkill.exe
392	taskkill.exe
808	taskkill.exe
8	taskkill.exe
1060	taskkill.exe
1104	taskkill.exe
2772	taskkill.exe
4864	taskkill.exe
4268	taskkill.exe
5016	taskkill.exe
4408	taskkill.exe
3772	taskkill.exe
1156	taskkill.exe
3752	taskkill.exe
2132	taskkill.exe
968	taskkill.exe
1488	taskkill.exe
4304	taskkill.exe
3440	taskkill.exe
3176	taskkill.exe
4608	taskkill.exe
4004	taskkill.exe
2616	taskkill.exe
4200	taskkill.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2388	taskkill.exe
Token: SeDebugPrivilege	1416	taskkill.exe
Token: SeDebugPrivilege	4244	taskkill.exe
Token: SeDebugPrivilege	5100	taskkill.exe
Token: SeDebugPrivilege	1312	taskkill.exe
Token: SeDebugPrivilege	4316	taskkill.exe
Token: SeDebugPrivilege	1468	taskkill.exe
Token: SeDebugPrivilege	2708	taskkill.exe
Token: SeDebugPrivilege	3504	taskkill.exe
Token: SeDebugPrivilege	4752	taskkill.exe
Token: SeDebugPrivilege	1848	taskkill.exe
Token: SeDebugPrivilege	3988	taskkill.exe
Token: SeDebugPrivilege	1264	taskkill.exe
Token: SeDebugPrivilege	2584	taskkill.exe
Token: SeDebugPrivilege	1488	taskkill.exe
Token: SeDebugPrivilege	3924	taskkill.exe
Token: SeDebugPrivilege	2160	taskkill.exe
Token: SeDebugPrivilege	1768	taskkill.exe
Token: SeDebugPrivilege	736	taskkill.exe
Token: SeDebugPrivilege	2624	taskkill.exe
Token: SeDebugPrivilege	516	taskkill.exe
Token: SeDebugPrivilege	2848	taskkill.exe
Token: SeDebugPrivilege	1208	taskkill.exe
Token: SeDebugPrivilege	1300	taskkill.exe
Token: SeDebugPrivilege	5044	taskkill.exe
Token: SeDebugPrivilege	4700	taskkill.exe
Token: SeDebugPrivilege	3324	taskkill.exe
Token: SeDebugPrivilege	2496	taskkill.exe
Token: SeDebugPrivilege	3832	taskkill.exe
Token: SeDebugPrivilege	3212	taskkill.exe
Token: SeDebugPrivilege	4036	taskkill.exe
Token: SeDebugPrivilege	500	taskkill.exe
Token: SeDebugPrivilege	1240	taskkill.exe
Token: SeDebugPrivilege	3016	taskkill.exe
Token: SeDebugPrivilege	1168	taskkill.exe
Token: SeDebugPrivilege	1160	taskkill.exe
Token: SeDebugPrivilege	3848	taskkill.exe
Token: SeDebugPrivilege	4272	taskkill.exe
Token: SeDebugPrivilege	1920	taskkill.exe
Token: SeDebugPrivilege	3464	taskkill.exe
Token: SeDebugPrivilege	4496	taskkill.exe
Token: SeDebugPrivilege	3964	taskkill.exe
Token: SeDebugPrivilege	2072	taskkill.exe
Token: SeDebugPrivilege	1248	taskkill.exe
Token: SeDebugPrivilege	1612	taskkill.exe
Token: SeDebugPrivilege	3088	taskkill.exe
Token: SeDebugPrivilege	1616	taskkill.exe
Token: SeDebugPrivilege	688	taskkill.exe
Token: SeDebugPrivilege	4676	taskkill.exe
Token: SeDebugPrivilege	4320	taskkill.exe
Token: SeDebugPrivilege	2992	taskkill.exe
Token: SeDebugPrivilege	4696	taskkill.exe
Token: SeDebugPrivilege	3292	taskkill.exe
Token: SeDebugPrivilege	4600	taskkill.exe
Token: SeDebugPrivilege	664	taskkill.exe
Token: SeDebugPrivilege	2584	taskkill.exe
Token: SeDebugPrivilege	1488	taskkill.exe
Token: SeDebugPrivilege	3924	taskkill.exe
Token: SeDebugPrivilege	2160	taskkill.exe
Token: SeDebugPrivilege	1768	taskkill.exe
Token: SeDebugPrivilege	736	taskkill.exe
Token: SeDebugPrivilege	4120	taskkill.exe
Token: SeDebugPrivilege	4456	taskkill.exe
Token: SeDebugPrivilege	4768	taskkill.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 216 wrote to memory of 4040	216	5247ccedc9744c5c25eb13c036b48cffadde1f804372fc60f43c4d1d4abb879e.exe	82
PID 216 wrote to memory of 4040	216	5247ccedc9744c5c25eb13c036b48cffadde1f804372fc60f43c4d1d4abb879e.exe	82
PID 216 wrote to memory of 4040	216	5247ccedc9744c5c25eb13c036b48cffadde1f804372fc60f43c4d1d4abb879e.exe	82
PID 4040 wrote to memory of 3636	4040	b2e.exe	83
PID 4040 wrote to memory of 3636	4040	b2e.exe	83
PID 4040 wrote to memory of 3636	4040	b2e.exe	83
PID 3636 wrote to memory of 2388	3636	cmd.exe	87
PID 3636 wrote to memory of 2388	3636	cmd.exe	87
PID 3636 wrote to memory of 2388	3636	cmd.exe	87
PID 3636 wrote to memory of 1416	3636	cmd.exe	89
PID 3636 wrote to memory of 1416	3636	cmd.exe	89
PID 3636 wrote to memory of 1416	3636	cmd.exe	89
PID 3636 wrote to memory of 4244	3636	cmd.exe	90
PID 3636 wrote to memory of 4244	3636	cmd.exe	90
PID 3636 wrote to memory of 4244	3636	cmd.exe	90
PID 3636 wrote to memory of 5100	3636	cmd.exe	91
PID 3636 wrote to memory of 5100	3636	cmd.exe	91
PID 3636 wrote to memory of 5100	3636	cmd.exe	91
PID 3636 wrote to memory of 1312	3636	cmd.exe	92
PID 3636 wrote to memory of 1312	3636	cmd.exe	92
PID 3636 wrote to memory of 1312	3636	cmd.exe	92
PID 3636 wrote to memory of 4316	3636	cmd.exe	93
PID 3636 wrote to memory of 4316	3636	cmd.exe	93
PID 3636 wrote to memory of 4316	3636	cmd.exe	93
PID 3636 wrote to memory of 1468	3636	cmd.exe	94
PID 3636 wrote to memory of 1468	3636	cmd.exe	94
PID 3636 wrote to memory of 1468	3636	cmd.exe	94
PID 3636 wrote to memory of 2708	3636	cmd.exe	95
PID 3636 wrote to memory of 2708	3636	cmd.exe	95
PID 3636 wrote to memory of 2708	3636	cmd.exe	95
PID 3636 wrote to memory of 3504	3636	cmd.exe	96
PID 3636 wrote to memory of 3504	3636	cmd.exe	96
PID 3636 wrote to memory of 3504	3636	cmd.exe	96
PID 3636 wrote to memory of 4752	3636	cmd.exe	97
PID 3636 wrote to memory of 4752	3636	cmd.exe	97
PID 3636 wrote to memory of 4752	3636	cmd.exe	97
PID 3636 wrote to memory of 1848	3636	cmd.exe	98
PID 3636 wrote to memory of 1848	3636	cmd.exe	98
PID 3636 wrote to memory of 1848	3636	cmd.exe	98
PID 3636 wrote to memory of 3988	3636	cmd.exe	99
PID 3636 wrote to memory of 3988	3636	cmd.exe	99
PID 3636 wrote to memory of 3988	3636	cmd.exe	99
PID 3636 wrote to memory of 1264	3636	cmd.exe	100
PID 3636 wrote to memory of 1264	3636	cmd.exe	100
PID 3636 wrote to memory of 1264	3636	cmd.exe	100
PID 3636 wrote to memory of 2584	3636	cmd.exe	101
PID 3636 wrote to memory of 2584	3636	cmd.exe	101
PID 3636 wrote to memory of 2584	3636	cmd.exe	101
PID 3636 wrote to memory of 1488	3636	cmd.exe	102
PID 3636 wrote to memory of 1488	3636	cmd.exe	102
PID 3636 wrote to memory of 1488	3636	cmd.exe	102
PID 3636 wrote to memory of 3924	3636	cmd.exe	103
PID 3636 wrote to memory of 3924	3636	cmd.exe	103
PID 3636 wrote to memory of 3924	3636	cmd.exe	103
PID 3636 wrote to memory of 2160	3636	cmd.exe	104
PID 3636 wrote to memory of 2160	3636	cmd.exe	104
PID 3636 wrote to memory of 2160	3636	cmd.exe	104
PID 3636 wrote to memory of 1768	3636	cmd.exe	105
PID 3636 wrote to memory of 1768	3636	cmd.exe	105
PID 3636 wrote to memory of 1768	3636	cmd.exe	105
PID 3636 wrote to memory of 736	3636	cmd.exe	106
PID 3636 wrote to memory of 736	3636	cmd.exe	106
PID 3636 wrote to memory of 736	3636	cmd.exe	106
PID 3636 wrote to memory of 2624	3636	cmd.exe	107

C:\Users\Admin\AppData\Local\Temp\5247ccedc9744c5c25eb13c036b48cffadde1f804372fc60f43c4d1d4abb879e.exe
"C:\Users\Admin\AppData\Local\Temp\5247ccedc9744c5c25eb13c036b48cffadde1f804372fc60f43c4d1d4abb879e.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:216
- C:\Users\Admin\AppData\Local\Temp\C92C.tmp\b2e.exe
  "C:\Users\Admin\AppData\Local\Temp\C92C.tmp\b2e.exe" C:\Users\Admin\AppData\Local\Temp\C92C.tmp\b2e.exe C:\Users\Admin\AppData\Local\Temp "C:\Users\Admin\AppData\Local\Temp\5247ccedc9744c5c25eb13c036b48cffadde1f804372fc60f43c4d1d4abb879e.exe"
  2⤵
  - Executes dropped EXE
  - Checks computer location settings
  - Suspicious use of WriteProcessMemory
  PID:4040
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\D1F6.tmp\batfile.bat" "
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3636
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nod32krn.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2388
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nod32.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1416
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nod32kui.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4244
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im kav.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:5100
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im kavmm.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1312
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im KAVPF.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4316
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgemc.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1468
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgcc.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2708
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgamsvr.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:3504
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgupsvc.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4752
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgw.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1848
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ashWebSv.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:3988
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ashDisp.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1264
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ashmaisv.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2584
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ashserv.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1488
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im aswupdsv.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:3924
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ewidoctrl.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2160
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im guard.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1768
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im gcasDtServ.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:736
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im MsMpEng.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2624
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcafee.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:516
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mghtml.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2848
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im MsiExec.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1208
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im outpost.exe
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:1300
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im isafe.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:5044
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im zapro.exe
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:4700
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im zauinst.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:3324
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im UpdClient.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2496
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im zlcliente.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:3832
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im minilog.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:3212
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im zonealarm.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4036
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im zlclient.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:500
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ccapp.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1240
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ccsetmgr.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:3016
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ccevtmgr.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1168
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im Norton Auto-Protect.exe
      4⤵
      PID:5056
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cccproxy.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1160
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navw32.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:3848
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im norton.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4272
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navapsvc.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1920
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im npfmntor.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:3464
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im logexprt.exe
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:4496
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nisum.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:3964
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im issvc.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2072
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cpdclnt.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1248
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pccntupd.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1612
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im PCCTool.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:3088
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im tmproxy.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1616
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im tmntsrv.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:688
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pop3trap.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4676
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im tsc.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4320
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im PavPrSrv.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2992
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im padmin.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4696
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im PavProt.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:3292
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pandaav.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4600
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avengine.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:664
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im apvxdwin.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2584
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im webProxy.exe
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:1488
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avguard.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:3924
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgnt.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2160
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im sched.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1768
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avsched32.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:736
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im SCCOMM.EXE
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4120
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im Spiderml.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4456
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vsserv.exe
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4768
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im bdswitch.exe
      4⤵
      PID:844
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im bdss.exe
      4⤵
      PID:3764
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im INOTask.exe
      4⤵
      PID:2652
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im caissdt.exe
      4⤵
      PID:4772
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im InoRpc.exe
      4⤵
      PID:3160
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im VetMsg.exe
      4⤵
      PID:2460
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vettray.exe
      4⤵
      PID:4560
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im realmon.exe
      4⤵
      PID:4540
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nod32krn.exe
      4⤵
      PID:1288
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nod32.exe
      4⤵
      PID:3212
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nod32kui.exe
      4⤵
      PID:3208
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im kav.exe
      4⤵
      PID:5112
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im kavmm.exe
      4⤵
      PID:216
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im KAVPF.exe
      4⤵
      Kills process with taskkill
      PID:5116
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgemc.exe
      4⤵
      PID:2948
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgcc.exe
      4⤵
      PID:2628
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgamsvr.exe
      4⤵
      PID:2220
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgupsvc.exe
      4⤵
      PID:4208
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgw.exe
      4⤵
      PID:3296
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ashWebSv.exe
      4⤵
      PID:1572
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ashDisp.exe
      4⤵
      PID:4748
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ashmaisv.exe
      4⤵
      PID:3080
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ashserv.exe
      4⤵
      PID:3392
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im aswupdsv.exe
      4⤵
      PID:5100
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ewidoctrl.exe
      4⤵
      Kills process with taskkill
      PID:1312
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im guard.exe
      4⤵
      PID:3220
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im gcasDtServ.exe
      4⤵
      PID:1248
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im MsMpEng.exe
      4⤵
      PID:3980
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcafee.exe
      4⤵
      PID:1252
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mghtml.exe
      4⤵
      Kills process with taskkill
      PID:5016
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im MsiExec.exe
      4⤵
      PID:4752
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im outpost.exe
      4⤵
      PID:3120
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im isafe.exe
      4⤵
      PID:1952
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im zapro.exe
      4⤵
      PID:1976
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im zauinst.exe
      4⤵
      PID:1840
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im UpdClient.exe
      4⤵
      PID:4820
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im zlcliente.exe
      4⤵
      PID:1100
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im minilog.exe
      4⤵
      PID:8
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im zonealarm.exe
      4⤵
      Kills process with taskkill
      PID:2300
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im zlclient.exe
      4⤵
      PID:780
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ccapp.exe
      4⤵
      PID:2100
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ccsetmgr.exe
      4⤵
      PID:4632
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ccevtmgr.exe
      4⤵
      PID:1036
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im Norton Auto-Protect.exe
      4⤵
      PID:544
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cccproxy.exe
      4⤵
      PID:4432
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navw32.exe
      4⤵
      PID:2288
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im norton.exe
      4⤵
      Kills process with taskkill
      PID:1060
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navapsvc.exe
      4⤵
      PID:4348
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im npfmntor.exe
      4⤵
      PID:1276
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im logexprt.exe
      4⤵
      PID:4360
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nisum.exe
      4⤵
      PID:4548
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im issvc.exe
      4⤵
      PID:1972
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cpdclnt.exe
      4⤵
      Kills process with taskkill
      PID:632
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pccntupd.exe
      4⤵
      PID:3992
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im PCCTool.exe
      4⤵
      PID:3324
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im tmproxy.exe
      4⤵
      PID:4112
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im tmntsrv.exe
      4⤵
      PID:1576
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pop3trap.exe
      4⤵
      PID:4020
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im tsc.exe
      4⤵
      PID:4024
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im PavPrSrv.exe
      4⤵
      PID:4620
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im padmin.exe
      4⤵
      PID:3004
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im PavProt.exe
      4⤵
      PID:2732
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pandaav.exe
      4⤵
      PID:3300
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avengine.exe
      4⤵
      Kills process with taskkill
      PID:1168
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im apvxdwin.exe
      4⤵
      PID:4656
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im webProxy.exe
      4⤵
      PID:3996
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avguard.exe
      4⤵
      PID:4216
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgnt.exe
      4⤵
      PID:1528
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im sched.exe
      4⤵
      PID:4200
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avsched32.exe
      4⤵
      PID:4132
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im SCCOMM.EXE
      4⤵
      PID:3464
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im Spiderml.exe
      4⤵
      PID:4976
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vsserv.exe
      4⤵
      PID:3796
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im bdswitch.exe
      4⤵
      PID:1156
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im bdss.exe
      4⤵
      PID:4224
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im INOTask.exe
      4⤵
      PID:1468
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im caissdt.exe
      4⤵
      Kills process with taskkill
      PID:4408
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im InoRpc.exe
      4⤵
      PID:4692
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im VetMsg.exe
      4⤵
      PID:2956
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im vettray.exe
      4⤵
      PID:5032
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im realmon.exe
      4⤵
      PID:4468
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM AVGUARD.exe
      4⤵
      PID:2408
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM AVGCtrl.exe
      4⤵
      Kills process with taskkill
      PID:3772
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM CSS_1630.exe
      4⤵
      Kills process with taskkill
      PID:372
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM CSS-AVS.exe
      4⤵
      PID:2644
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM ashdisp.exe
      4⤵
      PID:3888
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM ashmaisv.exe
      4⤵
      PID:1096
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM ashserv.exe
      4⤵
      PID:4652
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM ashwebsv.exe
      4⤵
      PID:3988
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM aswupdsv.exe
      4⤵
      Kills process with taskkill
      PID:2640
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM AVGCC.exe
      4⤵
      PID:2772
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM AVGCC32.exe
      4⤵
      PID:620
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM AVGEmc.exe
      4⤵
      Kills process with taskkill
      PID:3112
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM AVGServ.exe
      4⤵
      PID:1784
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM AVGServ9.exe
      4⤵
      PID:1768
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM Avgw.exe
      4⤵
      PID:2200
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM vsserv.exe
      4⤵
      PID:2152
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM ewidoguard.exe
      4⤵
      Kills process with taskkill
      PID:3512
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM ewidoctrl.exe
      4⤵
      PID:2304
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM kav.exe
      4⤵
      PID:2164
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM kavsvc.exe
      4⤵
      PID:3040
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM MPFAgent.exe
      4⤵
      PID:2496
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM MPFTray.exe
      4⤵
      PID:2856
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM Mscifapp.exe
      4⤵
      PID:4756
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM MSKSrvr.exe
      4⤵
      PID:3212
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM NOD32Krn.exe
      4⤵
      PID:3208
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM NOD32Kui.exe
      4⤵
      PID:5112
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM PavPrS9x.exe
      4⤵
      PID:216
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM NPFMntor.exe
      4⤵
      PID:5084
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM Nprotect.exe
      4⤵
      PID:5056
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM Nsched32.exe
      4⤵
      PID:4532
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM SymWSC.exe
      4⤵
      PID:1920
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /IM SpywareStrike.exe /IM SpywareStrike.exe
      4⤵
      PID:1824
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /IM ccProxy.exe /IM ccSetMgr.exe /IM SNDSrvc.exe /IM SPBBCSvc.exe /IM ccEvtMgr.exe /IM ccApp.exe /IM NMAIN.EXE /IM SBServ.exe /IM NOPDB.EXE
      4⤵
      PID:3964
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /IM symlcsvc.exe
      4⤵
      PID:1792
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /IM SymWSC.exe /IM UsrPrmpt.exe
      4⤵
      PID:2004
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /IM zlclient.exe /IM zonealarm.exe
      4⤵
      PID:4692
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /IM ewidoctrl.exe
      4⤵
      PID:4752
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /IM navapsvc.exe /IM NPFMntor.exe /IM navapw32.exe /IM SAVScan.exe
      4⤵
      PID:3120
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /IM WRSSSDK.exe /IM SpySweeper.exe
      4⤵
      PID:1952
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /IM GBPoll.exe /IM navapsvc.exe /IM NPFMntor.exe /IM NPROTECT.EXE /IM NOPDB.EXE /IM GBTray.exe /IM NPFMntor.exe /IM GhostTray.exe /IM PQV2iSvc.exe
      4⤵
      Kills process with taskkill
      PID:4004
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /IM kavsvc.exe /IM kav.exe
      4⤵
      PID:1976
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /IM mcdetect.exe /IM mctskshd.exe /IM mcregwiz.exe /IM mcagent.exe
      4⤵
      PID:1840
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /IM Pavsrv51.exe /IM AVENGINE.EXE /IM apvxdwin.exe /IM pavProxy.exe
      4⤵
      PID:4820
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /IM AVGUARD.EXE /IM AVWUPSRV.EXE /IM AVGNT.EXE /IM AVSched32.EXE
      4⤵
      PID:1100
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /IM avgcc.exe /IM avgamsvr.exe /IM avgupsvc.exe
      4⤵
      PID:2296
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /IM Pagent.exe /IM pagentwd.exe /IM pavsched.exe
      4⤵
      PID:1820
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /IM DefWatch.exe /IM Rtvscan.exe
      4⤵
      Kills process with taskkill
      PID:2584
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /IM avgamsvr.exe /IM avgupsvc.exe
      4⤵
      PID:4264
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nod32krn.exe
      4⤵
      PID:3148
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nod32.exe
      4⤵
      PID:4908
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im kav.exe
      4⤵
      PID:2588
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im kavmm.exe
      4⤵
      PID:4688
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgemc.exe
      4⤵
      Kills process with taskkill
      PID:2616
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgcc.exe
      4⤵
      PID:1060
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgamsvr.exe
      4⤵
      Kills process with taskkill
      PID:3648
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgupsvc.exe
      4⤵
      PID:3512
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgw.exe
      4⤵
      PID:2304
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ashwebsv.exe
      4⤵
      PID:4100
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ashdisp.exe
      4⤵
      PID:64
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ashmaisv.exe
      4⤵
      PID:3116
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ashserv.exe
      4⤵
      PID:2260
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ashwebsv.exe
      4⤵
      PID:3240
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im aswupdsv.exe
      4⤵
      PID:1912
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ewidoctrl.exe
      4⤵
      PID:3040
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im guard.exe
      4⤵
      Kills process with taskkill
      PID:4268
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im gcasdtserv.exe
      4⤵
      Kills process with taskkill
      PID:2092
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im msmpeng.exe
      4⤵
      PID:4892
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcafee.exe
      4⤵
      PID:3548
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mghml.exe
      4⤵
      PID:4620
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im msiexec.exe
      4⤵
      PID:1360
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im outpost.exe
      4⤵
      PID:5112
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im isafe.exe
      4⤵
      PID:216
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im minilog.exe
      4⤵
      PID:2884
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im zonealarm.exe
      4⤵
      PID:2148
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im zlclient.exe
      4⤵
      PID:4532
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im updclient.exe
      4⤵
      PID:2268
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ccapp.exe
      4⤵
      PID:3900
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navw32.exe
      4⤵
      PID:984
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im norton.exe
      4⤵
      PID:3080
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navapsvc.exe
      4⤵
      PID:220
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ccsetmgr.exe
      4⤵
      PID:3932
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cccproxy.exe
      4⤵
      PID:4664
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ccapp.exe
      4⤵
      PID:3172
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ccevtmgr.exe
      4⤵
      PID:1624
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im npfmntor.exe
      4⤵
      PID:2708
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im logexprt.exe
      4⤵
      PID:1780
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nisum.exe
      4⤵
      Kills process with taskkill
      PID:3980
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im issvc.exe
      4⤵
      PID:3952
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cpdclnt.exe
      4⤵
      PID:1260
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pavprsrv.exe
      4⤵
      Kills process with taskkill
      PID:4200
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pavprot.exe
      4⤵
      PID:4408
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avengine.exe
      4⤵
      PID:1656
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im apvxdwin.exe
      4⤵
      PID:2716
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im webproxy.exe
      4⤵
      PID:4660
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avguard.exe
      4⤵
      PID:1432
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgnt.exe
      4⤵
      PID:1320
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im shed.exe
      4⤵
      PID:4604
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avsched32.exe
      4⤵
      PID:372
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im sccomm.exe
      4⤵
      PID:4712
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im spiderml.exe
      4⤵
      PID:4680
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im sgmain.exe
      4⤵
      Kills process with taskkill
      PID:2632
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im spywareguard.exe
      4⤵
      PID:664
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im kpf4gui.exe
      4⤵
      PID:1908
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im kpf4ss.exe
      4⤵
      PID:1668
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcdash.exe
      4⤵
      Kills process with taskkill
      PID:3712
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcdetect.exe
      4⤵
      PID:3652
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcregwiz.exe
      4⤵
      Kills process with taskkill
      PID:2592
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcinfo.exe
      4⤵
      PID:4432
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mghtml.exe
      4⤵
      PID:1768
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im oasclnt.exe
      4⤵
      PID:2200
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mpfagent.exe
      4⤵
      Kills process with taskkill
      PID:516
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mpfconsole.exe
      4⤵
      PID:4916
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mpfservice.exe
      4⤵
      PID:2156
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mpftray.exe
      4⤵
      PID:4304
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mpfwizard.exe
      4⤵
      PID:5004
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mvtx.exe
      4⤵
      PID:456
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im _avp32.exe
      4⤵
      Kills process with taskkill
      PID:4608
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im _avpcc.exe
      4⤵
      PID:4612
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im _avpm.exe
      4⤵
      PID:2164
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ackwin32.exe
      4⤵
      PID:632
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im advxdwin.exe
      4⤵
      PID:3832
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im agentsvr.exe
      4⤵
      PID:4540
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im agv.exe
      4⤵
      PID:1288
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ahnsd.exe
      4⤵
      PID:4024
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im alertsvc.exe
      4⤵
      PID:224
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im alogserv.exe
      4⤵
      PID:4996
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im amon.exe
      4⤵
      PID:4596
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im amon9x.exe
      4⤵
      PID:1240
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im amonavp32.exe
      4⤵
      PID:1168
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im anti -trojan.exe
      4⤵
      PID:4656
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im antivir.exe
      4⤵
      PID:4288
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im antivirus.exe
      4⤵
      PID:1832
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ants.exe
      4⤵
      PID:3484
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im antssircam.exe
      4⤵
      PID:2700
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im apimonitor.exe
      4⤵
      PID:4496
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im aplica32.exe
      4⤵
      PID:3084
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im apvxdwin.exe
      4⤵
      PID:1164
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im atcon.exe
      4⤵
      PID:3800
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im atguard.exe
      4⤵
      PID:1888
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ats.exe
      4⤵
      PID:2216
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im atscan.exe
      4⤵
      PID:4316
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im atupdater.exe
      4⤵
      Kills process with taskkill
      PID:1104
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im atwatch.exe
      4⤵
      PID:1296
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im autodown.exe
      4⤵
      PID:4772
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im autotrace.exe
      4⤵
      PID:3848
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im autoupdate.exe
      4⤵
      PID:4520
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avconsol.exe
      4⤵
      Kills process with taskkill
      PID:3088
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ave32.exe
      4⤵
      PID:3236
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgcc32.exe
      4⤵
      PID:1152
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgctrl.exe
      4⤵
      PID:3568
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgserv.exe
      4⤵
      PID:4676
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgserv9.exe
      4⤵
      PID:3388
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgserv9schedapp.exe
      4⤵
      PID:3632
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avgw.exe
      4⤵
      PID:2896
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avkpop.exe
      4⤵
      Kills process with taskkill
      PID:1976
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avkserv.exe
      4⤵
      PID:1840
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avkservice.exe
      4⤵
      PID:4820
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avkwcl9.exe
      4⤵
      PID:1100
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avkwctl9.exe
      4⤵
      PID:2296
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avnt.exe
      4⤵
      PID:1820
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avp.exe
      4⤵
      Kills process with taskkill
      PID:2584
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avp32.exe
      4⤵
      PID:4264
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avpcc.exe
      4⤵
      PID:3148
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im AVPCC Service.exe
      4⤵
      Kills process with taskkill
      PID:4908
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avpccavpm.exe
      4⤵
      Kills process with taskkill
      PID:2592
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avpdos32.exe
      4⤵
      PID:4432
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avpexec.exe
      4⤵
      Kills process with taskkill
      PID:1768
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avpinst.exe
      4⤵
      PID:2200
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avpm.exe
      4⤵
      PID:516
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avpmonitor.exe
      4⤵
      PID:1092
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avptc.exe
      4⤵
      PID:1440
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avptc32.exe
      4⤵
      PID:4100
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avpupd.exe
      4⤵
      PID:1140
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avpupdates.exe
      4⤵
      PID:4344
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avrescue.exe
      4⤵
      PID:3164
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avsched32.exe
      4⤵
      Kills process with taskkill
      PID:1288
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avsynmgr.exe
      4⤵
      PID:224
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avwin95.exe
      4⤵
      PID:2732
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avwinnt.exe
      4⤵
      PID:1000
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avwupd32.exe
      4⤵
      PID:1620
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avxgui.exe
      4⤵
      PID:2884
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avxinit.exe
      4⤵
      PID:2148
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avxlive.exe
      4⤵
      PID:4532
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avxmonitor9x.exe
      4⤵
      Kills process with taskkill
      PID:2268
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avxmonitornt.exe
      4⤵
      PID:3900
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avxnews.exe
      4⤵
      PID:3464
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avxquar.exe
      4⤵
      PID:908
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avxsch.exe
      4⤵
      PID:4472
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im avxw.exe
      4⤵
      Kills process with taskkill
      PID:836
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im BACKLOG.exe
      4⤵
      Kills process with taskkill
      PID:1156
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im bd_professional.exe
      4⤵
      Kills process with taskkill
      PID:3676
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im bidef.exe
      4⤵
      PID:1248
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im bidserver.exe
      4⤵
      PID:2376
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im bipcp.exe
      4⤵
      PID:2132
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im bisp.exe
      4⤵
      PID:4208
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im blackd.exe
      4⤵
      PID:2928
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im blackice.exe
      4⤵
      PID:2360
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im blackiceblackd.exe
      4⤵
      PID:4968
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im BootWarn.exe
      4⤵
      PID:4956
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im borg2.exe
      4⤵
      PID:4692
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im bs120.exe
      4⤵
      PID:3500
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im bullguard.exe
      4⤵
      PID:4752
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ccApp.exe
      4⤵
      PID:3120
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ccevtmgr.exe
      4⤵
      PID:1952
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ccIMScan.exe
      4⤵
      Kills process with taskkill
      PID:1480
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ccPwdSrc.exe
      4⤵
      PID:3292
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ccpxysvc.exe
      4⤵
      PID:1096
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ccSetMgr.exe
      4⤵
      PID:4652
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cdp.exe
      4⤵
      Kills process with taskkill
      PID:3988
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cfiadmin.exe
      4⤵
      PID:2640
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cfiaudit.exe
      4⤵
      PID:2772
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cfinet.exe
      4⤵
      PID:620
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cfinet32.exe
      4⤵
      PID:3112
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im claw95.exe
      4⤵
      PID:3180
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im claw95cf.exe
      4⤵
      PID:3360
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im clean.exe
      4⤵
      PID:4628
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cleaner.exe
      4⤵
      PID:4456
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cleaner3.exe
      4⤵
      PID:4476
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cleanpc.exe
      4⤵
      PID:2848
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cmgrdian.exe
      4⤵
      PID:516
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cmon016.exe
      4⤵
      PID:1092
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im codered.exe
      4⤵
      PID:2304
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im connectionmonitor.exe
      4⤵
      PID:2580
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im conseal.exe
      4⤵
      PID:3396
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cpd.exe
      4⤵
      PID:3516
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im cpf9x206.exe
      4⤵
      Kills process with taskkill
      PID:3752
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ctrl.exe
      4⤵
      PID:4100
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im defalert.exe
      4⤵
      PID:2260
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im defence.exe
      4⤵
      PID:2496
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im defense.exe
      4⤵
      PID:392
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im defscangui.exe
      4⤵
      PID:4540
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im defwatch.exe
      4⤵
      PID:3184
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im deputy.exe
      4⤵
      PID:4024
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im doors.exe
      4⤵
      PID:4116
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im dpf.exe
      4⤵
      PID:2732
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im drwatson.exe
      4⤵
      PID:1240
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im drweb32.exe
      4⤵
      PID:4288
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im dvp95.exe
      4⤵
      PID:3688
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im dvp95_0.exe
      4⤵
      PID:732
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ecengine.exe
      4⤵
      PID:3900
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im edisk.exe
      4⤵
      PID:4984
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im efpeadm.exe
      4⤵
      PID:3708
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im esafe.exe
      4⤵
      PID:4664
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im escanh95.exe
      4⤵
      PID:3172
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im escanhnt.exe
      4⤵
      PID:1624
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im escanv95.exe
      4⤵
      PID:1248
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im espwatch.exe
      4⤵
      PID:2376
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im etrustcipe.exe
      4⤵
      Kills process with taskkill
      PID:2132
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im evpn.exe
      4⤵
      PID:3296
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im exantivirus -cnet.exe
      4⤵
      Kills process with taskkill
      PID:1572
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fameh32.exe
      4⤵
      PID:1292
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fast.exe
      4⤵
      PID:4692
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fch32.exe
      4⤵
      PID:3452
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fih32.exe
      4⤵
      PID:1480
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im findviru.exe
      4⤵
      PID:1840
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im firewall.exe
      4⤵
      PID:1100
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fix-it.exe
      4⤵
      Kills process with taskkill
      PID:780
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im flowprotector.exe
      4⤵
      Kills process with taskkill
      PID:2772
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fnrb32.exe
      4⤵
      PID:4864
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fp -win.exe
      4⤵
      PID:4908
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fp -win_trial.exe
      4⤵
      PID:736
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fprot.exe
      4⤵
      PID:544
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im frw.exe
      4⤵
      PID:956
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fsaa.exe
      4⤵
      PID:4704
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fsav32.exe
      4⤵
      PID:2156
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fsav95.exe
      4⤵
      PID:4304
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fsave32.exe
      4⤵
      PID:2864
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fsgk32.exe
      4⤵
      PID:3460
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fsm32.exe
      4⤵
      PID:2228
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fsma32.exe
      4⤵
      PID:5068
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fsmb32.exe
      4⤵
      PID:1464
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im fwenc.exe
      4⤵
      Kills process with taskkill
      PID:3240
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im gbmenu.exe
      4⤵
      PID:2496
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im gbpoll.exe
      4⤵
      Kills process with taskkill
      PID:392
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im gedit.exe
      4⤵
      PID:4780
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im generics.exe
      4⤵
      PID:3208
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im grief3878.exe
      4⤵
      PID:3212
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im guard.exe
      4⤵
      PID:224
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im guarddog.exe
      4⤵
      PID:1176
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im HackerEliminator.exe
      4⤵
      PID:5084
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im iamapp.exe
      4⤵
      PID:2748
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im iamserv.exe
      4⤵
      Kills process with taskkill
      PID:808
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im iamstats.exe
      4⤵
      Kills process with taskkill
      PID:1612
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ibmasn.exe
      4⤵
      PID:2268
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ibmavsp.exe
      4⤵
      PID:236
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im icload95.exe
      4⤵
      PID:208
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im icloadnt.exe
      4⤵
      PID:2884
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im icmon.exe
      4⤵
      PID:4876
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im icsupp95.exe
      4⤵
      PID:908
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im icsuppnt.exe
      4⤵
      PID:3720
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im iface.exe
      4⤵
      PID:4852
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ifw2000.exe
      4⤵
      PID:1260
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im inoculateit.exe
      4⤵
      PID:4000
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im iomon98.exe
      4⤵
      PID:4956
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im iparmor.exe
      4⤵
      PID:2052
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im iris.exe
      4⤵
      PID:3120
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im isrv95.exe
      4⤵
      PID:1096
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im jammer.exe
      4⤵
      PID:2296
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im jedi.exe
      4⤵
      PID:3712
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im kavpf.exe
      4⤵
      PID:1036
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ldnetmon.exe
      4⤵
      PID:2592
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ldpromenu.exe
      4⤵
      PID:3360
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ldscan.exe
      4⤵
      PID:2152
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im localnet.exe
      4⤵
      PID:4916
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im lockdown.exe
      4⤵
      PID:3132
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im lookout.exe
      4⤵
      PID:5012
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im luall.exe
      4⤵
      PID:4596
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im lucomserver.exe
      4⤵
      PID:520
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im luspt.exe
      4⤵
      PID:4224
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcafee.exe
      4⤵
      PID:1748
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcagent.exe
      4⤵
      PID:2116
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcmnhdlr.exe
      4⤵
      PID:2208
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcshield.exe
      4⤵
      PID:1580
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcshieldvvstat.exe
      4⤵
      PID:844
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mctool.exe
      4⤵
      PID:4732
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcupdate.exe
      4⤵
      PID:2092
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcvsrte.exe
      4⤵
      PID:4020
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mcvsshld.exe
      4⤵
      PID:1660
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mgavrtcl.exe
      4⤵
      PID:764
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mgavrte.exe
      4⤵
      PID:2180
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mghtml.exe
      4⤵
      PID:3856
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mgui.exe
      4⤵
      PID:2732
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im minilog.exe
      4⤵
      Kills process with taskkill
      PID:1964
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mon.exe
      4⤵
      PID:872
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im monitor.exe
      4⤵
      PID:4288
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im monsys32.exe
      4⤵
      PID:4748
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im monsysnt.exe
      4⤵
      PID:2700
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im moolive.exe
      4⤵
      PID:984
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mpfservice.exe
      4⤵
      PID:3996
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mpftray.exe
      4⤵
      PID:3080
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mrflux.exe
      4⤵
      PID:3852
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im msinfo32.exe
      4⤵
      PID:4984
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mwatch.exe
      4⤵
      PID:2380
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im mxtask.exe
      4⤵
      PID:2724
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im n32scanw.exe
      4⤵
      PID:4708
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nav.exe
      4⤵
      PID:2284
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im NAV DefAlert.exe
      4⤵
      PID:2264
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nav32.exe
      4⤵
      PID:2292
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navalert.exe
      4⤵
      PID:4032
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navap.exe
      4⤵
      PID:504
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navapsvc.exe
      4⤵
      PID:1164
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im NAVAPW32.exe
      4⤵
      PID:2132
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navauto -protect.exe
      4⤵
      PID:3296
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navdx.exe
      4⤵
      PID:1344
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navengnavex15.exe
      4⤵
      PID:3144
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navlu32.exe
      4⤵
      PID:4320
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navnt.exe
      4⤵
      PID:3888
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navrunr.exe
      4⤵
      PID:3988
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navstub.exe
      4⤵
      PID:1488
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im navw32.exe
      4⤵
      PID:3788
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im Navwnt.exe
      4⤵
      Kills process with taskkill
      PID:4864
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nc2000.exe
      4⤵
      PID:736
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ndd32.exe
      4⤵
      PID:544
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im neomonitor.exe
      4⤵
      PID:956
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im neowatchlog.exe
      4⤵
      PID:4704
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im net2000.exe
      4⤵
      PID:4108
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im netarmor.exe
      4⤵
      PID:2648
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im netcommando.exe
      4⤵
      PID:4360
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im netinfo.exe
      4⤵
      PID:3124
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im netmon.exe
      4⤵
      Kills process with taskkill
      PID:4304
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im netpro.exe
      4⤵
      PID:2964
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im netprotect.exe
      4⤵
      PID:944
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im netscanpro.exe
      4⤵
      PID:4256
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im netspyhunter -1.2.exe
      4⤵
      PID:4672
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im netstat.exe
      4⤵
      PID:3192
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im netutils.exe
      4⤵
      PID:4608
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im netutils].exe
      4⤵
      PID:3832
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nimda.exe
      4⤵
      PID:3644
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nisserv.exe
      4⤵
      PID:3216
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nisum.exe
      4⤵
      PID:3004
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nisumnisservnisum.exe
      4⤵
      PID:4116
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nmain.exe
      4⤵
      PID:1972
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nod32.exe
      4⤵
      PID:1176
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im norman.exe
      4⤵
      PID:5084
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im norman_32.exe
      4⤵
      PID:2748
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im norman_av.exe
      4⤵
      PID:4352
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im norman32.exe
      4⤵
      PID:4212
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im normanav.exe
      4⤵
      PID:3336
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im normist.exe
      4⤵
      PID:1184
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im norton.exe
      4⤵
      PID:3168
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im Norton Auto-Protect.exe
      4⤵
      PID:220
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im norton_av.exe
      4⤵
      PID:4876
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nortonav.exe
      4⤵
      PID:908
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im notstart.exe
      4⤵
      PID:1928
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im npfmessenger.exe
      4⤵
      PID:960
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im npfw.exe
      4⤵
      PID:1300
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im npfw32.exe
      4⤵
      PID:1600
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nprotect.exe
      4⤵
      PID:1588
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im npscheck.exe
      4⤵
      PID:5096
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im npssvc.exe
      4⤵
      PID:4044
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nresq32.exe
      4⤵
      PID:4772
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nsched32.exe
      4⤵
      PID:3504
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nschednt.exe
      4⤵
      PID:4520
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nsplugin.exe
      4⤵
      PID:1428
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ntrtscan.exe
      4⤵
      PID:1292
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ntvdm.exe
      4⤵
      PID:4676
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ntxconfig.exe
      4⤵
      PID:2456
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nui.exe
      4⤵
      Kills process with taskkill
      PID:3120
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nupgrade.exe
      4⤵
      PID:1096
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nvarch16.exe
      4⤵
      Kills process with taskkill
      PID:3508
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nvc95.exe
      4⤵
      PID:3924
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nvsvc32.exe
      4⤵
      PID:4908
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nwservice.exe
      4⤵
      PID:4120
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im nwtool16.exe
      4⤵
      PID:4456
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im offguard.exe
      4⤵
      PID:1060
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im OPScan.exe
      4⤵
      PID:4752
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ostronet.exe
      4⤵
      PID:4704
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im outpost.exe
      4⤵
      PID:4108
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im padmin.exe
      4⤵
      PID:3220
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im panda.exe
      4⤵
      PID:4584
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pandaav.exe
      4⤵
      PID:1092
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im panixk.exe
      4⤵
      PID:2304
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pav.exe
      4⤵
      PID:2580
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pavcl.exe
      4⤵
      PID:3460
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pavproxy.exe
      4⤵
      PID:2228
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pavsched.exe
      4⤵
      PID:1592
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pavw.exe
      4⤵
      PID:3284
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pc -cillan.exe
      4⤵
      PID:4344
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pc -cillin.exe
      4⤵
      PID:4756
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pccclient.exe
      4⤵
      PID:1912
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pccguide.exe
      4⤵
      PID:4572
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pcciomon.exe
      4⤵
      PID:4268
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pccntmon.exe
      4⤵
      Kills process with taskkill
      PID:3920
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pccwin97.exe
      4⤵
      PID:2104
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pccwin98.exe
      4⤵
      PID:4892
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pcfwallicon.exe
      4⤵
      PID:1696
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pcscan.exe
      4⤵
      PID:3136
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im periscope.exe
      4⤵
      PID:1972
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im persfw.exe
      4⤵
      PID:1176
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pf2.exe
      4⤵
      PID:5084
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pfwadmin.exe
      4⤵
      PID:1920
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pingscan.exe
      4⤵
      PID:4748
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im platin.exe
      4⤵
      PID:2700
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pop3trap.exe
      4⤵
      PID:984
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im poproxy.exe
      4⤵
      Kills process with taskkill
      PID:2164
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im portdetective.exe
      4⤵
      PID:1824
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im portmonitor.exe
      4⤵
      PID:3964
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ppinupdt.exe
      4⤵
      PID:3836
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pptbc.exe
      4⤵
      PID:4856
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im ppvstop.exe
      4⤵
      PID:2136
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im processmonitor.exe
      4⤵
      PID:2916
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im procexplorerv10#.exe
      4⤵
      PID:2284
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im programauditor.exe
      4⤵
      Kills process with taskkill
      PID:968
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im proport.exe
      4⤵
      PID:4424
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im protectx.exe
      4⤵
      PID:2880
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pspf.exe
      4⤵
      Kills process with taskkill
      PID:8
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im purge.exe
      4⤵
      PID:3848
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pview95.exe
      4⤵
      PID:1572
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im pw32.exe
      4⤵
      PID:5032
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im qconsole.exe
      4⤵
      PID:1656
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im rav.exe
      4⤵
      PID:2052
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im rav7.exe
      4⤵
      PID:2636
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im rav7win.exe
      4⤵
      PID:2536
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im realmon.exe
      4⤵
      PID:1848
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im regrun2.exe
      4⤵
      PID:2772
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im rescue.exe
      4⤵
      PID:936
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im rrguard.exe
      4⤵
      PID:4172
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im rshell.exe
      4⤵
      Kills process with taskkill
      PID:3440
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im rtvscn95.exe
      4⤵
      PID:4348
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im rulaunch.exe
      4⤵
      PID:3648
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im safeweb.exe
      4⤵
      PID:1232
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im SAVscan.exe
      4⤵
      PID:436
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im sbserv.exe
      4⤵
      PID:3488
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im SBservice.exe
      4⤵
      PID:516
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im scan.exe
      4⤵
      PID:1940
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im scan32.exe
      4⤵
      PID:4372
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im scan95.exe
      4⤵
      PID:4224
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im scanpm.exe
      4⤵
      PID:1748
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im scrscan.exe
      4⤵
      PID:4256
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im sd.exe
      4⤵
      Kills process with taskkill
      PID:3176
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im SENS.exe
      4⤵
      PID:5024
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im serv95.exe
      4⤵
      PID:4344
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im sfc.exe
      4⤵
      PID:392
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im sh.exe
      4⤵
      PID:4780

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\C92C.tmp\b2e.exe

Filesize
62KB

MD5
1f4e38dfb8a47410353a22260c63870c

SHA1
26c4098ccae89670171c80d6d5c530ff368462a9

SHA256
8d01f2e9789ead191a05f0dd25a5db6c5e8e397701ec080bdb0fdab86a732095

SHA512
b4f2b734839835e42a1ea9fd59e018b8380ab65725e34a70706730235a48ac7856ea7c7ed1034d7d28430a5bd8e4c487c5d93918790f24b2efd8cf6343b579dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\C92C.tmp\b2e.exe

Filesize
62KB

MD5
1f4e38dfb8a47410353a22260c63870c

SHA1
26c4098ccae89670171c80d6d5c530ff368462a9

SHA256
8d01f2e9789ead191a05f0dd25a5db6c5e8e397701ec080bdb0fdab86a732095

SHA512
b4f2b734839835e42a1ea9fd59e018b8380ab65725e34a70706730235a48ac7856ea7c7ed1034d7d28430a5bd8e4c487c5d93918790f24b2efd8cf6343b579dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\D1F6.tmp\batfile.bat

Filesize
54KB

MD5
3e0b3c608056055e4332e59f31e626bc

SHA1
38c47ebba8da1403f52ff8b0dd299cf3ff41e32d

SHA256
c84eb811d92d2ff6e7064c847b73ee4688fe561951531e8559da91b330ae0ece

SHA512
b7795e514491675d4fc9dc88e80cd613694d76055f35c5160b4f53f08920f4df6fc14f14ac2f95d86cae323e80893662efcc7db3b5e407cf159beb86c561fd35

Download Submit
memory/216-136-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/216-132-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4040-137-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download